Solved

upload file

Posted on 2002-06-03
11
587 Views
Last Modified: 2008-03-06
hi, im new in php.
i'm working on this script to upload a file. im using Apache server.

here's the codes:

upload.html
...
<body>
<form enctype="multipart/form-data" action="do_upload.php" method="post">
<input type="hidden" name="max_file_size" value="1000">
Image file (1 MB max):<input name="userfile" type="file"><br>
<input type="submit" value="Upload">
</form>
</body>

do_upload.php
(the register_globals in the php.ini is turned on)

<?php

if (is_uploaded_file($userfile)) {
    copy($userfile, "/var/www/html/photolib");
} else {
    echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

When it is run, i get -
Warning: Unable to create '/var/www/html/photolib/': Is a directory in /var/www/html/photolib/do_upload.php on line 4

i also don't see the file being uploaded. what else do i need to add or re-configure?

thanks a lot.
0
Comment
Question by:pepperoni
  • 6
  • 4
11 Comments
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053207
looks like you should have ...

   copy($userfile, "/var/www/html/photolib/$userfile");

0
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053216
correction ...

  copy($userfile, "/var/www/html/photolib/" . basename($userfile));
0
 
LVL 5

Accepted Solution

by:
Hamlet081299 earned 75 total points
ID: 7053227
You should realise that this code does still leave a copy of the uploaded file in the temp directory, and I'm not sure that's really what you are after?  It also will give the file some awful name like "phpA12.tmp", which is not much use if it's a jpeg or similar!!!

What you should probably be doing is moving the temporary file that has been loaded, and saving it with the original name.

This is much better...
    move_uploaded_file($userfile, "/var/www/html/photolib/$userfile_name");


H.
0
 
LVL 5

Expert Comment

by:Hamlet081299
ID: 7053233
Other notes...

You may also want to respond differently if a file by that name exists already.

From php help "Chapter 5. Handling file uploads"...

When register_globals is turned on in php.ini the available variables are as follows. Note that the following variable names assume the use of the file upload name 'userfile', as used in the example script above:

* $userfile - The temporary filename in which the uploaded file was stored on the server machine.

* $userfile_name - The original name or path of the file on the sender's system.

* $userfile_size - The size of the uploaded file in bytes.

* $userfile_type - The mime type of the file if the browser provided this information. An example would be "image/gif".
0
 

Author Comment

by:pepperoni
ID: 7053280
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:pepperoni
ID: 7053281
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053282
hamlet, thanks.

i tried it but i got a problems with the permission..

the exact error:

Warning: Unable to create '/var/www/html/photolib/a.gif': Permission denied in /var/www/html/photolib/do_upload.php on line 7

Warning: Unable to move '/tmp/phpPeAz96' to '/var/www/html/photolib/a.gif' in /var/www/html/photolib/do_upload.php on line 7
0
 

Author Comment

by:pepperoni
ID: 7053285
sorry, i didn't mean to post the reply thrice.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 7053295
Do it like,

<?php

if (is_uploaded_file($userfile))
{
   $new_filename =$HTTP_POST_FILES['userfile']['name']
   move_uploaded_file($userfile, "/var/www/html/photolib/$new_filename");
} else {
   echo "Possible file upload attack. Filename: " . $userfile_name;
}

?>

Make sure /var/www/html/photolib directory is writable by webserver.

JD
0
 

Author Comment

by:pepperoni
ID: 7053365
Thanks. its working. i changed some folder permissions.
0
 

Author Comment

by:pepperoni
ID: 7053366
Thanks. its working. i changed some folder permissions.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
PHP Variable into a number 3 34
Mail Not Sent 6 42
creating 2 user ID's 5 26
Generating a set of random unique numbers 6 19
Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
This article discusses how to create an extensible mechanism for linked drop downs.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now