Page 1 of 1

Help with file upload

Posted: Wed Oct 08, 2003 2:12 am
by jbatty
I am trying to upload a xml file using the normal file upload techniques by i keep getting error messages
here is my code. The code work ok if i reference the XML file directly without uploading it e.g. using $xmlSource= "test.xml;

Code: Select all

<HTML> 
<HEAD> 
<TITLE>File Upload</TITLE> 
</HEAD> 
<BODY BGCOLOR="WHITE" TEXT="BLACK"> 
<P><FONT FACE="Arial, Helvetica, sans-serif"><FONT SIZE="+1">File 
    Upload</FONT><BR><BR> 

<FORM METHOD="POST" ENCTYPE="multipart/form-data" ACTION="scriptbelow.php"> 

<INPUT TYPE="HIDDEN" NAME="MAX_FILE_SIZE" VALUE="20000"> 

File 1: <INPUT TYPE="FILE" NAME="userfile" SIZE="60"><BR><BR> 
<INPUT TYPE="SUBMIT" VALUE="Upload"> 
</FORM> 
</FONT></P> 
</BODY> 
</HTML>
and the php to process the file is

Code: Select all

<?php
if ($HTTP_POST_FILES['userfile']['name']=="none")
{
echo "Problem: no file uploaded";
exit;
}
if ($HTTP_POST_FILES['userfile']['size']==0)
{
echo "Problem: uploaded file is zero length";
exit;
}
if ($HTTP_POST_FILES['userfile']['type'] != "text/xml")
{
echo "Problem: file is not an xml file";
exit;
}
if (!is_uploaded_file($HTTP_POST_FILES['userfile']))
{
echo "Problem: possible file upload attack";
exit;
}
//i use WINDOWS
$upfile = "\\uploads".$userfile_name;
if ( !copy($userfile, $upfile))
{
echo "Problem: Could not move file into directory";
exit;
}

$xmlSource= $upfile;

//here i declare the normal xml processing function like character data,
//startElement and endElement. then i have another function with //parses the uploaded file

function parseFile(){
	global $xmlSource,$items;
	
	//Creating the xml parser
	$xml_parser=xml_parser_create();
	
	//Registering the handlers
	xml_set_element_handler($xml_parser,"startElement","endElement");
	xml_set_character_data_handler($xml_parser,"characterData");
	
	//Disables case-folding. Needed for this example
	xml_parser_set_option($xml_parser,XML_OPTION_CASE_FOLDING,false);
	
	//Open the xml file and feed it to the parser in blocks of 4KB
   if(!($fp=fopen($xmlSource,"r"))){
      die("Cannot open  $xmlSource  ");
   }
   while(($data=fread($fp,4096))){

      if(!xml_parse($xml_parser,$data,feof($fp))){
	     die(sprintf("XML error at line %d column %d ", 
                      xml_get_current_line_number($xml_parser), 
                      xml_get_current_column_number($xml_parser)));
	  }
   }

	 //free the parser and returns the array
	 xml_parser_free($xml_parser);
	 
	 return $items;
}//end parseFile()

?>
The error i get is
Problem: Could not move file into directory
if a comment out the if statement causing that error, I get another error
Problem: possible file upload attack
and so on.
Please help review my code. Any ideas are well come.

Posted: Wed Oct 08, 2003 4:21 am
by JayBird
i think you need to put the full path to your uploads directory

change this line

Code: Select all

$upfile = "\\uploads".$userfile_name;
to

Code: Select all

$upfile = "c:\\full\\path\\to\\the\\directory\\uploads".$userfile_name;
Thats what i do on my windows system.

Mark

Posted: Wed Oct 08, 2003 7:24 am
by jbatty
Thanks for your response
The upload directory on my php server is set to "no value" and i do not have access to the php.ini file. I read that i may have to user the temp folder but i dont know how to go about this.

Posted: Wed Oct 08, 2003 11:31 am
by Stoneguard
Actually your upload file should be in $_FILES['userfile']['tmp_name'], and you should move the file using the move_uploaded_file() function.

Also, when you have your copy, $userfile is not set to anything.

On windows, to get the current path, try using

Code: Select all

<?php
$root =  $_SERVER['DOCUMENT_ROOT'];
?>
Then append your path structure to that.

Posted: Tue Oct 21, 2003 6:53 am
by jbatty
Thanks guys,

I have found out the root of my windows system and made the other changes as suggested. It works.

Now i need to use the script in on a UNIX web server to which i ftp access. I found out the root using the command (Document_root) suggest and used it in the code.

Code: Select all

<?php
$uploaddir = "/users/csa/csb/spidery/myunixweb/";
?>
But the file i am trying to upload does not move from the tmp directory.
My question is am i using the right path.
If it happens that i do not have rights to upload files from within scripts to the webserver (i have ftp access) can i use the file directly off the temp directory?