Solved

File Upload

Posted on 2003-11-19
10
2,024 Views
Last Modified: 2008-03-17
I have writin a basic php script to upload files onto my web server but I am getting this error:

Warning: SAFE MODE Restriction in effect. The script whose uid is 519 is not allowed to access /var/www owned by uid 0 in /home/virtual/site8/fst/var/www/html/Admins/Admins/upload.php on line 14
Error: could not make directory.

Here is my code:

<?
session_start();

if (!session_is_registered("SESSION"))
{
      header("Location: http://www.mywebsite.com/Admins/index.php");
}
    $dirname = "files";
    define(PATH, "/var/www/");
    $filename = $myfile_name;
    if ($filename != "")
    {
        if (!$dir = @opendir(PATH.$dirname))
        mkdir(PATH.$dirname, 0700) or die("<b>Error:</b> could not make directory.");
        copy($myfile, PATH.$dirname."/".$filename) or die("<b>Error:</b> could not copy file.");
        unlink($myfile) or die("<b>Error:</b> could not delete uploaded file.");
        echo "Upload sucessful.";
    }
    else
    {
        echo "You must select a file to upload.";
    }
?>
<title>MyWebSite Administration</title>
<div align="center"><B><font size="+5">MyWebSite File Upload</font></B>
</div>
<form action="upload.php" enctype="multipart/form-data" method="POST">
  <div align="center">    <br />
    <table width="335" border="1">
      <tr>
        <td width="97">File Directory:</td>
        <td width="222"><input name="myfile" type="file" id="myfile"></td>
      </tr>
      <tr>
        <td colspan="2"><div align="center">
            <input type="submit" name="submit2" value="Submit">
        </div></td>
      </tr>
    </table>
    <input type="hidden" name="submit" value="Submit">
  </div>
</form>
<p align="center"><a href="http://www.mywebsite.com/Admins/Admins/main.php">Return to Admin Menu</a> | <a href="http://www.mywebsite.com/Admins/main.php">Return to Main Menu</a> </p>

There some more things I need added to the script.
1) Choose the directory to upload the file, but has the default path of http://www.mywebsite.com/files/
2) Have the php script print out all the files in that directory and have the option to delete and rename
3) When a file has sucessfuly uploaded, "Upload Complete" prints out under my title in red font.

I'm happy to give an A grade to anyone who can help me with my code.

Cheers

-OBCT
0
Comment
Question by:OBCT
10 Comments
 
LVL 1

Expert Comment

by:outerJoin
Comment Utility
Greetings, OBCT!

This is most likely a Unix file permissions problem.

In order to help with your question, I will need a little more information:

What do the directory permissions look like at "/var/www/"?  Also, what username does your instance of PHP run under?

===

By the way, may I make a recommendation?  Unless you are running on an intranet behind a firewall and never allowing access to your site from the outside, it is not very secure to provide access starting at /var/www/.  It is better to start in an isolated "safe room" subdirectory that has rwx permissions for the PHP system.  This saferoom subdirectory should be located at least 1 level down from /var/www/; or even better yet, in a separate directory tree.

You may also wish to reject filenames containing slashes or ".." or other unsafe constructs.

===

Looking forward to being able to help,
   -- outerJoin
0
 
LVL 9

Author Comment

by:OBCT
Comment Utility
I think I typed in the wrong directory. The one I wanted to use was /var/www/html/files/.
I have givin total permissions to that directoy, but I can throw on a .htaccess file to protect it (if this upload script lets me)
This upload.php file is secured by session variables, and only administrators can access it.

Cheers

-OBCT
0
 

Expert Comment

by:maninder123
Comment Utility
This is happening because of open_basedir restriction in safe mode.
If you can change its value through ini_set method. then give it a value of the directory where you want to upload the file.
If you are not able to change ini variables because of safe mode restrictions you can try to change them in .htaccess file.
0
 
LVL 9

Author Comment

by:OBCT
Comment Utility
I have no idea how to change the file, I know very little about servers.
If you can post how I can fix the problem that would be great.

Cheers

-OBCT
0
 
LVL 1

Expert Comment

by:show_source
Comment Utility
Is /var/www/html/files/ the root af your site?
Anyway, I will sugest you take a look at http://dk.php.net/manual/en/features.file-upload.php
The way you are handling an upload is'nt so good.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 9

Author Comment

by:OBCT
Comment Utility
I'm having no luck what so ever. Every tutorial I try and every souce code I use, ends up giving me an error.
Am I aloud to ask for a example code?
Or is there anything else I should try?

Cheers

-OBCT
0
 
LVL 1

Accepted Solution

by:
show_source earned 500 total points
Comment Utility
Shure you can ask for code! :O)

Try this first:
Be sure that $dist is the correct path to upload dir. Is it a dir outside "webscope", you will need to write the full path, e.x. /home/virtual/site8/fst/var/www/files/
And be sure there's write access to upload dor.

<?php
session_start();

if(isset($_FILES["singlefile"])) {

$dist = $_SERVER["DOCUMENT_ROOT"] ."/files/";

      if(is_uploaded_file($_FILES["singlefile"]["tmp_name"])) {

            if(move_uploaded_file($_FILES["singlefile"]["tmp_name"], $dist . $_FILES["singlefile"]["name"])) {
      $_SESSION["message"] = "File has been uploaded with succes!";
            }else{
      $_SESSION["message"] = "Sorry, unable to upload file!";
            }
      }

header("Location:". $_SERVER["PHP_SELF"] ."");
exit();

}
?>
<html><head></head>
<body>
<center>
<form enctype="multipart/form-data" action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
<table><tr>

      <td>Choose a file:<br>
<input name="singlefile" type="file" size="23"> <input type="submit" value="Upload"></td>

</tr></table></form>

<?php
      if(isset($_SESSION["message"])) {
      echo $_SESSION["message"];
      unset($_SESSION["message"]);
      }
?>
</center>

</body></html>
0
 
LVL 9

Author Comment

by:OBCT
Comment Utility
Thank you show_source, YOU ARE A GENIUS! Or maybe I'm just newbie ;)
I really appriciate all your help and the fact you didn't give up on me. Hehe
You deserve everyone one of these points!

Cheers!

-OBCT
0
 
LVL 1

Expert Comment

by:show_source
Comment Utility
Ok, thanks!
For some more upload, (comments is in danish, but $dist is the same, and you should could figure out what other vars means) try this:

http://www.showsource.dk/php/download.php?id=1064975823

0
 
LVL 1

Expert Comment

by:imstaff
Comment Utility
i'm getting error when i try to upload a file when i'm logged in (session started), the file isn't send to the server!
when i'm logged off (session off) the file seems to be sent!
but i need to stay logged to see if the user is able to upload or not!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now