Solved

What did I do wrong with this upload script?

Posted on 2001-06-26
9
193 Views
Last Modified: 2006-11-17
I got a sample script off of a website, and changed the directory name to the desired upload directory name as instructed in the example.  I changed it, and it didn't work!  I see PHP upload forms all over the place and want to be able to use one myself.

Here is the script for "sender.php"

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<FORM ENCTYPE="multipart/form-data" ACTION="send.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

and here is the "send.php" script

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
<?php
if (is_uploaded_file($userfile)) {
    copy($userfile, "d:\webspace\theheadgamester\gamesteronline.com\www\uploads\");
} else {
    echo "Possible file upload attack: filename '$userfile'.";
}
/* ...or... */
move_uploaded_file($userfile, "d:\webspace\theheadgamester\gamesteronline.com\www\uploads\");
?>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
0
Comment
Question by:theheadgamester
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 1

Expert Comment

by:katyan
ID: 6230120
what's the error message u got. have u checked for write permission in the directory.
0
 
LVL 14

Expert Comment

by:DragonSlayer
ID: 6230122
Hi, I don't use PHP in Windows, but I suppose you need to ensure that the backslashes in your directories are escaped?

i.e., change "D:\webspace\theheadgamester\gamesteronline.com\www\uploads" to "D:\\webspace\\theheadgamester\\gamesteronline.com\\www\\uploads"

Never have that problem in Linux... we use '/' instead of '\'


:)
0
 
LVL 1

Expert Comment

by:anupkarade
ID: 6230188
Hi ..
Actually you PHP code runs on the server
no doubts about it but the path given
for the file to be uploaded should
be relative not absolute as in you case

instead of
D:\webspace\theheadgamester\gamesteronline.com\www\uploads
try this..

copy("$userfile","./Destination_Directory/$userfile_name")

the ./Destination_Directory --> folder to which the file is to be uploaded ..it should be inside your virtual directory( i.e where your pages are)

the ./ or ../ depends upon where the folder is
./ if the folder is inside the folder where you page id
../ if it is outside the folder where your page is

                 Anup
0
 

Author Comment

by:theheadgamester
ID: 6230206
Could you re-write the script for me?  I know almost no PHP but learn from mistakes and examples.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:theheadgamester
ID: 6230280
I have an updated script that was sent to me, and it looks like it sends the file, but when I go to my uploads directory, it isn't there...

This is the script in full


<HTML><BODY>
<?php
if ($userfile) {
move_uploaded_file($userfile, "d:\\webspace\\theheadgamester\\gamesteronline.com\\www\\uploads\\$userfile_name");
?>
<p>Thank you for uploading your file :).
<p>Go back to Gamester Online.
<?php
} else {
?>
<FORM ENCTYPE="multipart/form-data" ACTION="fileupload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="10000000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
<?php
}
?>
</BODY></HTML>
0
 
LVL 1

Expert Comment

by:katyan
ID: 6230329
the script u posted above is working. i've modified the path and i'm getting it. why don't u check the script to 1st upload in a tem directory, say d:\\tmp\\$userfile_name

i don't think there is any problem with the code.

<HTML><BODY>
<?php
if ($userfile) {
move_uploaded_file($userfile, "c:\\user\\katy\\$userfile_name");
?>
<p>Thank you for uploading your file :).
<p>Go back to Gamester Online.
<?php
} else {
?>
<FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD=POST>
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="10000000">
Send this file: <INPUT NAME="userfile" TYPE="file">
<INPUT TYPE="submit" VALUE="Send File">
</FORM>
<?php
}
?>
</BODY></HTML>
0
 
LVL 8

Expert Comment

by:us111
ID: 6230352
be careful in your first form, you have
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="1000">
it means that you will able to send a file of 1Ko max so...
0
 
LVL 1

Accepted Solution

by:
anupkarade earned 75 total points
ID: 6231028
Here is the sample scripts for you
I am using it in one of my project it works smooth

Just Copy paste this code make the relevant changes as instructed in the commented portion and you have

the answer here


<--! The First Page where the image is browsed for uploading--->

<HTML>
<HEAD>
<TITLE>Upload example</TITLE>
</HEAD>
<BODY>

<FORM METHOD="post" ACTION="resultUpload.php" ENCTYPE="multipart/form-data">

<p><strong>File</strong><br>
<INPUT TYPE="file" NAME="img1" SIZE="30"></p>

<P><INPUT TYPE="submit" NAME="submit" VALUE="Send"></p>

</FORM>

</BODY>
</HTML>




/*resultupload.php*/
<? php

$ImgArr=array("image/pjpeg","image/gif","image/png");
$i=0;

if ($img1_name!="") {

  if($img1_size > 2000000) {
      echo "File size is bigger than 20kb!";
            exit;
    }

    while($i<3){
/* Change the relative path where you want to load images but the folder should be within the virtual

folder and put ./Yourfolder if it is in the same direcory where your page is currently located or ../yourfolder

if it is outside the folder   */
     if($ImgArr[$i]==$img1_type){
        copy("$img1","./Images/$img1_name")
      or die("No copy!");
      echo "File name : $img1_name <BR>";
      echo "File size :$img1_size <br>";
      echo "File Type :$img1_type <br>";
      exit;

     }

     $i++;
    }

  echo "Not A Image file!!!";
}

else
{

 die("No input file!");

}

?>



                      Anup
0
 

Author Comment

by:theheadgamester
ID: 6232396
Well anupkrade, I will use your form, and will let everyone here know how stupid I feel now...my host just sent me an ASP form that works super great.  http://www.gamesteronline.com/upload.asp
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

These days socially coordinated efforts have turned into a critical requirement for enterprises.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now