Upload script help please

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Upload script help please

Post by mikegotnaild »

Im pretty new to php and i just dont get how to do this. This code im posting will run and it will show the process of uploading the file but once its done and i go to check if its in my upload directory. Theres nothing there. I even tried looking in my temp directory. Heres the code:
FORM.PHP

Code: Select all

<?
if(!eregi("modules.php", $_SERVER&#1111;'PHP_SELF']))&#123;
     die("You can't access this file directly...");
&#125;

$module_name = basename(dirname(__FILE__));
$module_dir = "modules/$module_name/";
include("header.php");
$index = 1;//right sidebar or not 0=off 1=on
title("Submit Band info/Mp3's/Image's");
OpenTable();
?>

<form enctype="multipart/form-data" action="http://naild.com/localmm/modules.php?name=Bands_Showcase&file=submit" method="post">
<br>Band Name:<center><input type="text" name="bandname"size=20></center>
<br>
Band Description:<br><textarea cols=30 rows=10 name="description"></textarea>
<br>Band History:<textarea cols=30 rows=10 name="history"></textarea>
<br>
<br>Influences:<input type="text" name="influences"size=40>
<br>Select Genra:<select name="genra" size=20 multiple>
<option>Acoustic 
<option>Alternative
<option>Blues
<option>Christian
<option>Classic Rock
<option>Classical
<option>Country
<option>Cover Bands
<option>Death Metal
<option>Disc Jockey
<option>Easy Listening
<option>Electronic
<option>Emo
<option>Experimental
<option>Folk
<option>Funk
<option>Gospel
<option>Gothic
<option>Grunge
<option>Hardcore
<option>Hip Hop
<option>Instrumental
<option>Jazz
<option>Metal
<option>Modern Rock
<option>Progressive
<option>Punk
<option>Rap
<option>Reggae
<option>Rock
<option>Speed Metal
<option>Swing
<option>Techno
</select>
<br>Email:<input type="text" name="email"size=20>
<br>Website:<input type="text" name="website"size=20>
<input type="hidden" name="MAX_FILE_SIZE" value="500000" />
<br>Upload Image: <input name="ufile&#1111;]" type="file" /> 
<input type="hidden" name="MAX_FILE_SIZE" value="3500000" />
<br>Upload mp3: <input name="ufile&#1111;]" type="file" /> 
<input type="hidden" name="MAX_FILE_SIZE" value="3500000" />
<br>Upload mp3: <input name="ufile&#1111;]" type="file" /> 
<input type="hidden" name="MAX_FILE_SIZE" value="7000000" />
<br>If Mp3 exceeds 3.5 mb Upload Here: <input name="ufile&#1111;]" type="file" /> 
<br><input type="submit" name="submit" value="Submit">
</form>

<?php 
CloseTable();
include("footer.php");
?>
SUBMIT.PHP

Code: Select all

<?

if(!eregi("modules.php", $_SERVER&#1111;'PHP_SELF']))&#123;
     die("You can't access this file directly...");
&#125;

if ($submit)&#123;

//Email Variables (these work fine)
$recipient = "mikegotnaild@hotmail.com";
$subject = "Bands Showcase Submission";
$message = "Band Name: $bandname, Genra: $genra, Band Description: $description, Band History: $history, Email: $email, Website: $website, Influences: $influences";
$subject=$_POST&#1111;'subject'];


$bandname=$_POST&#1111;'bandname'];
$genra=$_POST&#1111;'genra'];
$description=$_POST&#1111;'description'];
$history=$_POST&#1111;'history'];
$email=$_POST&#1111;'email'];
$website=$_POST&#1111;'website'];
$influences=$_POST&#1111;'influences'];

mail($recipient,$subject,$message); 

// upload action script.
$uploaddir = '/localmm/upload/';
$uploadfile = $uploaddir . $_FILES&#1111;'ufile&#1111;]']&#1111;'name'];

print "<pre>";
if (move_uploaded_file($_FILES&#1111;'ufile&#1111;]']&#1111;'tmp_name'], $uploadfile)) &#123;
   print "File is valid, and was successfully uploaded. ";
   print "Here's some more debugging info:\n";
   print_r($_FILES);
&#125; else &#123;
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($_FILES);
&#125;
print "</pre>";

header("Location: http://naild.com/localmm/modules.php?name=Bands_Showcase&file=sent");
&#125;
?>
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

I've put in a few fixes, hopefully this will work:

Code: Select all

<?php
if(!eregi("modules.php", $_SERVER['PHP_SELF'])){
     die("You can't access this file directly...");
}

if ($_POST['submit']){  //changed

//these should come before the email
$bandname=$_POST['bandname'];
$genra=$_POST['genra'];
$description=$_POST['description'];
$history=$_POST['history'];
$email=$_POST['email'];
$website=$_POST['website'];
$influences=$_POST['influences'];

//Email Variables (these work fine)
$recipient = "mikegotnaild@hotmail.com";
$subject = "Bands Showcase Submission";
$message = "Band Name: $bandname, Genra: $genra, Band Description: $description, Band History: $history, Email: $email, Website: $website, Influences: $influences";
$subject=$_POST['subject'];

mail($recipient,$subject,$message);

// upload action script.
$uploaddir = $_SERVER['DOCUMENT_ROOT'] . '/localmm/upload/';  //changed
$uploadfile = $uploaddir . $_FILES['ufile[]']['name'];

print "<pre>";
if (move_uploaded_file($_FILES['ufile[]']['tmp_name'], $uploadfile)) {
   print "File is valid, and was successfully uploaded. ";
   print "Here's some more debugging info:\n";
   print_r($_FILES);
} else {
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($_FILES);
}
print "</pre>";

//commented out the following line because it would prevent you from seeing the debugging info
//header("Location: http://naild.com/localmm/modules.php?na ... &file=sent");
} 
?>
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

Thank you very much. ill go try it out
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

Possible file upload attack! Here's some debugging info:
Array
(
[ufile] => Array
(
[name] => Array
(
[0] => phpnuke.gif
[1] => Ataris - Are We There Yet.mp3
[2] => The Ataris - Let It Go.mp3
)

[type] => Array
(
[0] => image/gif
[1] => audio/mpeg
[2] => audio/mpeg
)

[tmp_name] => Array
(
[0] => /var/tmp/phpH6zWFh
[1] => /var/tmp/php6oV3Uk
[2] => /var/tmp/phpuQ9kj4
)

[error] => Array
(
[0] => 0
[1] => 0
[2] => 0
)

[size] => Array
(
[0] => 5034
[1] => 1061605
[2] => 1398619
)

)

) // What needs to be done??
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Using $somearray[] as a read method (write method would be $foo[] = 'something') doesn't usually work, so $_FILES['ufile[]']['tmp_name'] will fail as you'de need to specify the $ufile index.
You probably want to foreach() over the $FILES['ufile'] array and move each one.
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

like i said im new to php. So im completely lost on how to do what you said.
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Take a look at the user comments at http://www.php.net/manual/en/features.f ... ltiple.php

If you get any problems then post back (rather than me/someone repost the examples there ;))
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

THATS ALL??!!! lol thanks


So for example, your HTML code might look like this:

<FORM ACTION="upload.php" METHOD="POST" ENCTYPE="multipart/form-data">
Send these files:<BR>
<INPUT TYPE="FILE" NAME="firstfile" SIZE="50"><BR>
<INPUT TYPE="FILE" NAME="secondfile" SIZE="50"><BR>
<INPUT TYPE="SUBMIT">
</FORM>

And in 'upload.php' have the following code:

<?PHP

$uploaddir = "uploads/";
$uploadfile1 = $uploaddir . $_FILES['firstfile']['name'];
$uploadfile2 = $uploaddir . $_FILES['secondfile']['name'];

if (!move_uploaded_file($_FILES['firstfile']['tmp_name'], $uploadfile1)) {
print "ERROR: File is invalid";
print_r($_FILES);
}

if (!move_uploaded_file($_FILES['secondfile']['tmp_name'], $uploadfile2)) {
print "ERROR: File is invalid";
print_r($_FILES);
}

?>
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

So i dont have to use an array?
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

Code: Select all

<?php 
if(!eregi("modules.php", $_SERVER&#1111;'PHP_SELF']))&#123; 
     die("You can't access this file directly..."); 
&#125; 

if ($_POST&#1111;'submit'])&#123;  //changed 

//these should come before the email 
$bandname=$_POST&#1111;'bandname']; 
$genra=$_POST&#1111;'genra']; 
$description=$_POST&#1111;'description']; 
$history=$_POST&#1111;'history']; 
$email=$_POST&#1111;'email']; 
$website=$_POST&#1111;'website']; 
$influences=$_POST&#1111;'influences']; 

//Email Variables (these work fine) 
$recipient = "mikegotnaild@hotmail.com"; 
$subject = "Bands Showcase Submission"; 
$message = "Band Name: $bandname, Genra: $genra, Band Description: $description, Band History: $history, Email: $email, Website: $website, Influences: $influences"; 
$subject=$_POST&#1111;'subject']; 

mail($recipient,$subject,$message); 

// upload action script. 
$uploaddir = $_SERVER&#1111;'DOCUMENT_ROOT'] . '/localmm/upload/';  //changed 
$uploadfile = $uploaddir . $_FILES&#1111;'imageupload']&#1111;'name'];
$uploadfile2 = $uploaddir . $_FILES&#1111;'mp3_1']&#1111;'name'];
$uploadfile3 = $uploaddir . $_FILES&#1111;'mp3_2']&#1111;'name'];
$uploadfile4 = $uploaddir . $_FILES&#1111;'mp3_3']&#1111;'name'];

 if (!move_uploaded_file($_FILES&#1111;'imageupload']&#1111;'tmp_name'], $uploadfile1)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125; 

   if (!move_uploaded_file($_FILES&#1111;'mp3_1']&#1111;'tmp_name'], $uploadfile2)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125;
   
   if (!move_uploaded_file($_FILES&#1111;'mp3_2']&#1111;'tmp_name'], $uploadfile3)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125;
   
   if (!move_uploaded_file($_FILES&#1111;'mp3_3']&#1111;'tmp_name'], $uploadfile4)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125;

//commented out the following line because it would prevent you from seeing the debugging info 
//header("Location: http://naild.com/localmm/modules.php?name=Bands_Showcase&file=sent"); 
&#125; 
?>
// So this is what i want?
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

Now im getting this error message im not even using ufile array now..

ERROR: File is invalidArray ( [ufile] => Array ( [name] => Array ( [0] => phpnuke.gif [1] => Ataris - Are We There Yet.mp3 [2] => The Ataris - Let It Go.mp3 ) [type] => Array ( [0] => image/gif [1] => audio/mpeg [2] => audio/mpeg ) [tmp_name] => Array ( [0] => /var/tmp/phpiFTzIZ [1] => /var/tmp/phpTkjkpk [2] => /var/tmp/phplJLXmX ) [error] => Array ( [0] => 0 [1] => 0 [2] => 0 ) [size] => Array ( [0] => 5034 [1] => 1061605 [2] => 1398619 ) ) ) ERROR: File is invalidArray ( [ufile] => Array ( [name] => Array ( [0] => phpnuke.gif [1] => Ataris - Are We There Yet.mp3 [2] => The Ataris - Let It Go.mp3 ) [type] => Array ( [0] => image/gif [1] => audio/mpeg [2] => audio/mpeg ) [tmp_name] => Array ( [0] => /var/tmp/phpiFTzIZ [1] => /var/tmp/phpTkjkpk [2] => /var/tmp/phplJLXmX ) [error] => Array ( [0] => 0 [1] => 0 [2] => 0 ) [size] => Array ( [0] => 5034 [1] => 1061605 [2] => 1398619 ) ) ) ERROR: File is invalidArray ( [ufile] => Array ( [name] => Array ( [0] => phpnuke.gif [1] => Ataris - Are We There Yet.mp3 [2] => The Ataris - Let It Go.mp3 ) [type] => Array ( [0] => image/gif [1] => audio/mpeg [2] => audio/mpeg ) [tmp_name] => Array ( [0] => /var/tmp/phpiFTzIZ [1] => /var/tmp/phpTkjkpk [2] => /var/tmp/phplJLXmX ) [error] => Array ( [0] => 0 [1] => 0 [2] => 0 ) [size] => Array ( [0] => 5034 [1] => 1061605 [2] => 1398619 ) ) ) ERROR: File is invalidArray ( [ufile] => Array ( [name] => Array ( [0] => phpnuke.gif [1] => Ataris - Are We There Yet.mp3 [2] => The Ataris - Let It Go.mp3 ) [type] => Array ( [0] => image/gif [1] => audio/mpeg [2] => audio/mpeg ) [tmp_name] => Array ( [0] => /var/tmp/phpiFTzIZ [1] => /var/tmp/phpTkjkpk [2] => /var/tmp/phplJLXmX ) [error] => Array ( [0] => 0 [1] => 0 [2] => 0 ) [size] => Array ( [0] => 5034 [1] => 1061605 [2] => 1398619 ) ) )
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

Could you please put that inside the

Code: Select all

tag so that we could see the formatting?

BTW, you will have to change your form if your going to do it that way, something like this:

Code: Select all

<?php
<input type="hidden" name="MAX_FILE_SIZE" value="500000" />
<br>Upload Image: <input name="imageupload" type="file" />
<input type="hidden" name="MAX_FILE_SIZE" value="3500000" />
<br>Upload mp3: <input name="mp3_1" type="file" />
<input type="hidden" name="MAX_FILE_SIZE" value="3500000" />
<br>Upload mp3: <input name="mp3_2" type="file" />
<input type="hidden" name="MAX_FILE_SIZE" value="7000000" />
<br>If Mp3 exceeds 3.5 mb Upload Here: <input name="mp3_3" type="file" />
?>
And also:

Code: Select all

<?php
$uploadfile = $uploaddir . $_FILES['imageupload']['name'];

// SHOULD BE

$uploadfile1 = $uploaddir . $_FILES['imageupload']['name'];
?>
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

yes i just fixed that and now im getting this error

ERROR: File is invalidArray ( [imageupload] => Array ( [name] => phpnuke.gif [type] => image/gif [tmp_name] => /var/tmp/php9kDy1L [error] => 0 [size] => 5034 ) [mp3upload1] => Array ( [name] => Ataris - Are We There Yet.mp3 [type] => audio/mpeg [tmp_name] => /var/tmp/phpXX0hHq [error] => 0 [size] => 1061605 ) [mp3upload2] => Array ( [name] => The Ataris - Let It Go.mp3 [type] => audio/mpeg [tmp_name] => /var/tmp/php0ZOMMs [error] => 0 [size] => 1398619 ) )

Ill post the code i have right now
mikegotnaild
Forum Contributor
Posts: 173
Joined: Sat Feb 14, 2004 5:59 pm

Post by mikegotnaild »

form

Code: Select all

<input type="hidden" name="MAX_FILE_SIZE" value="500000" />
<br>Upload Image: <center><input name="imageupload" type="file" /> </center> Max image size is 500kb
<input type="hidden" name="MAX_FILE_SIZE" value="3500000" />
<br>Upload mp3: <center><input name="mp3upload1" type="file" /> </center>&nbsp Max mp3 size is 3.5 mb.
<input type="hidden" name="MAX_FILE_SIZE" value="3500000" />
<br>Upload mp3: <center><input name="mp3upload2" type="file" /> </center>&nbsp Max mp3 size is 3.5 mb.
<input type="hidden" name="MAX_FILE_SIZE" value="7000000" />
<br>If Mp3 exceeds 3.5 mb Upload Here: <center><input name="mp3upload3" type="file" /> </center>
<center><i>If one of your mp3's exceeds 3.5 mb. You may only upload 1 mp3. But if they are 3.5mb or less you may upload 2. PLEASE ABIDE TO THIS RULE! If you do not. Your information will be discarded.</center></i>
<br><input type="submit" name="submit" value="Submit">
action

Code: Select all

// upload action script. 
$uploaddir = $_SERVER&#1111;'DOCUMENT_ROOT'] . '/localmm/upload/';  //changed 
$uploadfile1 = $uploaddir . $_FILES&#1111;'imageupload']&#1111;'name'];
$uploadfile2 = $uploaddir . $_FILES&#1111;'mp3upload1']&#1111;'name'];
$uploadfile3 = $uploaddir . $_FILES&#1111;'mp3upload2']&#1111;'name'];
$uploadfile4 = $uploaddir . $_FILES&#1111;'mp3upload3']&#1111;'name'];

 if (!move_uploaded_file($_FILES&#1111;'imageupload']&#1111;'tmp_name'], $uploadfile1)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125; 

   if (!move_uploaded_file($_FILES&#1111;'mp3upload1']&#1111;'tmp_name'], $uploadfile2)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125;
   
   if (!move_uploaded_file($_FILES&#1111;'mp3upload2']&#1111;'tmp_name'], $uploadfile3)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125;
   
   if (!move_uploaded_file($_FILES&#1111;'mp3upload3']&#1111;'tmp_name'], $uploadfile4)) &#123; 
       print "ERROR: File is invalid"; 
       print_r($_FILES); 
   &#125;

//commented out the following line because it would prevent you from seeing the debugging info 
//header("Location: http://naild.com/localmm/modules.php?name=Bands_Showcase&file=sent"); 
&#125;
Post Reply