file uploading with register globals off

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

GalakStarscraper
Forum Newbie
Posts: 7
Joined: Wed Sep 10, 2003 8:44 am

file uploading with register globals off

Post by GalakStarscraper »

[Admin Edit: Moved from the Passing Variables sticky]

Well, I've read through this thread, looked at the links, and I'm still not sure what is wrong.

Here is the form:

Code: Select all

?><h1>Add new team</h1><?
      // Form for the new team entry
         $url = $PHP_SELF . "?show=addTeam".$sid;
         echo "<form action="" .$url."" method="post" enctype="multipart/form-data">"; 
         echo "  <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="200000">";?>
                  
            <table width="90%" cellpadding="2" cellspacing="1" border="0" class="forumline" valign="top" align="center">
               <tr>
                  <th class="thCornerL" height="25" nowrap="nowrap" align="center">Your team's html</th>
               </tr>
               <tr>
                  <td class="row3" align="center"><input type="file" name="userfile" size="70"> (max 200KB!)</td>
               </tr>                     
            </table>               
            <br />
            <div align="center"><input type="submit" name="submit" value="Submit team" /></div>

         <? echo "</form>";
When you click on Submit ... it takes you to the following code:

Code: Select all

if ($userfile != "none") {
      // File einlesen
         $openHandle = fopen($userfile, "r");
         //$text = readfile($userfile);
         $readHandle = fread($openHandle, filesize($userfile));
         $data = addslashes($readHandle);
         $data_BIG = strtoupper($data);
         ?>
         <p>
         <b>Processing 'Add team' request</b><br /><br />
         - Scanning for team name: <b>
            <? $team_name = getTeamName($data_BIG, $data);?>
            <?= $team_name; ?></b><br>
The variable $userfile is blank no matter what value was submitted in the form for $userfile. So I tried the recommended fix:

Code: Select all

if ($_POST['userfile'] != "none") {
      // File einlesen
         $openHandle = fopen($_POST['userfile'], "r");
         //$text = readfile($_POST['userfile']);
         $readHandle = fread($openHandle, filesize($_POST['userfile']));
         $data = addslashes($readHandle);
         $data_BIG = strtoupper($data);
         ?>
         <p>
         <b>Processing 'Add team' request</b><br /><br />
         - Scanning for team name: <b>
            <? $team_name = getTeamName($data_BIG, $data);?>
            <?= $team_name; ?></b><br>
However this coding just dies once it tries to execute. No error message displayed ... it just does nothing, and I was sure after reading the thread it would work. And it dies hard with the $_POST. The original code actually displays the Processing 'Add team' request. The new $_POST doesn't display this text at all ... nothing after the first use of $_POST works in fact.

I'm using version 4.1.2. Can anyone help me read my user's files? Thanks a bunch in advance for any and all help. I realize that I'm not using version 4.2 or up, but since the variable is blank, I just cannot figure out why its not passing through. Sorry if I've posted this to the wrong thread.

Galak
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

First thing I noticed - $PHP_SELF should be $_SERVER['PHP_SELF'].

The next thing you need to do is read:
Handling file uploads

Try the examples that they have listed there and post back if you have any problems.

Mac
GalakStarscraper
Forum Newbie
Posts: 7
Joined: Wed Sep 10, 2003 8:44 am

Post by GalakStarscraper »

And obviously I did since it got moved immediately ... sorry about that. thanks to the site admin for moving my post to a more appropriate place ... its appreciated.

Galak
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

GalakStarscraper wrote:And obviously I did since it got moved immediately ... sorry about that. thanks to the site admin for moving my post to a more appropriate place ... its appreciated.

Galak
It's alright, you'll get a better response in the main forum than in one of the stickies, especially one with 6 pages lol.

Mac
GalakStarscraper
Forum Newbie
Posts: 7
Joined: Wed Sep 10, 2003 8:44 am

Post by GalakStarscraper »

twigletmac wrote:First thing I noticed - $PHP_SELF should be $_SERVER['PHP_SELF'].

The next thing you need to do is read:
Handling file uploads

Try the examples that they have listed there and post back if you have any problems.

Mac
Mac ...

thanks for the very quick reply.

The weird thing that has us (its me and one other programmer) is we are copying his code from an existing site: http://www.pbembbl.org and using it to set up a new site: http://www.blood-bowl.net/MBBL2

The exact code functions perfectly on the original site and doesn't work on the new site. The original code is running under an older version of PHP than the 4.1.2 that the new site is using. But for the life of me and I'm reading the link you sent me. I cannot figure out what changed from his version to 4.1.2 with the forms that the value of userfile keeps coming up blank on the new site.

I'm read some more ... but its not an uploading file problem I'm sure. The variable by the time it reachs the fopen is already blank.

Galak
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

instead of

Code: Select all

$_POST['userfile']
shouldn't you be using

Code: Select all

$_FILES['userfile']['tmp_name']
unless i am missing something?

Mark
GalakStarscraper
Forum Newbie
Posts: 7
Joined: Wed Sep 10, 2003 8:44 am

Post by GalakStarscraper »

Thanks Mark, that made some progress on the problem.

Hmmmmmm......

Okay tmp_name is blank after the form processes. However $_FILES['userfile']['name'] is set to name of the html.

Example:
D:\PBeMBBL\CurrentGames\IronChefs.htm when put into the form and submitted stores IronChefs.htm to name, but tmp_name is blank.

However if I try to do this:

Code: Select all

$openHandle = fopen($_FILES&#1111;'userfile']&#1111;'name'], "r");
         $readHandle = fread($openHandle, filesize($_FILES&#1111;'userfile']&#1111;'name']));
$readHandle is blank.

The original programmer just sent me these thoughts:
The code to read the file stores the uploaded file in some temporary
directory (this read function does it itself). Maybe your user doesn't
have the rights to write to it. I am not sure but I think I had a similar
problem
I don't think he's going to remember soon. Could this be the problem why tmp_name is not getting populated? The file is not being stored to the temporary location? If this is the solution ... I'm not sure how to give the user rights to the temporary directory.

Thoughts ... now that I have at least a filename being recognized (thanks again Mark) ... what the correct steps to get it to actually read the file ...

I appreciate the help. I can program fluently in 5 languages but just opened up the PHP book yesterday to try to get this site live and since SQL is not one of my languages either ... I'm having a bit of an uphill battle ... especially since the code works on the other programmer's end and he's not sure what 4.1.2 changes killed his code.

Galak
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

so, where are you trying to read the file from?

is the file being uploaded, then read?

I'm not 100% sure what your script is trying to do.

Mark
pootergeist
Forum Contributor
Posts: 273
Joined: Thu Feb 27, 2003 7:22 am
Location: UK

Post by pootergeist »

the first thing you want to do is error check

if $_FILES['userfile']['error'] is set to anything other than zero then the file has not been successfully uploaded.

after that (presuming ['error'] returns 0 zero) you can further test the file by using the pointer $_FILES['userfile']['tmp_name']
that reference is the only reference that the server can use to locate the file - do not use ['name'] as that doesn't exist as a file on the server, it is merely the name that the client chose to call the file while it was on their computer.

if ['userfile']['tmp_name'] passes all your test, you can then move it from the /tmp directory with
move_uploaded_file($_FILES['userfile']['tmp_name'], '/home/www/path/newname.ext'); where newname.ext is the name that you decide to call the file on the server - note, using the clientname ['name'] is generally a bad idea as move_uploaded_file will automatically oerwrite similar named files - ie if two peeps upload 1.jpg then the old one would be overwritten - always best to have your script create a name for the file.
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

What version of PHP are you running, if it is earlier that 4.1.0, you will actually need to use $HTTP_POST_FILES instead of $_FILES.

Mark
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

Ooops, just read your post again, your using 4.1.2 so thats okay :)
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

try putting at the top of the script that runs when the form has being submitted and tells us what is returns.

Code: Select all

print_r($_FILES);
GalakStarscraper
Forum Newbie
Posts: 7
Joined: Wed Sep 10, 2003 8:44 am

Post by GalakStarscraper »

Okay ... here's what I got for the error check:

Code: Select all

if ($_FILES&#1111;'userfile']&#1111;'tmp_name'] != "none") &#123;
      // File einlesen
         $openHandle = fopen($_FILES&#1111;'userfile']&#1111;'tmp_name'], "r");
         $readHandle = fread($openHandle, filesize($_FILES&#1111;'userfile']&#1111;'tmp_name']));
         $data = addslashes($readHandle);
         $data_BIG = strtoupper($data);
   
      // Add team request bearbeiten
         ?>
         <p>
         <b>Progressing 'Add team' request</b><br /><br />
         - Scanning for team name: <b>
            <? $team_name = getTeamName($data_BIG, $data);?>
            <?= $team_name; ?></b><br>
            Name: <?= $_FILES&#1111;'userfile']&#1111;'name']; ?><br>
            Tmp_Name: <?= $_FILES&#1111;'userfile']&#1111;'tmp_name']; ?><br>
            Errors: <?= $_FILES&#1111;'userfile']&#1111;'error']; ?><br>
Results:

Code: Select all

Progressing 'Add team' request

- Scanning for team name: 
Name: IronChefs.htm
Tmp_Name: 
Errors:
Bech100 wrote: I'm not 100% sure what your script is trying to do.
Objective:

The form shown at the top of the thread allows the user to browse their hard drive for an HTML file with the information for their fantasy football team in it. They submit the path to the team file on their hard drive to the website, the website loads the text from the html, parses it, and stores the information in the SQL database for the league.

Like I said ... this code works flawlessly on another site with an older version of PHP. So its a devil in the details somewhere.

Other question ... where should this temporary directory be for the load to save the temporary file? Should the directory be named tmp?

Galak
GalakStarscraper
Forum Newbie
Posts: 7
Joined: Wed Sep 10, 2003 8:44 am

Post by GalakStarscraper »

Bech100 wrote:try putting at the top of the script that runs when the form has being submitted and tells us what is returns.

Code: Select all

print_r($_FILES);
Here was the result from that test:

Array ( [userfile] => Array ( [name] => IronChefs.htm [type] => text/html ) )
GalakStarscraper
Forum Newbie
Posts: 7
Joined: Wed Sep 10, 2003 8:44 am

Post by GalakStarscraper »

Bech100 ... did the above output that you requested shed any clues on why it doesn't work?

thanks,
Galak
Post Reply