Solved

UPLOAD SCRIPT (MKDIR)

Posted on 2004-08-16
6
510 Views
Last Modified: 2013-12-12
I have a script that i'm writing for an image upload website that will host images and give the user back a URL where they can be linked to at. The URL will be the Image ID in the Database. Here is my script:

<?php      
                  require("db_fns.php");
                  // 1. Get largest ID from DB.

                  db_connect();
                  $sql      =      "SELECT * FROM FILE_UPLOADS ORDER BY ID DESC LIMIT 1";
                  $result      =      mysql_query($sql);
                  $DirNum =      mysql_fetch_assoc($result);                  

                  // 2. Increment the ID returned by 1 and save into variable $DirID.
                  $CurrentID = $DirNum['ID'];
                  $DirID      =      $CurrentID + 1;
                  
                  // 3. On the file share, MkDir with the name contained in $DirID.
                  
                  $oldmask = umask(0);
                  mkdir ("/" . $DirID);
                  umask ($oldmask);
                  
                  // 4. Upload the file to the new $DirID directory.
                  
                  $filename = $HTTP_POST_FILES['userfile']['name'];
                  if ( $userfile == "none" )
                  {
                        echo "Problem: No file uploaded";
                        exit;
                  }
                  
                  if ( $userfile_size == 0 )
                  {
                        echo "Problem: Uploaded File is Zero Length";
                        exit;
                  }
                  
                  if ( $userfile_type != "image/gif" || $userfile_type != "image/jpg" )
                  {
                        echo "Problem: File is not a valid JPG or GIF file";
                        exit;
                  }
                  if ( !is_uploaded_file($userfile) )
                  {
                        echo "Problem: File already exists in this directory.";
                        exit;
                  }

                  $tempfile = $HTTP_POST_FILES['userfile']['tmp_name'];
                  $destination = $DirID . "/" . $HTTP_POST_FILES['userfile']['name'];
                  
                  if ( !copy($tempfile, $destination))
                  {
                        echo "Problem: Could not move file into this directory";
                        exit;
                  }
                  
                  
                  // 5. Save this new index.php file into the new $DirID directory.
                  $original      =      "/templates/index.php";
                  $new            =      "/" . $DirID . "/index.php";
                  copy ($original, $new);                  
                  
                  // 6. Create and write a new file named "index.php" in the $DirID folder that displays the uploaded file from userfile.
                  
                  $fp      =      "/" . $DirID . "/index.php";
                  $descriptor            =      fopen ($fp, "w+");
                  
                  $image                  =      $HTTP_POST_FILES['userfile']['name'];
                  
                  $content            =      do_index_output($DirID, $image);
                  fwrite($fp, $content);
                  
                  // 7. Build the URL and store the URL and ID # in the DB.
                  
                  $filename      =      $HTTP_POST_FILES['userfile']['name'];                  
                  $url            =      "http://www.diverse-networks.com/" . $DirID;
                  
                  $sql2            =      "INSERT into FILE_UPLOADS ('ID', 'url', 'filename') VALUES('$DirID', '$url', '$filename')";
                  $result            =      mysql_query($sql2);
                  
                  // 8. Return URL to screen for user to log.
                  
                  if(!result)
                  {
                        echo "Problem with storing new Image in the Database.";
                  }
                  else
                  {
                        echo "Your image was uploaded successfully and can be found at: " . $url;
                  }
?>


When I click the upload button on the form, I get this error message:

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/diverse/public_html/friz/upload.php on line 8

Warning: mkdir(): open_basedir restriction in effect. File(/1) is not within the allowed path(s): (/home/diverse:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/diverse/public_html/friz/upload.php on line 17
Problem: Uploaded File is Zero Length

WHAT IS IT THAT I'M DOING WRONG?

Thanks,

Lance
0
Comment
Question by:Lance_Frisbee
  • 3
  • 2
6 Comments
 
LVL 20

Expert Comment

by:Muhammad Wasif
ID: 11817879
what are the lines 8 and 17?
0
 
LVL 26

Expert Comment

by:ushastry
ID: 11818010
Hi,

First check whether the mysql is returning any values...

Change this line
    mkdir ("/" . $DirID);
with
mkdir("/".$DirID,0755); // try with this also mkdir("/" . $DirID,0777);

Hope this helps!
0
 
LVL 2

Author Comment

by:Lance_Frisbee
ID: 11824550
$DirNum =     mysql_fetch_assoc($result); // THAT IS LINE 8
mkdir ("/" . $DirID); // THAT IS LINE 17


ushastry: I originally coded this script using mkdir("/" . $DirID, 0777);

Same result though. I'll give 0755 a try.

Thanks.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 26

Accepted Solution

by:
ushastry earned 50 total points
ID: 11827324
Hi Lance_Frisbee,


Before creatign direcory check the current working directory..& prefix that path to the

Try this ..

$currDir = getcwd();
mkdir("$curDir/$DirID", 0777);

Also please check this link..

http://www.lania.mx/biblioteca/manuales/phpes/features.safe-mode.html
0
 
LVL 2

Author Comment

by:Lance_Frisbee
ID: 11917685
My apologies on the delay... I haven't had time to get to this. I'm posting just to keep the question active. I'll reply soon.

Thanks

Lance
0
 
LVL 2

Author Comment

by:Lance_Frisbee
ID: 11969095
Alright... during my absence, a solution has been found. I didn't CHMOD my folders and I also was trying to create these folders in the root directory. I just re-coded where i was creating these ID folders to an "upload" folder and it works.

Because of the long delay, I will award the points anyways to Ushastry... Thank you for your patience, and I again apologize for the delay.

Lance
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now