Problems with uploading file

I have the page where the user can enter information into text fields as well as upload a file all on the same form.  I have it setup in the following way:

First, I validate the file with a function, which checks to see if it is the right size, and the right type.

      function validate_file($files_array){
            $errors = array();
            $userfile_error = $files_array['userfile']['error'];
            $userfile_type = $files_array['userfile']['type'];
            if($userfile_error > 0){
                        case 1: $errors[] = 'File exceeded upload_max_filesize'; break;
                        case 2: $errors[] = 'File exceeded max_file_size'; break;
                        case 3: $errors[] = 'File only partially uploaded'; break;
                        case 4: $errors[] = 'No file uploaded'; break;
            if($userfile_type != 'application/x-zip-compressed'){
                  $errors[] = 'File is invalid';

            return $errors;

Next, I validate the text fields.  If there are any errors in either of these functions, I display them in the same script.  Otherwise, I put all values into the session and do a header(location: ) to the preview script which just shows all the info.  Finally, I add all the text fields to the database, and finish the upload with the following functions, whihc gives me the problem:

      function upload_file($new_filename, $userfile){
            $errors = array();
            $filedir = '/home/sites/';
            print $userfile . '<br>';
            $userfile_name = $new_filename;
                        $upfile = $filedir . $userfile_name;
                  if(!move_uploaded_file($userfile, $upfile)){
                        print 'Could not move file to destination directory';
                        //return $errors;
                  print 'Possible file upload attack. Filename: '.$userfile_name;

where userfile is just the value of $_FILES['userfile']['tmp_name'] in a $_SESSION variable.  and new filename is the final name of the file.  This always fails and gives me the error 'Possible file upload attack' as shown above.  Does anybody know what the problem is?  The file doesnt even seem to be uploading to the tmp directory.  Are there any examples out there of a script which uploads a file as well as adds text input fields to a DB?  Thanks.
Who is Participating?
instead of leaving the file in the global /tmp folder before moving it to its permanent location, move it from /tmp to your own tmp folder like /hold.  that way you can validate the file while its moved to /hold.  then once the file is valid, move it from /hold to its permanent location.  that way the file won't be deleted.
Check the permission on the folder where you are trying to upload. It should have write permision.

check the following link for more help.

hope this helps.

Did you include this in your form tag?


Without it, files won't upload.
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

you should work directly on the supplied system array $_FILES
there's no value in passing it around like you're showing

if this script is happening in another file than the script that uploaded, then the temp file may be deleted since it is a temp file.
abstractionzAuthor Commented:
i do have permission to upload to the folder, and i included the enctype.

it is happening in another file that the script that uploaded.  the only reason i did it this way was so that i could validate both the text fields and the file at the same time.
The file is deleted when you move to a new page before handling it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.