Page 1 of 1

Reading Files

Posted: Mon Nov 15, 2010 6:05 pm
by Skinner2001
I am working on a time-critical project and the solution may appear obvious to you (hopefully!).
I want to upload a CSV file for which I have the form set up:

Code: Select all

echo "<form name=\"form1\" id=\"form1\" method=\"post\" enctype=\"multipart/form-data\" onsubmit=\"return check();\" action=\"team_standings.php?action=upload\">";
echo "<p>";
echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\" />";
echo "<b>Import an Excel CSV standings list: </b>";
echo "<br>";
echo "<input type=\"file\" name=\"csvinput\" id=\"csvinput\">";
echo "<p>";
echo "<input type=\"submit\" value=\"Upload\">";
echo "</form>";
and then I have the receiving code which is in another file:
if ($_FILES["csvinput"]["error"] > 0)
{
echo "Error: " . $_FILES["csvinput"]["error"] . "<br />";
}
else
{
$myFile = $_FILES["csvinput"]["name"];
echo "Upload: " . $myFile . "<br />";
echo "Type: " . $_FILES["csvinput"]["type"] . "<br />";
echo "Size: " . ($_FILES["csvinput"]["size"] / 1024) . " Kb<br />";
$filePath = $_FILES["csvinput"]["tmp_name"];
echo "Stored in: " . $filePath;
}


$uploaddir = '/var/www/html/admin/Uploads';
$uploadfile = $uploaddir . basename($_FILES['csvinput']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['csvinput']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";
AND the problem is the stats of the file are displayed FINE but when I try to read the file as in the second piece of code, it returns "Possible file upload attack!"
WHY?

Re: Reading Files

Posted: Mon Nov 15, 2010 6:27 pm
by Christopher
Do you know that the path $uploadfile is valid. It looks like you might need a slash at the end of $uploaddir.

Re: Reading Files

Posted: Mon Nov 15, 2010 6:50 pm
by Skinner2001
I tried adding a forward slash at the end of ...Uploads and still no joy, wail.

Re: Reading Files

Posted: Mon Nov 15, 2010 7:13 pm
by Skinner2001
OK thanks but I figured it out:- no public write permissions for Uploads folder!