SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Zealot
    Join Date
    Dec 2006
    Location
    Gothenburg, Sweden
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Can't get upload to work

    I'm using the following code to upload an image (avatar.php) :

    PHP Code:
    if (isset($_POST['submit']) && $_SESSION['logged']) {

    //    $userid = $_SESSION['uid'];
    //    $username = $_SESSION['username'];
    //    $uploaddir = "/home/xxx/xxx/xxx/xxx/avatars";
    //    $final_filename = $username;
        
    //    if (is_uploaded_file($image)) {
    //       $newfile = $uploaddir . "/" . $final_filename;
    //       if (!copy($image, $newfile)) {
    //          // if an error occurs the file could not
    //          // be written, read or possibly does not exist
    //          print "Error Uploading File.";
    //          exit;
    //       }
    //    }

    $uploaddir = '/home/xxx/xxx/xxx/xxx/avatars/';
    $uploadfile = $uploaddir . basename($_FILES['userfile']['name']);


    if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) {
       echo "File is valid, and was successfully uploaded.\n";
    } else {
       echo "Possible file upload attack!\n";
    }

    echo 'Here is some more debugging info:';
    echo '<pre>';
    print_r($_FILES);
    echo '</pre>';
    }

    ?>

    <form action="" method="post" enctype="multipart/form-data">
    Your image should be a jpeg, png or gif (no animated gifs) and must be less than 100 kb. You'll get the option to crop your image.<p>

    <label for="image"><strong>Choose your image:</strong></label>
    <input type="hidden" name="username" value="<?php echo $username ?>">
    <input type="hidden" name="MAX_FILE_SIZE" value="100000">
    <br><input type="file" name="image">
    <br><input type="submit" name="submit" value="Upload Image">
    I've also tried the part that is commented with no result as well.

    The errors I'm getting are these:

    Warning: move_uploaded_file(/home/xxx/xxx/xxx/xxx/xxx/avatars/) [function.move-uploaded-file]: failed to open stream: Is a directory in /home/xxx/xxx/xxx/xxx/xxx/avatar.php on line 30

    Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpzzHQs6' to '/home/xxx/xxx/xxx/xxx/xxx/avatars/' in /home/xxx/xxx/xxx/xxx/xxx/avatar.php on line 30
    Possible file upload attack! Here is some more debugging info:

    Code:
    Array
    (
        [image] => Array
            (
                [name] => pcw.jpg
                [type] => image/jpeg
                [tmp_name] => /tmp/phpzzHQs6
                [error] => 0
                [size] => 59440
            )
    
    )
    Also I'm wondering if I need to generate a "bettter" tmp_name or is the tmp_name generated by php good enough to keep out of files getting the same tmp_name when users upload files?

  2. #2
    SitePoint Addict ruba's Avatar
    Join Date
    Apr 2005
    Location
    Amman -Jordan
    Posts
    339
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    what i c that this folder is not found ,
    /home/xxx/xxx/xxx/xxx/xxx/avatars/
    check the permission it must be 777


    iam not sure
    Open Blocked website
    Open Blocked Website
    Knowledge Is Knowing That A Tomato Is A Fruit,
    Wisdom Is Not Putting It In A Fruit Salad.

  3. #3
    SitePoint Zealot
    Join Date
    Dec 2006
    Location
    Gothenburg, Sweden
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Permission is set to 777.

  4. #4
    SitePoint Addict ruba's Avatar
    Join Date
    Apr 2005
    Location
    Amman -Jordan
    Posts
    339
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    $_FILE['imge'] istead of
    $_FILES['userfile']['name']

    userfile is not found

    $uploadfile = $uploaddir . basename($_FILES['image']['name']);


    check it now
    Open Blocked website
    Open Blocked Website
    Knowledge Is Knowing That A Tomato Is A Fruit,
    Wisdom Is Not Putting It In A Fruit Salad.

  5. #5
    SitePoint Zealot
    Join Date
    Dec 2006
    Location
    Gothenburg, Sweden
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ugh, that's what happens when you sit up at 2am trying to get things to work :P

    Thanks you for noticing

    Anyhow what do you think about what I wrote about the tmp_name in the first post?

  6. #6
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try this out if your server has the PHP 4 or greater and directory permission is set to 777, this must work
    Code:
    <?php
    if (isset($_POST['submit'])) {
    	$uploaddir = '/mydir/avatars/';
    	$uploadfile = $uploaddir . basename($_FILES['img_toupload']['name']);
    	
    	if(is_uploaded_file($_FILES['img_toupload']['tmp_name'])){
    		if(move_uploaded_file($_FILES['img_toupload']['tmp_name'], $uploadfile)) {
    		   echo "File is valid, and was successfully uploaded.\n";
    		}
    		else{
    			echo "Possible file upload attack!\n";
    		}
    	}
    	else{
    		echo "Pleaes upload a file.";
    	}
    	echo 'Here is some more debugging info:';
    	
    	echo '<pre>';
    	print_r($_FILES);
    	echo '</pre>';
    }
    ?>
    <form action="" method="post" enctype="multipart/form-data">
    Your image should be a jpeg, png or gif (no animated gifs) and must be less than 100 kb. You'll get the option to crop your image.<p>
    
    <label for="image"><strong>Choose your image:</strong></label>
    <input type="hidden" name="username" value="<?php echo $username ?>">
    <input type="hidden" name="MAX_FILE_SIZE" value="100000">
    <br><input type="file" name="img_toupload">
    <br><input type="submit" name="submit" value="Upload Image">
    I have tested it in my local system. I am not sure on the live.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  7. #7
    SitePoint Addict ruba's Avatar
    Join Date
    Apr 2005
    Location
    Amman -Jordan
    Posts
    339
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    check this class for upload img, if u want use it u can take what u want such as file name , validation ...
    Code:
    <?php
    class picture
    {
           var $save_dir;                    //where file will be saved
           var $filename="spacer.gif";        //default file name initially 
           var $error_message="";            //string to be output if neccesary
           var $width;                        //height of final image
           var $height;                      //width of final image
    
           function picture($save_directory, $file_array, $max_width, $max_height)
           {
                   $this->save_dir = $save_directory;                
                   $this->width =    $max_width;
                   $this->height =  $max_height;
    
                   //--change filename to time - make it unique
                   $temp_filename = $file_array['name'];
                   $ext = explode('.',$temp_filename);
                   $ext = $ext[count($ext)-1];
                   $temp_filename = time().".".$ext;
    
                   //--check that it's a jpeg or gif
                   if (preg_match('/^(gif|jpe?g)$/',$ext)) { 
                           // resize in proportion
                           list($width_orig, $height_orig) = getimagesize($file_array['tmp_name']);
                           if ($this->width && ($width_orig < $height_orig)) {
                                   $this->width = ($this->height / $height_orig) * $width_orig;
                           } else {
                                   $this->height = ($this->width / $width_orig) * $height_orig;
                           }
    
                           $image_p = imagecreatetruecolor($this->width, $this->height);                        
    
                           //handle gifs and jpegs separately
                           if($ext=='gif'){
                               $image = imagecreatefromgif($file_array['tmp_name']);                            
                               imagecopyresampled($image_p, $image, 0, 0, 0, 0, $this->width, $this->height, $width_orig, $height_orig);
                               imagegif($image_p, $this->save_dir.$temp_filename, 80);
                           }
                           else
                           {
                               $image = imagecreatefromjpeg($file_array['tmp_name']);                            
                               imagecopyresampled($image_p, $image, 0, 0, 0, 0, $this->width, $this->height, $width_orig, $height_orig);                            
                               imagejpeg($image_p, $this->save_dir.$temp_filename, 80);
                           }
    
                           imagedestroy($image_p);
                           imagedestroy($image);
    
                           $this->filename=$temp_filename;
    
                   }else{
                           $this->error_message.="<br> file is not a jpeg or gif picture <br>";
                   }
           }
    }
    ?>
    you can find this class in
    http://www.php.net/features.file-upload
    Open Blocked website
    Open Blocked Website
    Knowledge Is Knowing That A Tomato Is A Fruit,
    Wisdom Is Not Putting It In A Fruit Salad.

  8. #8
    SitePoint Zealot
    Join Date
    Dec 2006
    Location
    Gothenburg, Sweden
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @rajug: is it necessary to have both is_uploaded_file() and move_uploaded_file() ?

    Doesn't move_uploaded_file() check if it was uploaded with PHP's HTTP POST upload mechanism ?

  9. #9
    SitePoint Zealot
    Join Date
    Dec 2006
    Location
    Gothenburg, Sweden
    Posts
    135
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I tried adding some more nifty code to have the file uploaded in the /avatars/firstletter_of_username folder like this:

    PHP Code:
    $username $_SESSION['username'];
    $first $username[0];

    $uploaddir "/home/xxx/xxx/xxx.com/peter/v1/avatars/$first/";


    $fileext $_FILES['image']['name'];
    $fileext preg_split("/[.]/",$fileext);
    $fileext array_reverse($fileext);
    $fileext $fileext[0];

    $uploadfile $uploaddir $username "." $fileext;


    if (
    move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) {
       echo 
    "File is valid, and was successfully uploaded.\n";
    } else {
       echo 
    "Possible file upload attack!\n";

    But I got these errors then (kind of like before):


    Warning: move_uploaded_file(/home/xxx/xxx/xxx.com/peter/v1/avatars/P/Peter.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/xxx/xxx/xxx.com/peter/v1/avatar.php on line 39

    Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpJXYkDU' to '/home/xxx/xxx/xxx.com/peter/v1/avatars/P/Peter.jpg' in /home/xxx/xxx/xxx.com/peter/v1/avatar.php on line 39
    Possible file upload attack! Here is some more debugging info:


    EDIT: Think I solved it myself already.. need to do a string to lower on the $first I suppose

  10. #10
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What is your PHP version? You can check with $HTTP_POST_FILES['image'] global if PHP is lesser version.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •