• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 236
  • Last Modified:

Problems with uploading file

I have the page where the user can enter information into text fields as well as upload a file all on the same form.  I have it setup in the following way:

First, I validate the file with a function, which checks to see if it is the right size, and the right type.

      function validate_file($files_array){
            $errors = array();
            $userfile_error = $files_array['userfile']['error'];
            $userfile_type = $files_array['userfile']['type'];
            
            if($userfile_error > 0){
                  switch($userfile_error){
                        case 1: $errors[] = 'File exceeded upload_max_filesize'; break;
                        case 2: $errors[] = 'File exceeded max_file_size'; break;
                        case 3: $errors[] = 'File only partially uploaded'; break;
                        case 4: $errors[] = 'No file uploaded'; break;
                  }
            }
            
            if($userfile_type != 'application/x-zip-compressed'){
                  $errors[] = 'File is invalid';
            }

            return $errors;
      }

Next, I validate the text fields.  If there are any errors in either of these functions, I display them in the same script.  Otherwise, I put all values into the session and do a header(location: ) to the preview script which just shows all the info.  Finally, I add all the text fields to the database, and finish the upload with the following functions, whihc gives me the problem:

      function upload_file($new_filename, $userfile){
            $errors = array();
            $filedir = '/home/sites/www.mysite.com/questions/';
            print $userfile . '<br>';
            $userfile_name = $new_filename;
                        $upfile = $filedir . $userfile_name;
            if(is_uploaded_file($userfile)){
                  if(!move_uploaded_file($userfile, $upfile)){
                        print 'Could not move file to destination directory';
                        //return $errors;
                  }
            }
            else{
                  print 'Possible file upload attack. Filename: '.$userfile_name;
            }
      }

where userfile is just the value of $_FILES['userfile']['tmp_name'] in a $_SESSION variable.  and new filename is the final name of the file.  This always fails and gives me the error 'Possible file upload attack' as shown above.  Does anybody know what the problem is?  The file doesnt even seem to be uploading to the tmp directory.  Are there any examples out there of a script which uploads a file as well as adds text input fields to a DB?  Thanks.
0
abstractionz
Asked:
abstractionz
1 Solution
 
designbaiCommented:
Check the permission on the folder where you are trying to upload. It should have write permision.

check the following link for more help.

http://www.netspade.com/articles/php/uploading.xml

hope this helps.

0
 
kiros37100Commented:
Did you include this in your form tag?

enctype="multipart/form-data"

Without it, files won't upload.
0
 
virmaiorCommented:
you should work directly on the supplied system array $_FILES
there's no value in passing it around like you're showing

if this script is happening in another file than the script that uploaded, then the temp file may be deleted since it is a temp file.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
abstractionzAuthor Commented:
i do have permission to upload to the folder, and i included the enctype.

it is happening in another file that the script that uploaded.  the only reason i did it this way was so that i could validate both the text fields and the file at the same time.
0
 
kiros37100Commented:
The file is deleted when you move to a new page before handling it.
0
 
nidanCommented:
instead of leaving the file in the global /tmp folder before moving it to its permanent location, move it from /tmp to your own tmp folder like /hold.  that way you can validate the file while its moved to /hold.  then once the file is valid, move it from /hold to its permanent location.  that way the file won't be deleted.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now