move_uploaded_file () function error??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Locked
harshilshah
Forum Newbie
Posts: 16
Joined: Fri Jul 17, 2009 5:13 am

move_uploaded_file () function error??

Post by harshilshah »

here's the code i used which was working fine on windows wamp server.

Code: Select all

<?php
@session_start();
 
set_include_path("." . PATH_SEPARATOR . get_include_path());
 require 'ArchiveExtractor.class.php';
  
 // database code
$dbh=mysql_connect ("localhost", "root",
 "") or die('Cannot connect to the database because: ' . mysql_error());
  mysql_select_db ("wwwgodn_godnels");
  //echo "Connection Successfull";
  
  $sql="SELECT fldUsername FROM tblusers where fldUsername='".$_POST["txtusername"]."'";
  $result = mysql_query($sql) or die("Query to get blah failed with error: ".mysql_error());
  //echo"query";
while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
include "adderror.html";
  exit(1);}
   
 mysql_free_result($result);
  
  $rs = @mkdir( $_POST["txtusername"], 0777 );
  //echo "make directory sucessfull";
  
 if ((($_FILES["file"]["type"] == "image/gif")|| ($_FILES["file"]["type"] == "image/jpeg")
 || ($_FILES["file"]["type"] == "application/x-rar-compressed")|| ($_FILES["file"]["type"] == "application/rar")
  || ($_FILES["file"]["type"] == "application/octet-stream")|| ($_FILES["file"]["type"] == "application/zip")
  ||($_FILES["file"]["type"] == "application/x-zip-compressed")||($_FILES["file"]["type"] == "application/octet-stream")
  ||($_FILES["file"]["type"] == "application/x-compress")||($_FILES["file"]["type"] == "application/x-compressed")
  ||($_FILES["file"]["type"] == "multipart/x-zip")|| ($_FILES["file"]["type"] == "image/pjpeg"))
  && ($_FILES["file"]["size"] < 2000000))
    {
    if ($_FILES["file"]["error"] > 0)
     {
      echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
    else
      {
      //echo "Upload: " . $_FILES["file"]["name"] . "<br />";
      //echo "Type: " . $_FILES["file"]["type"] . "<br />";
     //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
   
      if (file_exists($_REQUEST["txtusername"]. "/" . $_FILES["file"]["name"]))
        {
        echo $_FILES["file"]["name"] . " already exists. ";
         }
       else
        {move_uploaded_file($_FILES["file"]["tmp_name"],
        $_REQUEST["txtusername"]."/" . $_FILES["file"]["name"]);
        //echo "Stored in: " . $_REQUEST["txtusername"]."/" . $_FILES["file"]["name"];
         }
       }
    }
   else
     {
     echo "Invalid file";
     }
    
    if ((($_FILES["file"]["type"] == "application/zip")
  || ($_FILES["file"]["type"] == "application/rar")
  || ($_FILES["file"]["type"] == "application/zip")
  ||($_FILES["file"]["type"] == "application/x-zip-compressed")
 ||($_FILES["file"]["type"] == "application/octet-stream")
  ||($_FILES["file"]["type"] == "application/x-compress")
  ||($_FILES["file"]["type"] == "application/x-compressed")
  ||($_FILES["file"]["type"] == "multipart/x-zip")
  || ($_FILES["file"]["type"] == "application/octet-stream")))
  {
       $archExtractor=new ArchiveExtractor();
       $extractedFileList=$archExtractor->extractArchive($_REQUEST["txtusername"]."/" . $_FILES["file"]["name"],$_REQUEST["txtusername"]."/");
       chmod($_POST["txtusername"]."/" . $_FILES["file"]["name"],0777);
       unlink($_POST["txtusername"]."/" . $_FILES["file"]["name"]);
       echo "<h4 align='center'>album submitted</h4>";
      
   }
  $sql="Insert Into tblusers (fldUsername,fldPassword) Values ('".$_POST["txtusername"]."','".$_POST["txtpassword"]."')";
    
  $result = mysql_query($sql) or die("Query failed with error: ".mysql_error());
   mysql_close($dbh);
 
 
include "list1.php";
 
?>
but when i uploaded the files to the live server which is probably linux server.
i was getting the following errors
Warning: move_uploaded_file(wedding1/abcd.zip) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/wwwgodn/public_html/old/imagealbum/update.php on line 182
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpAu4CCc' to 'wedding1/abcd.zip' in /home/wwwgodn/public_html/old/imagealbum/update.php on line 182
Stored in: wedding1/abcd.zip
Warning: chmod() [function.chmod]: No such file or directory in /home/wwwgodn/public_html/old/imagealbum/update.php on line 204

Warning: unlink(wedding1/abcd.zip) [function.unlink]: No such file or directory in /home/wwwgodn/public_html/old/imagealbum/update.php on line 205
album submitted

Please some one help me its urgent.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: move_uploaded_file () function error??

Post by VladSun »

1. The directory ($_REQUEST["txtusername"]."/") must be writable by the Apache user.
2. Don't use $_REQUEST - use $_POST instead.
3. Don't rely on $_FILES["file"]["type"] header - it's too easy to be modified, thus allowing uploads of PHP files.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: move_uploaded_file () function error??

Post by jackpf »

Hi VladSun,
I've always used the $_FILES['file']['type'] to check the type of the file.

I was just wondering, how is it possible to modify it?

Thanks,
Jack.

EDIT:
Ahh I've just found it. Apparently the $_FILES['file']['type'] relies on the header sent by the browser, which can be changed. I thought PHP figured out the mime type of the file by its extension. Yeah, that could easily be hacked.
Last edited by jackpf on Wed Jul 29, 2009 7:24 am, edited 1 time in total.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: move_uploaded_file () function error??

Post by VladSun »

jackpf wrote:Hi VladSun,
I've always used the $_FILES['file']['type'] to check the type of the file.

I was just wondering, how is it possible to modify it?

Thanks,
Jack.
I always recommend reading this article: http://www.scanit.be/uploads/php-file-upload.pdf
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: move_uploaded_file () function error??

Post by jackpf »

Ahh I must have just been editing my post when you posted :P

That's a good read btw. I've only read the start so far, but it looks good.
harshilshah
Forum Newbie
Posts: 16
Joined: Fri Jul 17, 2009 5:13 am

Re: move_uploaded_file () function error??

Post by harshilshah »

jackpf wrote:Ahh I must have just been editing my post when you posted :P

That's a good read btw. I've only read the start so far, but it looks good.
Please can someone help me debug this code
harshilshah
Forum Newbie
Posts: 16
Joined: Fri Jul 17, 2009 5:13 am

Re: move_uploaded_file () function error??

Post by harshilshah »

hey VladSun,
you asked to change the directory permissions. how do i do that i use a windows os at my office and i have hosted my site on a linux server. will i have to contact the hosting company to do it for me or can i do it using the ftp. or is there any php code i need to add in my php file before using the mkdir function.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: move_uploaded_file () function error??

Post by VladSun »

Haven't I already answered you?!?!
viewtopic.php?f=1&t=103920

:?:
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: move_uploaded_file () function error??

Post by pickle »

Double-post. Locking.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
Locked