Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 505
  • Last Modified:

Upload CSV file via PHP script from mac to windows converts file unusable.

I have a php upload script that I have used directly from php.net

// IF THERE IS INFORMATION POSTED
if (!empty($_POST))
{
    $uploaddir = 'C:\inetpub\vhosts\mysite\uploads/';
    $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

    echo '<pre>';
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
        echo "File is valid, and was successfully uploaded.\n";
    } else {
        echo "Possible file upload attack!\n";
    }

    echo 'Here is some more debugging info:';
    print_r($_FILES);

    echo "</pre>";




}

Open in new window

If Ray is reading this, I have also used a variation of
// MANUAL REFERENCE PAGES YOU MUST UNDERSTAND TO UPLOAD FILES
// http://php.net/manual/en/reserved.variables.files.php
// http://php.net/manual/en/features.file-upload.php
// http://php.net/manual/en/features.file-upload.common-pitfalls.php
// http://php.net/manual/en/function.move-uploaded-file.php

// MANUAL PAGES THAT ARE IMPORTANT IF YOU ARE DEALING WITH LARGE FILES
// http://php.net/manual/en/ini.core.php#ini.upload-max-filesize
// http://php.net/manual/en/ini.core.php#ini.post-max-size
// http://php.net/manual/en/info.configuration.php#ini.max-input-time


// PHP 5.1+  SEE http://php.net/manual/en/function.date-default-timezone-set.php
date_default_timezone_set('America/Chicago');

// ESTABLISH THE BIGGEST FILE SIZE WE CAN ACCEPT - ABOUT 8 MB
$max_file_size = '8000000';

// ESTABLISH THE KINDS OF FILE EXTENSIONS WE WANT (USE UPPERCASE ONLY)
$file_exts = array
( 'png'
, 'gif'
, 'PDF'
, 'JPG'
, 'CSV'
)
;
$f_exts = implode(', ', $file_exts);

// ESTABLISH THE NAME OF THE DESTINATION FOLDER

$base_dir = 'C:\inetpub\vhosts\mysite.com\httpdocs';
$my_dir = 'data'.DIRECTORY_SEPARATOR;


// LIST OF THE ERRORS THAT MAY BE REPORTED IN $_FILES[]["error"] (THERE IS NO #5)
$errors = array
( 0 => "Success!"
, 1 => "The uploaded file exceeds the upload_max_filesize directive in php.ini"
, 2 => "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"
, 3 => "The uploaded file was only partially uploaded"
, 4 => "No file was uploaded"
, 5 => "UNDEFINED ERROR"
, 6 => "Missing a temporary folder"
, 7 => "Cannot write file to disk"
)
;


// IF THERE IS INFORMATION POSTED
if (!empty($_POST))
{
    // IF THERE ARE ERRORS
    $error_code    = $_FILES["userfile"]["error"];
    if ($error_code)
    {
        trigger_error($errors[$error_code], E_USER_ERROR);
    }

    // GET THE FILE SIZE
    $fsize = number_format($_FILES["userfile"]["size"]);

    // SYNTHESIZE THE NEW FILE NAME FOR TEMPORARY STORAGE
    $fname = basename($_FILES['userfile']['name']);

    // FAIL IF THIS IS NOT AN ALLOWABLE EXTENSION
    $f_ext = explode('.', $fname);
    $f_ext = end($f_ext);
    $f_ext = strtoupper(trim($f_ext));
    if (!in_array($f_ext, $file_exts)) trigger_error( "$f_ext NOT ALLOWED.  CHOOSE FROM $f_exts",E_USER_ERROR);

    // THE SERVER PATH TO THE FILE
    $my_path
        = $base_dir
        . DIRECTORY_SEPARATOR
        .$my_dir
        . DIRECTORY_SEPARATOR
        . $fname
    ;
    $my_path = str_replace('/','\\',$my_path);

    // THE URL PATH TO THE FILE
    $my_url
        = "http://mysite.com/"
        . $my_dir
        . "/"
        . $fname
    ;
    $my_url= str_replace('\\','/',$my_url);
    // MESSAGES ABOUT THE UPLOAD STATUS, IF ANY
    $msg = NULL;

    // IF THE FILE IS NEW (DOES NOT EXIST)
    if (!file_exists($my_path))
    {
        // IF THE MOVE FUNCTION WORKED CORRECTLY
        if (move_uploaded_file($_FILES['userfile']['tmp_name'], $my_path))
        {
            $upload_success = 1;
        }
        // IF THE MOVE FUNCTION FAILED IT PROBABLY THREW A MESSAGE
        else
        {
            $upload_success = -1;
            trigger_error("MOVE TO $my_path FAILED", E_USER_ERROR);
        }
    }

    // IF THE FILE ALREADY EXISTS
    else
    {
        $msg .= "<br/><b><i>$my_url</i></b> already exists" . PHP_EOL;

        // SHOULD WE OVERWRITE THE FILE? IF NOT
        if (empty($_POST["overwrite"]))
        {
            $upload_success = 0;
        }

        // IF WE SHOULD OVERWRITE THE FILE, TRY TO MAKE A BACKUP
        else
        {
            $now    = date('Y-m-d-His');
            $my_bak = $my_path . '.' . $now . '.bak';
            if (!copy($my_path, $my_bak))
            {
                $msg .= "<br/><strong>Attempted Backup Failed!</strong>" . PHP_EOL;
            }
            if (move_uploaded_file($_FILES['userfile']['tmp_name'], $my_path))
            {
                $upload_success = 2;
            }
            else
            {
                $upload_success = -1;
                trigger_error("MOVE TO $my_path FAILED", E_USER_ERROR);
            }
        }
    }

    // PREPARE A REPORT OF THE SCRIPT'S SUCCESS OR FAILURE
    if ($upload_success == 2) { $msg .= "<br/>A backup was made and the file was overwritten" . PHP_EOL; }
    if ($upload_success == 1) { $msg .= "<br/><strong>$my_url</strong> has been saved" . PHP_EOL; }
    if ($upload_success == 0) { $msg .= "<br/><strong>It was NOT overwritten.</strong>" . PHP_EOL; }
    if ($upload_success < 0)  { $msg .= "<br/><strong>ERROR: $my_url NOT SAVED - SEE WARNING FROM move_uploaded_file()</strong>" . PHP_EOL; }

    // ADD FILE SIZE AND PERMISSION INFORMATION
    if ($upload_success > 0)
    {
        $msg .= "<br/>$fsize bytes uploaded" . PHP_EOL;
        if (!chmod ($my_path, 0755))
        {
            $msg .= "<br/>chmod(0755) FAILED: fileperms() = ";
            $msg .= substr(sprintf('%o', fileperms($my_path)), -4);
        }
    }

    // SHOW THE SUCCESS OR FAILURE
    echo $msg;

    // SHOW A LINK TO THE FILE
    echo '<br/>'
        . '<a href="'
        . $my_url
        . '" target="_blank">'
        . "See: $my_url"
        . '</a>'
    ;
}


// CREATE THE FORM FOR INPUT (USING HEREDOC SYNTAX)
$form = <<<EOF
<h2>Upload a File</h2>
<p>
<form enctype="multipart/form-data" method="post">
<!--
    SOME IMPORTANT THINGS TO NOTE ABOUT THIS FORM...
    ENCTYPE= ATTRIBUTE IN THE HTML <FORM> TAG
    MAX_FILE_SIZE HIDDEN CONTROL MUST PRECEDE THE FILE INPUT CONTROLS
    INPUT NAME= IN TYPE=FILE DETERMINES THE NAME YOU FIND IN _FILES ARRAY
    ABSENCE OF ACTION= ATTRIBUTE IN <FORM> TAG CAUSES POST TO SAME URL
-->
<input type="hidden" name="MAX_FILE_SIZE" value="$max_file_size" />
Find a file to Upload ($f_exts): <input name="userfile" type="file" />
<br/>Check this box
<input autocomplete="off" type="checkbox" name="overwrite" /> to <strong>overwrite</strong> existing files
</br><input type="submit" value="Upload" />
</form>
</p>
EOF;

echo $form;

Open in new window

Then reading with
<?php
                $file = fopen("data/menu.csv","r");
                $str='';
                $menu_heading = '';
                $firstRow = true;

                while(! feof($file))
                {

                    $row = (fgetcsv($file));
                    if ($row[1]<> $menu_heading){
                        $menu_heading = $row[1];
                        $str = $str.menuheading($row[1]);
                    };
                    $str = $str. '<div class="col-sm-6">'.$row[2].'</div><div class="col-sm-2 price">'.$row[3].'</div>';
                    if($firstRow){
                        $str='';
                        $firstRow = false;
                    }
                }

                    echo $str;


                function menuheading($mh){
                    return '<div class="col-xs-8"><h3 class="hdr2"><span class="lft"></span>'.$mh.'<span class="rt"></span></h3></div>';
                }
                fclose($file);
                ?>

Open in new window

If I ftp the csv file from my mac this works fine.  If I use the upload script from a pc, this works.  If I used the upload script from my mac, it will not output.    If I download the file I uploaded from my mac, save as windows csv (from excel) then ftp, it will work.

There is something being converted.  No errors are thrown and I have tried setting errors to error_reporting(E_ALL);
0
Scott Fell,  EE MVE
Asked:
Scott Fell,  EE MVE
1 Solution
 
Ray PaseurCommented:
I don't have the right tools to test this process, so I'll just suggest some possibilities.  Mac and PC and Linux all have their own versions of line ending characters.   Typically these are some combination of \r and \n, carriage-return and newline characters respectively.  It's possible that the EOL characters from one system are causing trouble on another system.  I notice that when I move files between systems I sometimes have to trim() the lines.

In the upload script, have you confirmed that the move_uploaded_file() step worked and did not encounter a permissions error, etc?

In the script that reads the CSV, you might try something like this to see if we can visualize where the process breaks down.  Be sure to look at the output with "view source."
<?php
error_reporting(E_ALL);

// TRY TO OPEN THE FILE
$file = fopen("data/menu.csv","r");
if (!$file) trigger_error("CANNOT OPEN FILE", E_USER_ERROR);

echo '<pre>';
while(!feof($file))
{
    $row = fgetcsv($file);
    var_dump($row);
    echo PHP_EOL;
}

Open in new window

0
 
Scott Fell, EE MVEDeveloper & EE ModeratorAuthor Commented:
>In the upload script, have you confirmed that the move_uploaded_file() step worked and did not encounter a permissions error, etc?

Yes.  And when I used your script, the backup files where there.  I deleted everything and used it again and can see the file. I also made a change to the csv file, uploaded it and then downloaded it and can see the change.

Thank you Ray.  I will try that this afternoon.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now