Page 1 of 1

move_uploaded_file () function error??

Posted: Wed Jul 29, 2009 7:01 am
by harshilshah
here's the code i used which was working fine on windows wamp server.

Code: Select all

<?php
@session_start();
 
set_include_path("." . PATH_SEPARATOR . get_include_path());
 require 'ArchiveExtractor.class.php';
  
 // database code
$dbh=mysql_connect ("localhost", "root",
 "") or die('Cannot connect to the database because: ' . mysql_error());
  mysql_select_db ("wwwgodn_godnels");
  //echo "Connection Successfull";
  
  $sql="SELECT fldUsername FROM tblusers where fldUsername='".$_POST["txtusername"]."'";
  $result = mysql_query($sql) or die("Query to get blah failed with error: ".mysql_error());
  //echo"query";
while ($row = mysql_fetch_array($result, MYSQL_BOTH)) {
include "adderror.html";
  exit(1);}
   
 mysql_free_result($result);
  
  $rs = @mkdir( $_POST["txtusername"], 0777 );
  //echo "make directory sucessfull";
  
 if ((($_FILES["file"]["type"] == "image/gif")|| ($_FILES["file"]["type"] == "image/jpeg")
 || ($_FILES["file"]["type"] == "application/x-rar-compressed")|| ($_FILES["file"]["type"] == "application/rar")
  || ($_FILES["file"]["type"] == "application/octet-stream")|| ($_FILES["file"]["type"] == "application/zip")
  ||($_FILES["file"]["type"] == "application/x-zip-compressed")||($_FILES["file"]["type"] == "application/octet-stream")
  ||($_FILES["file"]["type"] == "application/x-compress")||($_FILES["file"]["type"] == "application/x-compressed")
  ||($_FILES["file"]["type"] == "multipart/x-zip")|| ($_FILES["file"]["type"] == "image/pjpeg"))
  && ($_FILES["file"]["size"] < 2000000))
    {
    if ($_FILES["file"]["error"] > 0)
     {
      echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
    else
      {
      //echo "Upload: " . $_FILES["file"]["name"] . "<br />";
      //echo "Type: " . $_FILES["file"]["type"] . "<br />";
     //echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
     //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
   
      if (file_exists($_REQUEST["txtusername"]. "/" . $_FILES["file"]["name"]))
        {
        echo $_FILES["file"]["name"] . " already exists. ";
         }
       else
        {move_uploaded_file($_FILES["file"]["tmp_name"],
        $_REQUEST["txtusername"]."/" . $_FILES["file"]["name"]);
        //echo "Stored in: " . $_REQUEST["txtusername"]."/" . $_FILES["file"]["name"];
         }
       }
    }
   else
     {
     echo "Invalid file";
     }
    
    if ((($_FILES["file"]["type"] == "application/zip")
  || ($_FILES["file"]["type"] == "application/rar")
  || ($_FILES["file"]["type"] == "application/zip")
  ||($_FILES["file"]["type"] == "application/x-zip-compressed")
 ||($_FILES["file"]["type"] == "application/octet-stream")
  ||($_FILES["file"]["type"] == "application/x-compress")
  ||($_FILES["file"]["type"] == "application/x-compressed")
  ||($_FILES["file"]["type"] == "multipart/x-zip")
  || ($_FILES["file"]["type"] == "application/octet-stream")))
  {
       $archExtractor=new ArchiveExtractor();
       $extractedFileList=$archExtractor->extractArchive($_REQUEST["txtusername"]."/" . $_FILES["file"]["name"],$_REQUEST["txtusername"]."/");
       chmod($_POST["txtusername"]."/" . $_FILES["file"]["name"],0777);
       unlink($_POST["txtusername"]."/" . $_FILES["file"]["name"]);
       echo "<h4 align='center'>album submitted</h4>";
      
   }
  $sql="Insert Into tblusers (fldUsername,fldPassword) Values ('".$_POST["txtusername"]."','".$_POST["txtpassword"]."')";
    
  $result = mysql_query($sql) or die("Query failed with error: ".mysql_error());
   mysql_close($dbh);
 
 
include "list1.php";
 
?>
but when i uploaded the files to the live server which is probably linux server.
i was getting the following errors
Warning: move_uploaded_file(wedding1/abcd.zip) [function.move-uploaded-file]: failed to open stream: Permission denied in /home/wwwgodn/public_html/old/imagealbum/update.php on line 182
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpAu4CCc' to 'wedding1/abcd.zip' in /home/wwwgodn/public_html/old/imagealbum/update.php on line 182
Stored in: wedding1/abcd.zip
Warning: chmod() [function.chmod]: No such file or directory in /home/wwwgodn/public_html/old/imagealbum/update.php on line 204

Warning: unlink(wedding1/abcd.zip) [function.unlink]: No such file or directory in /home/wwwgodn/public_html/old/imagealbum/update.php on line 205
album submitted

Please some one help me its urgent.

Re: move_uploaded_file () function error??

Posted: Wed Jul 29, 2009 7:06 am
by VladSun
1. The directory ($_REQUEST["txtusername"]."/") must be writable by the Apache user.
2. Don't use $_REQUEST - use $_POST instead.
3. Don't rely on $_FILES["file"]["type"] header - it's too easy to be modified, thus allowing uploads of PHP files.

Re: move_uploaded_file () function error??

Posted: Wed Jul 29, 2009 7:22 am
by jackpf
Hi VladSun,
I've always used the $_FILES['file']['type'] to check the type of the file.

I was just wondering, how is it possible to modify it?

Thanks,
Jack.

EDIT:
Ahh I've just found it. Apparently the $_FILES['file']['type'] relies on the header sent by the browser, which can be changed. I thought PHP figured out the mime type of the file by its extension. Yeah, that could easily be hacked.

Re: move_uploaded_file () function error??

Posted: Wed Jul 29, 2009 7:24 am
by VladSun
jackpf wrote:Hi VladSun,
I've always used the $_FILES['file']['type'] to check the type of the file.

I was just wondering, how is it possible to modify it?

Thanks,
Jack.
I always recommend reading this article: http://www.scanit.be/uploads/php-file-upload.pdf

Re: move_uploaded_file () function error??

Posted: Wed Jul 29, 2009 7:24 am
by jackpf
Ahh I must have just been editing my post when you posted :P

That's a good read btw. I've only read the start so far, but it looks good.

Re: move_uploaded_file () function error??

Posted: Wed Jul 29, 2009 8:02 am
by harshilshah
jackpf wrote:Ahh I must have just been editing my post when you posted :P

That's a good read btw. I've only read the start so far, but it looks good.
Please can someone help me debug this code

Re: move_uploaded_file () function error??

Posted: Thu Jul 30, 2009 3:05 am
by harshilshah
hey VladSun,
you asked to change the directory permissions. how do i do that i use a windows os at my office and i have hosted my site on a linux server. will i have to contact the hosting company to do it for me or can i do it using the ftp. or is there any php code i need to add in my php file before using the mkdir function.

Re: move_uploaded_file () function error??

Posted: Thu Jul 30, 2009 3:11 am
by VladSun
Haven't I already answered you?!?!
viewtopic.php?f=1&t=103920

:?:

Re: move_uploaded_file () function error??

Posted: Thu Jul 30, 2009 11:53 am
by pickle
Double-post. Locking.