Solved

PHP upload script won't upload. Problem with IIS config?

Posted on 2004-03-25
12
577 Views
Last Modified: 2007-12-19
I have a script for uploading picture files to a MySQL table, running on an IIS 6.0 with support for PHP.
I think there is no problem with the script. The query performs the insert,
but the fields that will contain the picture file blob data, file size and type don't
contain anything coz $_FILES array simply doesn't contain the data.

In fact, after turning on error_reporting, it warns at the line $_FILES['emppic']...
that emppic is an unrecognized index. I double checked the form tags, the file input type
is named emppic, no typo errors. the needed enctype="multipart/form-data" is also there.

I checked php.ini, file_uploads is turned on. the upload directory points to a location
that IIS could write to (for testing, I pointed it to the location where the session files
are save, coz I'm sure IIS could write to that directory, my sessions work). upload size is set to 2M.

I've run out of ideas. I'm quite inclined that this is an IIS config problem. Maybe it blocks posting or
uploading of files. Or maybe there is a DLL that I need to enable or install first (I read an article
that requires a DLL to be configured with IIS or ASP pages). Any solutions?





0
Comment
Question by:rqs
  • 5
  • 5
12 Comments
 
LVL 2

Author Comment

by:rqs
Comment Utility
No response yet =(

If I do an echo $emppic, the browser displays the path to the file on
the local machine of the user who wishes to make the upload...
so the form data received by the server is not entirely empty, but terribly incomplete
0
 
LVL 2

Author Comment

by:rqs
Comment Utility
I read somewhere that the variable $emppic should rather contain the
file name and fullpath to where IIS saved the uploaded file... but here I am
getting the full path name on the machine of the user uploading the file
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
hello, follows part of an an old script that has the advantage to display (in an ugly manner) the infos on the file transfer. you'll find the way to use the file afterwards.

-----------
//switch($operation):
//       case"ajouter"://ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-ajouter-
          if($exe_file == ""){echo"pas de fichier spécifié => ajout impossible";break;}
          foreach ($_FILES['exe_file'] as $var => $val)$$var=$val;//print_r($_FILES);
          echo "<table cellpadding=0><tr><td rowspan=4>données de reception</td><TD width=25 rowspan=4>
                <td><b>nom : </b><td>".$_FILES['exe_file']['name']."<tr><td><b>type :</b><td>$type<tr>
                <td><b>taille :</b><td>$size octets";
          if($exe_ajout>100)$type="gifpng"; else $type="images";
              if($size>$MAXUPL[$type]){echo"<br>la taille maximale autorisée sur ce site est ".$MAXUPL['images'];$err=1;}
          echo"<tr><td><b>statut :</b><td colspan=2>";
          switch($error):
              case"0":echo"telechargement réalisé avec succès</table>";break;
              case"1":echo"fichier trop volumineux pour être uploadé sur ce serveur !<br>
                    taille du fichier : $size</table>";$err=1;break;
              case"2":echo"la taille maximale des fichiers pouvant être envoyés à votre
                    navigateur n'est pas suffisante pour uploader ce fichier";break;
              case"3":echo"le fichier n'a été que partiellement transféré
                    <a href=\"#\" onClick =\"document.choix.submit();\">réessayer</a><tr><td></table>";$err=1;break;
              case"4":echo"pas de fichier correspondant au chemin spécifié</table>";$err=1;break;
              default:echo"aucune erreur n'a été retournée mais le fichier n'a pu être transféré
                    <a href=\"#\" onClick =\"document.choix.submit();\">réessayer</a><tr><td></table>";$err=1;break;
          endswitch;
          if($err){echo"<font color=red>echec lors du transfert de fichier !!!</font>";break;}

-------------------------

to use the result :

$HTTP_POST_FILES['myfile']['tmp_name'] -- Contains the full path and filename of the uploaded file as stored on the server.

$HTTP_POST_FILES['myfile']['name'] -- Contains the full path and filename of the uploaded file as stored on the client.

$HTTP_POST_FILES['myfile']['size'] -- Contains the size of the file in bytes

$HTTP_POST_FILES['myfile']['type'] -- Contains the MIME type information associated with the file (if any)

myfile is the name of the input in the form not the filename

the 5th variable is $error (see my old and ugly code for a way to use it)

more information on http://www.zend.com/zend/spotlight/uploading.php
or anyother online php manual : nexen, phpnukes, .... dozens available

let me suggest you to read that page in it's full extent before you try or post anything more, and in such cases you try &alt? printr($FILES);?> just in case in the first place.
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
case"0":echo"upload OK</table>";break;
              case"1":echo"file too big<br>
                    file size : $size</table>";$err=1;break;
              case"2":echo"navigator upload limit exceeded or protocol error";break;
              case"3":echo"the file has only been partly transferred <a href=\"#\" onClick =\"document.choix.submit();\">try again</a><tr><td></table>";$err=1;break;
              case"4":echo"file not found => check local client path</table>";$err=1;break;
              default:echo"unknown error"; break;

... just the english version of the sole usefull part of the previous script.
0
 
LVL 2

Author Comment

by:rqs
Comment Utility
I'm more convinced it's not with the scripts that I am having problems with but with IIS 6.0
configuration and/or PHP configuration.
Whether I use any of these variations on coding:
    $_FILES['emppic']['tmp_name'], etc.
    $HTTP_POST_FILES['emppic']['tmp_name'], etc.
    $emppic_name, $emppic_type,  etc...
no reference to where the uploaded file was temporarily saved could be fetched. echoing the variables simply yields an empty string. If I check the upload directory I specified in php.ini, no new files are saved or uploaded at all.
That's why I guess the $_FILES or $HTTP_POST_FILES don't contain any data. HTTP POST file uploading
somehow doesn't succeed.

I followed the config instructions for enabling file uploading in PHP ini (3 variables have to be set, one of which is
file_uploads = On) With IIS 6.0 , I made sure the upload directory is writable by IIS. After all that, file uploading still doesn't work. =(

0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
quote from myself
-- myfile is the name of the input in the form not the filename --
did u really check this out ?

unless this is enough to make it work, can't u send over <? print_r($_FILES);?>

if you have a browser problem, you should stiil get the $_FILE[inputname][error]

as far as i know, (but there certainly is more to that) the way to prevent uploading in iexplore is either turn the maxsizeupload to a ridiculously low value or use a plugin wich usually will give an error message. (in the browser)

you might also get a firewall issue but then, there again should be an error variable set.

if $_FILE is really empty, send over the adress of you site and i'll try with my iexplore6 which i know will let me upload files allright.
0
 
LVL 2

Author Comment

by:rqs
Comment Utility
Here's my HTML:
<form enctype=\"multipart/form-data\" action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">
<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"1000000\" >
<input type=\"file\" name=\"employeepic\" size=\"40\">
<input type=\"submit\" name=\"Submit\" value=\"Submit\">                                            
</form>

And here the snippet where I try to print debug info:
echo "Remote File name: a) $employeepic b) {$_FILES['employeepic']['name']} c) {$HTTP_POST_FILES['employeepic']['name']}<br>";
echo "Server File name: a) $employeepic_tmp_name b) {$_FILES['employeepic']['tmp_name']} c) {$HTTP_POST_FILES['employeepic']['tmp_name']}<br>";
echo "Errors: {$_FILE['employeepic']['error']}";
echo "FILES superglobal: ";
print_r($_FILES);

This is the html output:
Remote File name: a) C:\\Documents and Settings\\All Users\\Documents\\My Pictures\\Sample Pictures\\winter.jpg b) c)
Server File name: a) b) c)
Errors: exasperated: Array ( )

Only $employeepic contains data. I'm rereading the site you gave me, just in case I did miss something.
Am trying it now on two setups: a PHPDEV (APACHE) on a WinXP desktop and my IIS6.0 win2k3 server.
So far, I'm encountering the same results.

Here's the fragment of the PHP.ini's, which the manuals I read say are the only setting I had to reconfig
;***********************
;Machine running APACHE. PHPDEV here is installed as a service and logs on as my
;machine account with write permissions to the c:\windows\temp folder
;*********************
; Whether to allow HTTP file uploads.
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
upload_tmp_dir = C:\windows\temp
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M


;***********************
;Machine running IIS6.0. I'm sure IIS6.0 has write permissions to the c:\inetpub\temp folder
;because my session files can get saved here, otherwise, PHP sessions wouldn't work
;*********************
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
upload_tmp_dir = C:\Inetpub\temp
; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

My machines are behind a firewall and only accessible within our LAN.

Regarding my browser, I can upload attachment files to yahoo mail.
So I guess it's not setup to prevent file uploads, right?
0
 
LVL 26

Accepted Solution

by:
skullnobrains earned 300 total points
Comment Utility
well u probably will like to know that your exact code works on my cpu and that both $_FILES and $_HTTP_POST_FILES will give the proper result.
assuming that you did not put the downloads result in a function and you know about the 'register globals' directive, that prooves your code to be correct.
seems to be server issue
------------------------------------------------------------------
MORE INFORMATION
Using the WebPost APIs
One method for uploading files is by using the WebPost APIs, with either the HTTP POST method or the ActiveX upload control. The WebPost APIs are fully documented and explained in Internet Client SDK.

The drawback is that both of these methods require that the server have a special component that handles posted data and saves it in a file on the server's file system. The exceptions are WebPost and ActiveX control uploading when using an FTP posting provider. However, this requires installing and configuring an FTP server in addition to the WWW server.

The Microsoft Posting Acceptor shipped with Windows NT 4.0 Option Pack (NTOP) provides the back-end functionality for file uploads via the methods described above. Please see the NTOP documentation and Microsoft Posting Acceptor release notes (also shipped with NTOP) for information on how to configure and use Posting Acceptor and File upload control.

EXTRACTED FROM http://support.microsoft.com/default.aspx?scid=kb;EN;184352

this applies to iis4. the lookup query was 'http file transfer', choose your version (6 was not stated so it must be stated under another name...) of iis and try it just in case
it gives the names of the necessary libraries...

----------------------------------------------------------------------------------------------------------

there might also be an issue through 'url security rules' but i don't believe in that.
if so : http://msdn.microsoft.com/library/default.asp?url=/workshop/security/szone/overview/overview.asp#SecurityZones

----------------------------------------------------------------------------------------------------------

for client-side issues, you may need to view this.
wont solve your problem but should help you to find a workaround if you are stuck.
http://www.faqs.org/rfcs/rfc1867.html

----------------------------------------------------------------------------------------------------------

well sorry i can't help you more but i don't know much about configuring iis.
by the way, the best workaround is probably just don't use iis.

all the guys i know of who used iis either swiched to something else (apache, ezserver...) or just had to  for professionnal or financial reasons (though iis is VERY expensive, compared to performance ; lets forget about security...) and they keep shouting once in a while because something that just simply SHOULD work does not.

well u'll need guts and courage to work this over so cheers and sorry again i can't help you more.

ps : greedily looking forwards to the next steps in finding the solution... or the solution itself.

pps : don't anybody around use iis and manages to transfer files ? how are your configuration files, did you walk on this issue ? is it one of those silly 'limited' undocumented versions microsoft likes so much ?
0
 
LVL 26

Expert Comment

by:skullnobrains
Comment Utility
thanks both.

this question would definitely have closed better on an answer.
if you are still around rqs, it would be great to let us know what the problem was.
0
 
LVL 2

Author Comment

by:rqs
Comment Utility
As for the problem, I wasn't  able to fix it now but just
guessed, based also on links you've given and others that I came across with,  that
it's really a problem between PHP and IIS 6.
Momentarily, I proceeded with other parts of my project.
But I'm also guessing, hoping maybe if I upgraded my php binaries, the problem
would go away. Will try that the soonest possible and I'll probably post the results here.

Thanks
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

If like me you are one who spends a lot of time working and scripting with cmd.exe, sometimes it is handy to be able to quickly view a calendar for a given month and year. This script will quickly do just that!  Save the code posted below to a .bat …
Boost your ability to deliver ambitious and competitive web apps by choosing the right JavaScript framework to best suit your project’s needs.
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to dynamically set the form action using jQuery.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now