Sabrin
asked on
upload files code problem
hello,
I have this code and I am trying to upload a picture but its not uploading it!
can someone please tell me whats wrong with this code?
<?php
/* check for and loop through uploaded files */
foreach ($_FILES as $name => $info) {
/* chekc the file has a valid name */
if (($info['name'] != 'ht.access' &&
substr($info['name'], 0,1) != '.' &&
$info['name'] != 'allowed_files')) {
/* attempt to move the file to the uploaded_files directory */
if (@move_uploaded_file($info ['tmp_name '], "uploaded_files/files/{$in fo['name'] }")) {
/* get the contenst of the array of files */
$file_arrays = @unserialize(@file_get_con tents('upl oaded_file s/allowed_ files'));
/* if there are more already 5 files, remove the oldest item fomr the array
* and delete it
*/
if (count(@$file_arrays['file s']) == 5) {
$name = array_shift($file_arrays[' files']);
unset($file_arrays['types' ][$name]);
@unlink('uploaded_files/fi les/' . $name);
}
/* add the new item to the arrays */
$file_arrays['files'][] = $info['name'];
$file_arrays['types'][$inf o['name']] = $info['type'];
/* serialize the array and write it back to the file */
if ($fhwnd = @fopen('uploaded_files/all owed_files ', 'wb+')) {
fwrite($fhwnd, serialize($file_arrays));
fclose($fhwnd);
}
}
}
}
?>
<html>
<head>
<title>Form Post Dump</title>
</head>
<body>
<?php if ($_POST): ?>
<p>You submitted the following POST variables with the following names:</p>
<ul><?php foreach($_POST as $name => $var) : ?>
<li><?php echo(htmlspecialchars($nam e)) ?> = <?php echo(htmlspecialchars($var )) ?></li>
<?php endforeach; ?></ul>
<?php endif; ?>
<?php if ($_GET): ?>
<p>You submitted the following fariables with the query string:</p>
<ul><?php foreach($_GET as $name => $var) : ?>
<li><?php echo(htmlspecialchars($nam e)) ?> = <?php echo(htmlspecialchars($var )) ?></li>
<?php endforeach; ?></ul>
<?php endif; ?>
<?php if ($_FILES): ?>
<p>You submitted the following FILES:</p>
<ul><?php foreach($_FILES as $name => $info): ?>
<li>File name: <?php echo(htmlspecialchars($nam e)) ?>
<ul>
<li>Client file name: <?php echo(htmlspecialchars($inf o['name']) ) ?></li>
<li>File MIME type: <?php echo(htmlspecialchars($inf o['type']) ) ?></li>
<li>File size: <?php echo(htmlspecialchars($inf o['size']) ) ?></li>
<li>Download link: <a href="uploaded_files.php?f ile=<?php echo(htmlspecialchars($inf o['name']) ) ?>"><?php echo(htmlspecialchars($inf o['name']) ) ?></a></li>
</ul>
</li>
</ul>
<?php endforeach; ?></ul>
<?php endif; ?>
<form enctype="multipart/form-da ta" action="<?php echo($_SERVER['PHP_SELF']) ?>" method="post">
<p>Variable1: <input type="text" name="variable1" /></p>
<p>Variable2: <input type="text" name="variable2" /></p>
<p>Variable3: <input type="text" name="variable3" /></p>
<p>File: <input type="file" name="file1" /></p>
<p><input type="submit" value="Post" /></p>
</form>
</body>
</html>
I have this code and I am trying to upload a picture but its not uploading it!
can someone please tell me whats wrong with this code?
<?php
/* check for and loop through uploaded files */
foreach ($_FILES as $name => $info) {
/* chekc the file has a valid name */
if (($info['name'] != 'ht.access' &&
substr($info['name'], 0,1) != '.' &&
$info['name'] != 'allowed_files')) {
/* attempt to move the file to the uploaded_files directory */
if (@move_uploaded_file($info
/* get the contenst of the array of files */
$file_arrays = @unserialize(@file_get_con
/* if there are more already 5 files, remove the oldest item fomr the array
* and delete it
*/
if (count(@$file_arrays['file
$name = array_shift($file_arrays['
unset($file_arrays['types'
@unlink('uploaded_files/fi
}
/* add the new item to the arrays */
$file_arrays['files'][] = $info['name'];
$file_arrays['types'][$inf
/* serialize the array and write it back to the file */
if ($fhwnd = @fopen('uploaded_files/all
fwrite($fhwnd, serialize($file_arrays));
fclose($fhwnd);
}
}
}
}
?>
<html>
<head>
<title>Form Post Dump</title>
</head>
<body>
<?php if ($_POST): ?>
<p>You submitted the following POST variables with the following names:</p>
<ul><?php foreach($_POST as $name => $var) : ?>
<li><?php echo(htmlspecialchars($nam
<?php endforeach; ?></ul>
<?php endif; ?>
<?php if ($_GET): ?>
<p>You submitted the following fariables with the query string:</p>
<ul><?php foreach($_GET as $name => $var) : ?>
<li><?php echo(htmlspecialchars($nam
<?php endforeach; ?></ul>
<?php endif; ?>
<?php if ($_FILES): ?>
<p>You submitted the following FILES:</p>
<ul><?php foreach($_FILES as $name => $info): ?>
<li>File name: <?php echo(htmlspecialchars($nam
<ul>
<li>Client file name: <?php echo(htmlspecialchars($inf
<li>File MIME type: <?php echo(htmlspecialchars($inf
<li>File size: <?php echo(htmlspecialchars($inf
<li>Download link: <a href="uploaded_files.php?f
</ul>
</li>
</ul>
<?php endforeach; ?></ul>
<?php endif; ?>
<form enctype="multipart/form-da
<p>Variable1: <input type="text" name="variable1" /></p>
<p>Variable2: <input type="text" name="variable2" /></p>
<p>Variable3: <input type="text" name="variable3" /></p>
<p>File: <input type="file" name="file1" /></p>
<p><input type="submit" value="Post" /></p>
</form>
</body>
</html>
Assuming your running on a unix flavored server
Start by changing permissions of uploaded_files and the uploaded_files/files directorys to 777
Then test your script .. it should work
However now your folder has read, write, execute privileges to anyone
To lock it down, change the group of the directories to the group of your webprocess (ask your host provider if you don't know) .. then change privileges to 660 .. which will give the owner and the webprocess read and write but no execute access .. and no access to anyone. This is your best security for that folder . just make sure it's a folder that only stores files and that you don't have any scripts running in it
Start by changing permissions of uploaded_files and the uploaded_files/files directorys to 777
Then test your script .. it should work
However now your folder has read, write, execute privileges to anyone
To lock it down, change the group of the directories to the group of your webprocess (ask your host provider if you don't know) .. then change privileges to 660 .. which will give the owner and the webprocess read and write but no execute access .. and no access to anyone. This is your best security for that folder . just make sure it's a folder that only stores files and that you don't have any scripts running in it
Alternatively, if you don't know or can't get the group name of the webprocess ... then change the directory permissions to 666 .. which gives read and write to all .. but no execute
ASKER
hello, this is the warning im getting now!!
Warning: move_uploaded_file(uploade d_files/fi les/pic.jp g) [function.move-uploaded-fi le]: failed to open stream: No such file or directory in /home/virtual/site1/fst/va r/www/html /uploaded_ files/post _dump.php on line 14
Warning: move_uploaded_file() [function.move-uploaded-fi le]: Unable to move '/tmp/phpD4YAsp' to 'uploaded_files/files/pic. jpg' in /home/virtual/site1/fst/va r/www/html /uploaded_ files/post _dump.php on line 14
Warning: move_uploaded_file(uploade
Warning: move_uploaded_file() [function.move-uploaded-fi
Make sure your upload directory is created and the permissions are correct
ASKER
how can I make it upload to the same dir where the script is?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if (@move_uploaded_file($info
Remove the @ from that line and you will see your errors. You will probably get a permission denied error which indicates that the webprocess does not have write privileges to the folder