Solved

upload files code problem

Posted on 2007-04-10
7
283 Views
Last Modified: 2008-02-01
hello,
I have this code and I am trying to upload a picture but its not uploading it!
can someone please tell me whats wrong with this code?

<?php
    /* check for and loop through uploaded files */
    foreach ($_FILES as $name => $info) {
        /* chekc the file has a valid name */
        if (($info['name'] != 'ht.access' &&
            substr($info['name'], 0,1) != '.' &&
            $info['name'] != 'allowed_files')) {

            /* attempt to move the file to the uploaded_files directory */
            if (@move_uploaded_file($info['tmp_name'], "uploaded_files/files/{$info['name']}")) {
                /* get the contenst of the array of files */
                $file_arrays = @unserialize(@file_get_contents('uploaded_files/allowed_files'));        
   
                /* if there are more already 5 files, remove the oldest item fomr the array
                 * and delete it
                 */
                if (count(@$file_arrays['files']) == 5) {
                    $name = array_shift($file_arrays['files']);
           
                    unset($file_arrays['types'][$name]);
                    @unlink('uploaded_files/files/' . $name);
                }

                /* add the new item to the arrays */
                $file_arrays['files'][] = $info['name'];
                $file_arrays['types'][$info['name']] = $info['type'];

                /* serialize the array and write it back to the file */
                if ($fhwnd = @fopen('uploaded_files/allowed_files', 'wb+')) {
                    fwrite($fhwnd, serialize($file_arrays));
                    fclose($fhwnd);
                }
            }          
        }  
    }
?>
<html>
    <head>
        <title>Form Post Dump</title>
    </head>
    <body>
        <?php if ($_POST): ?>
            <p>You submitted the following POST variables with the following names:</p>
            <ul><?php foreach($_POST as $name => $var) : ?>
                <li><?php echo(htmlspecialchars($name)) ?> = <?php echo(htmlspecialchars($var)) ?></li>
            <?php endforeach; ?></ul>
        <?php endif; ?>
        <?php if ($_GET): ?>
            <p>You submitted the following fariables with the query string:</p>
            <ul><?php foreach($_GET as $name => $var) : ?>
                <li><?php echo(htmlspecialchars($name)) ?> = <?php echo(htmlspecialchars($var)) ?></li>
            <?php endforeach; ?></ul>
        <?php endif; ?>
        <?php if ($_FILES): ?>
            <p>You submitted the following FILES:</p>
            <ul><?php foreach($_FILES as $name => $info): ?>
                <li>File name: <?php echo(htmlspecialchars($name)) ?>
            <ul>
                <li>Client file name: <?php echo(htmlspecialchars($info['name'])) ?></li>
                <li>File MIME type: <?php echo(htmlspecialchars($info['type'])) ?></li>
                <li>File size: <?php echo(htmlspecialchars($info['size'])) ?></li>
                <li>Download link: <a href="uploaded_files.php?file=<?php echo(htmlspecialchars($info['name'])) ?>"><?php echo(htmlspecialchars($info['name'])) ?></a></li>
            </ul>
            </li>
        </ul>
            <?php endforeach; ?></ul>
        <?php endif; ?>
        <form enctype="multipart/form-data" action="<?php echo($_SERVER['PHP_SELF']) ?>" method="post">
            <p>Variable1: <input type="text" name="variable1" /></p>
            <p>Variable2: <input type="text" name="variable2" /></p>
            <p>Variable3: <input type="text" name="variable3" /></p>
            <p>File: <input type="file" name="file1" /></p>
            <p><input type="submit" value="Post" /></p>
        </form>
    </body>
</html>
0
Comment
Question by:Sabrin
  • 5
  • 2
7 Comments
 
LVL 7

Expert Comment

by:Zack Soderquist
ID: 18885211
The issue is that your script works fine ...

if (@move_uploaded_file($info['tmp_name'], "uploaded_files/files/{$info['name']}")) {

Remove the @ from that line and you will see your errors. You will probably get a permission denied error which indicates that the webprocess does not have write privileges to the folder

0
 
LVL 7

Expert Comment

by:Zack Soderquist
ID: 18885237
Assuming your running on a unix flavored server

Start by changing permissions of uploaded_files and the uploaded_files/files directorys to 777
Then test your script .. it should work

However now your folder has read, write, execute privileges to anyone

To lock it down, change the group of the directories to the group of your webprocess (ask your host provider if you don't know) .. then change privileges to 660  .. which will give the owner and the webprocess read and write but no execute access .. and no access to anyone. This is your best security for that folder . just make sure it's a folder that only stores files and that you don't have any scripts running in it
0
 
LVL 7

Expert Comment

by:Zack Soderquist
ID: 18885243
Alternatively, if you don't know or can't get the group name of the webprocess ... then change the directory permissions to 666 .. which gives read and write to all .. but no execute
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Sabrin
ID: 18885367
hello, this is the warning im getting now!!

Warning: move_uploaded_file(uploaded_files/files/pic.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/virtual/site1/fst/var/www/html/uploaded_files/post_dump.php on line 14

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpD4YAsp' to 'uploaded_files/files/pic.jpg' in /home/virtual/site1/fst/var/www/html/uploaded_files/post_dump.php on line 14
0
 
LVL 7

Expert Comment

by:Zack Soderquist
ID: 18885377
Make sure your upload directory is created and the permissions are correct
0
 

Author Comment

by:Sabrin
ID: 18885418
how can I make it upload to the same dir where the script is?
0
 
LVL 7

Accepted Solution

by:
Zack Soderquist earned 500 total points
ID: 18890726
           /* attempt to move the file to the uploaded_files directory */
            if (@move_uploaded_file($info['tmp_name'], "uploaded_files/files/{$info['name']}")) {
                /* get the contenst of the array of files */
                $file_arrays = @unserialize(@file_get_contents('uploaded_files/allowed_files'));      

Modify To:

            /* attempt to move the file to the uploaded_files directory */
            if (@move_uploaded_file($info['tmp_name'], $info['name'])) {
                /* get the contenst of the array of files */
                $file_arrays = @unserialize(@file_get_contents('allowed_files'));      

AND

                /* serialize the array and write it back to the file */
                if ($fhwnd = @fopen('uploaded_files/allowed_files', 'wb+')) {

Modify To

                /* serialize the array and write it back to the file */
                if ($fhwnd = @fopen('allowed_files', 'wb+')) {


NOTE: This is not best practice! Best practice dictates that you have a non-executable folder to store uploaded files to prevent users from uploading and potentially running harmful files from your directory
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Calculate values in an array 18 36
WordPress TK Title 8 25
Calculating number of days between two dates 7 33
Why my select dropdown does not work? 8 28
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now