fileupload issue expert opinion appreciated
Posted: Thu Jan 07, 2010 9:22 pm
Hey guys let me start by saying I understand if no one knows what the heck my problem is because I am scratching my head. I have a file upload script that works on my local server when I tested it but when I uploaded it onto my remote server it is non responsive, and seems to bypass all my checks and script and just upload the file. I compared the php ini files and the settings are quite similar. The only extension I needed to add which might have been an issue was the php gd2. I already have php fileinfo installed which was another possible issue. The only part of the script that works is the part that say please select a file to upload when the input is empty. I even tried putting another comment directly after the if statement and it didn't run...:
Here is an example of my mp3 upload which is non responsive...IF anyone has any clue whatsoever as to my problem, I would greatly appreciate anything you can teach me or say that may guide me. This is my first website so I am learning a lot as I go.
Code: Select all
echo"<script>
alert(\"test!\");
</script>";
return;Code: Select all
//file is mp3
if($_POST["selection"]==2){
# edit #
$username=$_POST["username"];
$max_filesize = 4024000;
$uploads = "../usercontent/$username/audio";
$types_array = array('audio/mpeg','audio/mpeg3','audio/mpg','audio/mp3');
# end edit #
if($_FILES['file']['name'] == "")
{
echo"<script>
alert(\"Please select a file to upload!\");
</script>";
return;
}
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if(!in_array(finfo_file($finfo, $_FILES['file']['tmp_name']), $types_array)) {
echo"<script>
alert(\"Only Mp3s are allowed!\");
</script>";
return;// error
}
finfo_close($finfo);
$blacklist = array(".php", ".phtml", ".php3", ".php4", ".js", ".shtml", ".pl" ,".py");
foreach ($blacklist as $item) {
if(preg_match("/$item\$/i", $_FILES['file']['name'])) {
echo "We do not allow uploading of this type of file\n";
echo"<script>
alert(\"We do not allow uploading of this type of file. Your account has been flagged!\");
</script>";
return;
}
}
$max_filesize_kb = ($max_filesize / 1024);
if($_FILES['file']['size'] > $max_filesize)
{
echo"<script>
alert(\"Your file is too large it must be.$max_filesize_kb.kb\");
</script>";
return;
}
$mp3=urlencode($_FILES['file']['name']);
$length=strlen($mp3);
if ($length>55){
echo"<script>
alert(\"Please shorten your filename.\");
</script>";
return;
}
$checkmp3="SELECT * FROM mp3 WHERE mp3='$mp3' AND username='$username'";
$querymp3=mysql_query($checkmp3) or die('Error, select query failed');
$countmp3 = mysql_num_rows($querymp3);
if ($countmp3>=1){
echo"<script>
alert(\"This file already exists in your file.\");
</script>";
return;
}
$checkmp3="SELECT * FROM mp3 WHERE username='$username'";
$querymp3=mysql_query($checkmp3) or die('Error, select query failed');
$countmp3 = mysql_num_rows($querymp3);
if ($countmp3==3){
echo"<script>
alert(\"You can only store 3 mp3 files at once.\");
</script>";
return;
}
else{
$mp3=$_FILES['file']['name'];
$second_query = "INSERT INTO mp3
(username, mp3) VALUES('$username', '$mp3')";
mysql_query($second_query) or die('Error, insert query failed');
move_uploaded_file($_FILES['file']['tmp_name'], $uploads.'/'.$_FILES['file']['name'])
or die ("Couldn't upload ".$_FILES['file']['name']."\n");
echo"<script>
alert(\"File uploaded Refresh the page to view it\");
</script>";
return;
}
}