SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Sep 2004
    Location
    PA
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    File uploading problem - Getting Frustrated : (

    I am teaching myself PHP (well, with a book) and I treid the example on how to upload a file...but tis not working for me....I downloaded PHP 5 and the book is for PHP 4.22, so not sure if that is the problem...

    It doesn't seem like the information is being sent to the php file at all...it errors out to the 'Problem: Possible file upload attack. Filename' error...but it doesn't display the filename...so I went in and 'echoed' the ' $userfile_name' at varios locations and it always came up as blank...

    I even tried using $_FILES, to no avail.

    Any help would be GREATLY APPRECIATED.

    I have tried it on the server I put on my PC and on my actual 'online' server, and it doesn't work at either location.

    OH, I have apache 2 as the server on a n XP machine....and the PHP as a module. Below is the code and the php.ini in case their is something defined wrong in there....

    here is the code for the HTML file:
    Code:
     
    <html> 
    <head> 
     <title>Administration</title> 
    </head> 
    <body> 
    <h1>Upload file</h1> 
    <form enctype="mulitpart/form-data" action="upload.php" method="post"> 
     <input type="hidden" name="MAX_FILE_SIZE" value="1000000"> 
     Upload this file: <input name="userfile" type="file"> 
     <input type="submit" value="Send File"> 
    </form> 
    </body> 
    </html>
    Code:
    html> 
    <head> 
     <title>Uploading...</title> 
    </head> 
    <body> 
    <h1>Uploading File...</h1> 
    <?php 
     //$userfile is where file went on webserver 
     $userfile = $HTTP_POST_FILES['userfile']['tmp_name']; 
    
     //$userfile_name is original file name 
     $userfile_name = $HTTP_POST_FILES['userfile']['name']; 
    
     //$userfile_size is size in bytes 
     $userfile_size = $HTTP_POST_FILES['userfile']['size']; 
    
     //$userfile_type is mime type eg image/gif 
     $userfile_type = $HTTP_POST_FILES['userfile']['type']; 
    
     //$userfile_error is any error encoutered 
     $userfile_error = $HTTP_POST_FILES['userfile']['error']; 
    
     //use this code with newer versions 
      if ($userfile_error > 0) 
      { 
        echo 'Problem: '; 
        switch ($userfile_error) 
        { 
          case 1: echo 'File exceeded upload_max_filesize'; break; 
          case 2: echo 'File exceeded max_file_size'; break; 
          case 3: echo 'File only partially uploaded'; break; 
          case 4: echo 'No file uploaded'; break; 
        } 
        exit; 
      } 
      //end of code for 4.2.0 
    
      //check which mime type the file is 
      $upfile = '/uploads/'.$userfile_name; 
    
      //is_uploaded_file and move_uploaded_file added at version 4.0.3 
      if (is_uploaded_file($userfile)) 
        { 
        if (!move_uploaded_file($userfile, $upfile)) 
          { 
            echo 'Problem: Could not move file to destination directory'; 
            exit; 
          } 
        } 
        else 
        { 
          echo 'Problem: Possible file upload attack. Filename: '.$userfile_name; 
          exit; 
        } 
    
      echo 'File uploaded successfully<br /><br />'; 
    
      //reformat the file contents 
      $fp = fopen($upfile, 'r'); 
      $contents = fread ($fp, filesize ($upfile)); 
      fclose ($fp); 
    
      $contents = strip_tags($contents); 
      $fp = fopen($upfile, 'w'); 
      fwrite($fp, $contents); 
      fclose($fp); 
    
      //show what was uploaded 
      //  echo 'Preview of uploaded file contents:<br /><hr />'; 
      //  echo $contents; 
      //  echp '<br /><hr />'; 
    
      ?> 
    </body> 
    </html>

  2. #2
    SitePoint Guru
    Join Date
    Jul 2004
    Location
    Raleigh, NC
    Posts
    783
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1- make sure your uploads directory already exists (this script won't create it for you)
    2- make sure your php.ini is set up correctly. this page should be able to help you with the second step
    http://us4.php.net/features.file-upload

  3. #3
    SitePoint Addict pentium10's Avatar
    Join Date
    Apr 2004
    Location
    Transilvania
    Posts
    208
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try using full path for

    $upfile = '/uploads/'.$userfile_name;

    like

    $upfile = '/home/user/usr/uploads/'.$userfile_name;
    Rype :: book, do, charge, collect,
    track time, track expenses and invoice easily on the go.
    Available on Mac, Win, iPhone, WinMobile.
    http://www.rypenow.com

  4. #4
    SitePoint Member
    Join Date
    Sep 2004
    Location
    UK
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Its nothing to do with PHP 5.

  5. #5
    SitePoint Member
    Join Date
    Sep 2004
    Location
    UK
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    index.php

    Code:
    <form enctype="multipart/form-data" action="upload.php" method="post">
     <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
     Send this file: <input name="userfile" type="file" />
     <input type="submit" value="Send File" />
    </form>
    Upload.php

    Code:
     <?php
    // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
    // of $_FILES.
    
    $uploaddir = '/usr/home/soapbath/public_html/uploads/';
    $uploadfile = $uploaddir . $_FILES['userfile']['name'];
    
    print "<pre>";
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
       print "File is valid, and was successfully uploaded. ";
    } else {
       print "Possible file upload attack! 
    }
    print "</pre>";
    
    ?>

    Ive always done it like that..


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •