Page 1 of 3

Uploading a txt file problem (example script)...

Posted: Thu Jul 08, 2004 2:05 pm
by jonas

Code: Select all

<?php
include("dbconnection/connect_db.inc.php");
if ($HTTP_POST_VARS&#1111;'submit']) &#123;
  print_r($HTTP_POST_FILES);
  if (!is_uploaded_file($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name'])) &#123;
    $error = "You did not upload a file!";
    unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
    // assign error message, remove uploaded file, redisplay form.
  &#125; else &#123;
    //a file was uploaded
    $maxfilesize=10240;

    if ($HTTP_POST_FILES&#1111;'file']&#1111;'size'] > $maxfilesize) &#123;
      $error = "file is too large";
      unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
      // assign error message, remove uploaded file, redisplay form.
    &#125; else &#123;
      if ($HTTP_POST_FILES&#1111;'file']&#1111;'type'] != "text/plain") &#123; 
        $error = "This file type is not allowed";
        unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
        // assign error message, remove uploaded file, redisplay form.
      &#125; else &#123;
       //File has passed all validation, copy it to the final destination and remove the temporary file:
       copy($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name'],"faqs/".$HTTP_POST_FILES&#1111;'file']&#1111;'name']);
       unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
       print "File has been successfully uploaded!";
       exit;
     &#125;
    &#125; 
  &#125;
&#125;
?>

<html>
<head></head>
<body>
<form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data">
<?=$error?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
So I have my script here and I've tested it out. I get this error:
Array ( [file] => Array ( [name] => dvdlist.txt [type] => text/plain [tmp_name] => /home/virtual/tmp/phpCAPTLV [error] => 0 [size] => 997 ) )
Warning: copy(faqs/dvdlist.txt): failed to open stream: Permission denied in /usr/home/virtual/bolt3.com/webroot/htdocs/uploadtest.php on line 24
File has been successfully uploaded!


Problem is, it isn't being uploaded because of the permission error. I know it's something to do with not having the FTP information but how do I give it that information so it can upload a txt file into this folder?

Thanks a lot. Any pointers on the script would be helpful too..

Posted: Thu Jul 08, 2004 2:07 pm
by Joe
Did you set the directory permissions? A CHMOD of 777 should do the trick but I am not too sure on the security aspects of this method...

chmod("/directory", 0777); CHMOD

Posted: Thu Jul 08, 2004 2:09 pm
by jonas
Ah yes, I forgot that. Thanks a bundle.

Posted: Thu Jul 08, 2004 2:12 pm
by Joe
No problem!

Posted: Thu Jul 08, 2004 2:13 pm
by jonas
Actually, new problem. I only want them to be able to upload a .txt file.

It seems with this script, you can also upload .html and .php files which isn't good at all... so how do i restrict it to only .txt

Posted: Thu Jul 08, 2004 2:15 pm
by Joe
if ($_FILES['file']['type'] != "text/plain")
{
Statement
}

Along the lines of the above code!

Posted: Thu Jul 08, 2004 2:18 pm
by jonas
Yeah I have that in my script but it seems text/plain also accepts .php
:)

Posted: Thu Jul 08, 2004 2:22 pm
by Joe
Thats odd. (perhaps thats just the way it works) I would seriously consider having a good look over your code jonas. To help you out a little heres some file supports:

'text/html',
'text/plain',
'text/css',
'image/gif',
'image/x-png',
'image/jpeg',
'image/tiff',
'image/x-ms-bmp',
'audio/x-wav',
'application/x-pn-realaudio',
'video/mpeg',
'video/quicktime',
'video/x-msvideo',
'application/postscript',
'application/rtf',
'application/pdf',
'application/x-pdf',
'application/x-gtar',
'application/x-tar',
'application/zip',
'application/x-zip-compressed',
'application/mac-binhex40',
'application/x-stuffit',
'application/octet-stream',
'text/javascript',
'application/x-javascript',
'application/x-sh',
'application/x-csh',
'application/x-perl',
'application/x-tcl',
'application/vnd.ms-powerpoint',
'application/ms-powerpoint',
'application/vnd.ms-excel',
'application/msword',
'video/avi',
'java/*',
'application/java',
'image/x-icon',
'image/bmp',
'image/pjpeg',
'application/x-bittorrent',
'audio/mpeg'

Posted: Thu Jul 08, 2004 2:24 pm
by jonas
Yeah I tried uploading various other file types and I get lots of those... even .html is not allowed in but for some reason .php is accepted for text/plain.

Posted: Thu Jul 08, 2004 2:25 pm
by Joe
Why not try:

if (eregi(".php", $file))
{
echo "Error";
}

Posted: Thu Jul 08, 2004 2:35 pm
by jonas

Code: Select all

if ($HTTP_POST_VARS&#1111;'submit']) &#123;
  print_r($HTTP_POST_FILES);
  if (!is_uploaded_file($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name'])) &#123;
    $error = "You did not upload a file!";
    unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
    // assign error message, remove uploaded file, redisplay form.
  &#125; else &#123;
    //a file was uploaded
    $maxfilesize=3000000;

    if (eregi(".php", $file)) &#123; 
      $error = "This file type is not allowed."; 
    &#125; elseif ($HTTP_POST_FILES&#1111;'file']&#1111;'size'] > $maxfilesize) &#123;
      $error = "This file is too large";
      unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
      // assign error message, remove uploaded file, redisplay form.
    &#125; elseif ($HTTP_POST_FILES&#1111;'file']&#1111;'type'] != "text/plain") &#123; 
        $error = "This file type is not allowed";
        unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
        // assign error message, remove uploaded file, redisplay form.
      &#125; else &#123;
       //File has passed all validation, copy it to the final destination and remove the temporary file:
       copy($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name'],"faqs/".$HTTP_POST_FILES&#1111;'file']&#1111;'name']);
       unlink($HTTP_POST_FILES&#1111;'file']&#1111;'tmp_name']);
       print "File has been successfully uploaded!";
       exit;
     &#125;
   &#125; 
&#125;

I put it in, but now it won't accept .txt files either.

Posted: Thu Jul 08, 2004 2:37 pm
by Joe
Try and post the filename: $file = $_POST['file'];

Make sure that the file field is actually called "file", Also try putting the eregi() at the top before the upload process!

Posted: Thu Jul 08, 2004 2:39 pm
by jonas
I tried using $HTTP_POST_FILES['file'] instead of $file in the eregi path but that allows both .txt and .php even still.

Posted: Thu Jul 08, 2004 2:42 pm
by Joe
TRY This exact code:

Code: Select all

$file = $_POST['file']; 

if (eregi(".php", $file)) 
{
 echo "This file type is not allowed."; //Do not use a variable to hold the error
 exit;
}

if ($HTTP_POST_VARS['submit']) {
  print_r($HTTP_POST_FILES);
  if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
    $error = "You did not upload a file!";
    unlink($HTTP_POST_FILES['file']['tmp_name']);
    // assign error message, remove uploaded file, redisplay form.
  } else {
    //a file was uploaded
    $maxfilesize=3000000;

    if ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
      $error = "This file is too large";
      unlink($HTTP_POST_FILES['file']['tmp_name']);
      // assign error message, remove uploaded file, redisplay form.
    } elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
        $error = "This file type is not allowed";
        unlink($HTTP_POST_FILES['file']['tmp_name']);
        // assign error message, remove uploaded file, redisplay form.
      } else {
       //File has passed all validation, copy it to the final destination and remove the temporary file:
       copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
       unlink($HTTP_POST_FILES['file']['tmp_name']);
       print "File has been successfully uploaded!";
       exit;
     }
   }
}

Posted: Thu Jul 08, 2004 2:45 pm
by jonas
Well I'm using the script in the first post... the second posted script is just the first one edited a bit.

I'm having no luck with the eregi either....