Page 1 of 1

PHP Upload Form Error

Posted: Wed Jul 29, 2009 3:58 am
by baby@qute
I have a php form that has some text input from the users I want to copy the text input in word form (.doc) I have tried out codes :

Code: Select all

$file_name = $HTTP_POST_FILES['ufile']['name'];
$random_digit=rand(0000,9999);
$new_file_name=$random_digit.$file_name;
$path= "uploads/".$new_file_name;
if($ufile !=none)
{
if(copy($HTTP_POST_FILES['ufile']['name'], $path))
{
$_SESSION['filename'] = $new_file_name;
 
}
else
{
echo "Error";
}
it was working fine for few days but now it gives me error:


Warning: copy() [function.copy]: open_basedir restriction in effect. File() is not within the allowed path(s)

Re: PHP Upload Form Error

Posted: Wed Jul 29, 2009 4:09 am
by onion2k
Your server has been updated to restrict file commands (copy() in this case), presumably to make it more secure. Consequently your script doesn't work any more. Try reading the manual page for move_uploaded_file() and use that instead. It generally works even when there are safe mode restrictions in place.

As it's urgent, if you can't write PHP yourself, I suggest hiring someone to fix it for you. This forum is not really the place to get rapid fixes for code - it's really for PHP developers to discuss things they're working on.

Re: PHP Upload Form Error

Posted: Wed Jul 29, 2009 4:15 am
by VladSun

Code: Select all

$file_name = $HTTP_POST_FILES['ufile']['name'];
http://us3.php.net/manual/en/reserved.v ... .files.php
$HTTP_POST_FILES [deprecated]
So, don't use $HTTP_POST_FILES. Use $_FILES instead.

Code: Select all

$random_digit=rand(0000,9999);
$new_file_name=$random_digit.$file_name;
What will happen if someone uploads a *.PHP file Please, secure this part of you script. You mus allow uploading only permitted types of files.

Code: Select all

if($ufile !=none)
??? What is $ufile? What is none?

Code: Select all

if(copy($HTTP_POST_FILES['ufile']['name'], $path))
Don't use copy(). Use move_uploaded_file() instead.

Re: PHP Upload Form Error

Posted: Wed Jul 29, 2009 4:20 am
by VladSun
onion2k wrote:Your server has been updated to restrict file commands (copy() in this case)
I doubt it's the case. open_basedir doesn't restrict the command set allowed but the file paths allowed for file openning.

I think the system administrator has misconfigured the server by forgetting to add /tmp into the open_basedir directive

Re: PHP Upload Form Error

Posted: Sat Aug 01, 2009 7:47 am
by baby@qute
Ufile is the name of textbox where the user attach the file
if he doesnot attach a file then the textboxes (that i have which contains the information )
gets vopied in .doc automatically