PHP CURL File Upload (A Simple Example)

Welcome to a quick tutorial on how to upload a file with PHP CURL. Need to do a server-to-server file transfer with PHP? Yes, it is definitely possible.

That covers the basics, but let us walk through a simple example in this guide – Read on!

 

 

TABLE OF CONTENTS

 

 

EXAMPLE CODE DOWNLOAD

Source code on GitHub Gist

Just click on “download zip” or do a git clone. I have released it under the MIT license, so feel free to build on top of it or use it in your own project.

 

SORRY FOR THE ADS...

But someone has to pay the bills, and sponsors are paying for it. I insist on not turning Code Boxx into a "paid scripts" business, and I don't "block people with Adblock". Every little bit of support helps.

Buy Me A Coffee Code Boxx eBooks

 

 

 

SERVER A) FILE UPLOAD WITH CURL

<?php
// SERVER A - UPLOAD FILE VIA CURL POST
// (A) SETTINGS
$url = "http://localhost/2-receive.php"; // where to upload file to
$file = __DIR__ . DIRECTORY_SEPARATOR . "README.txt"; // file to upload
$upname = "uploaded.txt"; // file name to be uploaded as

// (B) NEW CURL FILE
$cf = new CURLFile($file, mime_content_type($file), $upname);

// (C) CURL INIT
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, [
  "upload" => $cf, // attach file upload
  "KEY" => "VALUE" // optional - append more post data
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

// (D) CURL RUN
// (D1) GO!
$result = curl_exec($ch);

// (D2) CURL ERROR
if (curl_errno($ch)) {
  echo "CURL ERROR - " . curl_error($ch);
}

// (D3) CURL OK - DO YOUR "POST UPLOAD" HERE
else {
  // $info = curl_getinfo($ch);
  // print_r($info);
  echo $result;
}

// (D4) DONE
curl_close($ch);

This is pretty much a fancy version of the snippet in the introduction.

1. First, we start by defining some settings. Where to upload the file, which file to upload, and what file name to upload as.
2. Create a new CURL file object.
3. Initiate the CURL request, and attach the CURL file object.
4. Run the CURL file upload, and deal with the “upload ok/failed”.

 

 

SERVER B) HANDLE THE FILE UPLOAD

<?php
// SERVER B - RECEIVE FILE UPLOAD
echo "SERVER B FILE UPLOAD - ";
echo move_uploaded_file($_FILES["upload"]["tmp_name"], $_FILES["upload"]["name"])
? "OK" : "ERROR" ;

Yep, if you need to deal with the upload on the other server – Just deal with it as a “normal file upload”.

 

 

EXTRA) UPLOAD SECURITY

Take note that 2-server.php is open to the public, anyone can upload anything. There are many ways to restrict the upload, I am just going to list a few possibilities:

• Just keep both 1-upload.php and 2-receive.php within a local intranet.
• Protect 2-receive.php with basic HTTP AUTH. Yes, CURL can include HTTP authorization headers – Too long to explain, do research on your own.
• If “Server A” has a fixed IP address, do an IP check on “Server B” – if ($_SERVER["REMOTE_ADDR"]=="ALLOWED ADDRESS") { PROCEED UPLOAD }
• If both servers have access to a shared database:
  • Server A creates an upload token in the database that is valid for 5~10 minutes.
  • Server A uploads the file along with the token.
  • Server B validates the token against the database before allowing the upload.
  • In short – A simple CSRF protection token.

 

 

LINKS & REFERENCES

• CURL FILE – PHP
• MIME Content-Type – PHP
• CURL – PHP
• CSRF Token In PHP – Code Boxx
• Restrict Upload File Size – Code Boxx
• Restrict Upload File Type – Code Boxx