PHP creating folder help

[thenewprogrammer]

Trying to have folder create based on username. So if the username Frank uploads something i want his file to be uploaded to folder uploads/frank/(his file here). But im not good with php and screwing up. I have the upload code already and had it working on uploading to certain folder but cant get it to create its own folder if it doesnt exist yet.

Code:

<?php
$uploaddir = './uploads/'; 
$file = $uploaddir . basename($_FILES['uploadfile']['name']); 
$size=$_FILES['uploadfile']['size'];
if($size>500*1024)
{
 echo "error file size > 500 MB";
 unlink($_FILES['uploadfile']['tmp_name']);
 exit;
}
move_uploaded_file($_FILES["file"]["tmp_name"],
      "'.$_GET['username'].'/private/"  . str_replace (" ", "",$_FILES["file"]["name"] . $file));
?>

if you need to look at other code to just ask. Just trying to get it to create folder based on their username in directory "uploads/"their username"/theirfile. Upload there but if folder doesnt exist create it on their first upload. So if anyone could help plz do.

[descalzo]

1. Double check $_GET['username'] to make sure you are not hacked.

PHP Code:


if(    isset(  $_GET['username'] ) &&   
            strlen( trim(  $_GET['username']  )  ) > 0   ){
    $user = trim(  $_GET['username'] ) ;
} else {
   ## handle blank username
}


if( ! ctype_alnum ( $user  ) ){
  ## do something if $user is not alphanumeric
} 


2. Create dir if does not exist

PHP Code:


$the_path = '/home/cpanelusername/some/more/path/' ;

$user_dir = $the_path . $user . '/private' ;

if( ! is_dir ( $user_dir  )  ){
   # try to make the directory
   if( ! mkdir(   $user_dir ,  0755 ) ){  
       ### handle fact that directory not made...
   }

} 


[cerbere]

Isn't

Code:

if($size>500*1024)
  { ... }

a mistake ? You're rejecting files larger than 500 kb, not 500 Mb...