Page 1 of 3
Uploading a txt file problem (example script)...
Posted: Thu Jul 08, 2004 2:05 pm
by jonas
Code: Select all
<?php
include("dbconnection/connect_db.inc.php");
if ($HTTP_POST_VARSї'submit']) {
print_r($HTTP_POST_FILES);
if (!is_uploaded_file($HTTP_POST_FILESї'file']ї'tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=10240;
if ($HTTP_POST_FILESї'file']ї'size'] > $maxfilesize) {
$error = "file is too large";
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
if ($HTTP_POST_FILESї'file']ї'type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILESї'file']ї'tmp_name'],"faqs/".$HTTP_POST_FILESї'file']ї'name']);
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
print "File has been successfully uploaded!";
exit;
}
}
}
}
?>
<html>
<head></head>
<body>
<form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data">
<?=$error?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
So I have my script here and I've tested it out. I get this error:
Array ( [file] => Array ( [name] => dvdlist.txt [type] => text/plain [tmp_name] => /home/virtual/tmp/phpCAPTLV [error] => 0 [size] => 997 ) )
Warning: copy(faqs/dvdlist.txt): failed to open stream: Permission denied in /usr/home/virtual/bolt3.com/webroot/htdocs/uploadtest.php on line 24
File has been successfully uploaded!
Problem is, it isn't being uploaded because of the permission error. I know it's something to do with not having the FTP information but how do I give it that information so it can upload a txt file into this folder?
Thanks a lot. Any pointers on the script would be helpful too..
Posted: Thu Jul 08, 2004 2:07 pm
by Joe
Did you set the directory permissions? A CHMOD of 777 should do the trick but I am not too sure on the security aspects of this method...
chmod("/directory", 0777);
CHMOD
Posted: Thu Jul 08, 2004 2:09 pm
by jonas
Ah yes, I forgot that. Thanks a bundle.
Posted: Thu Jul 08, 2004 2:12 pm
by Joe
No problem!
Posted: Thu Jul 08, 2004 2:13 pm
by jonas
Actually, new problem. I only want them to be able to upload a .txt file.
It seems with this script, you can also upload .html and .php files which isn't good at all... so how do i restrict it to only .txt
Posted: Thu Jul 08, 2004 2:15 pm
by Joe
if ($_FILES['file']['type'] != "text/plain")
{
Statement
}
Along the lines of the above code!
Posted: Thu Jul 08, 2004 2:18 pm
by jonas
Yeah I have that in my script but it seems text/plain also accepts .php

Posted: Thu Jul 08, 2004 2:22 pm
by Joe
Thats odd. (perhaps thats just the way it works) I would seriously consider having a good look over your code jonas. To help you out a little heres some file supports:
'text/html',
'text/plain',
'text/css',
'image/gif',
'image/x-png',
'image/jpeg',
'image/tiff',
'image/x-ms-bmp',
'audio/x-wav',
'application/x-pn-realaudio',
'video/mpeg',
'video/quicktime',
'video/x-msvideo',
'application/postscript',
'application/rtf',
'application/pdf',
'application/x-pdf',
'application/x-gtar',
'application/x-tar',
'application/zip',
'application/x-zip-compressed',
'application/mac-binhex40',
'application/x-stuffit',
'application/octet-stream',
'text/javascript',
'application/x-javascript',
'application/x-sh',
'application/x-csh',
'application/x-perl',
'application/x-tcl',
'application/vnd.ms-powerpoint',
'application/ms-powerpoint',
'application/vnd.ms-excel',
'application/msword',
'video/avi',
'java/*',
'application/java',
'image/x-icon',
'image/bmp',
'image/pjpeg',
'application/x-bittorrent',
'audio/mpeg'
Posted: Thu Jul 08, 2004 2:24 pm
by jonas
Yeah I tried uploading various other file types and I get lots of those... even .html is not allowed in but for some reason .php is accepted for text/plain.
Posted: Thu Jul 08, 2004 2:25 pm
by Joe
Why not try:
if (eregi(".php", $file))
{
echo "Error";
}
Posted: Thu Jul 08, 2004 2:35 pm
by jonas
Code: Select all
if ($HTTP_POST_VARSї'submit']) {
print_r($HTTP_POST_FILES);
if (!is_uploaded_file($HTTP_POST_FILESї'file']ї'tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if (eregi(".php", $file)) {
$error = "This file type is not allowed.";
} elseif ($HTTP_POST_FILESї'file']ї'size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILESї'file']ї'type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILESї'file']ї'tmp_name'],"faqs/".$HTTP_POST_FILESї'file']ї'name']);
unlink($HTTP_POST_FILESї'file']ї'tmp_name']);
print "File has been successfully uploaded!";
exit;
}
}
}
I put it in, but now it won't accept .txt files either.
Posted: Thu Jul 08, 2004 2:37 pm
by Joe
Try and post the filename: $file = $_POST['file'];
Make sure that the file field is actually called "file", Also try putting the eregi() at the top before the upload process!
Posted: Thu Jul 08, 2004 2:39 pm
by jonas
I tried using $HTTP_POST_FILES['file'] instead of $file in the eregi path but that allows both .txt and .php even still.
Posted: Thu Jul 08, 2004 2:42 pm
by Joe
TRY This exact code:
Code: Select all
$file = $_POST['file'];
if (eregi(".php", $file))
{
echo "This file type is not allowed."; //Do not use a variable to hold the error
exit;
}
if ($HTTP_POST_VARS['submit']) {
print_r($HTTP_POST_FILES);
if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
unlink($HTTP_POST_FILES['file']['tmp_name']);
print "File has been successfully uploaded!";
exit;
}
}
}
Posted: Thu Jul 08, 2004 2:45 pm
by jonas
Well I'm using the script in the first post... the second posted script is just the first one edited a bit.
I'm having no luck with the eregi either....