Page 1 of 1

File upload not working correctly?

Posted: Tue May 10, 2005 11:35 am
by Jr
I have a file upload script that seems to have worked correctly before but doesn't now (not sure what I did). Anyway, it looks like it uploads the file and seems to be on the server after it 'says' it uploads but when I download it from a simple little 'href' link it says that the file is corrupt, doesn't download or that something is missing from the file (like it's not uploading correctly). Can someone help?

Code: Select all

print "<table width='$titlewide' $border>";
		print "<form enctype='multipart/form-data' action='upload.php?action=upload_send' method='post'>"; //upload_send
		print "<input type='hidden' name='MAX_FILE_SIZE' value='943718400'>"; // Limit upload.php will POST is 900-MB but limit upload_send.php will actually send is only 3-MB
		
		print "<tr height='10px'>";
			print "<td></td>";
			print "<td></td>";
		print "</tr>";
		print "<tr height='30px'>";
			print "<td width='6%'></td>";
			print "<td>Click browse to upload a file:</td>";
		print "</tr>";
		print "<tr height='30px'>";
			print "<td></td>";
			print "<td><input name='userfile' type='file'></td>";
		print "</tr>";
		print "<tr height='30px'>";
			print "<td></td>";
			print "<td><input type='submit' value='Upload'></td>";
		print "</tr>";

Code: Select all

/////////////  Get File Info.  \\\\\\\\\\\\\\
	$file_name = $_FILES['userfile']['name'];
	$file_type = $_FILES['userfile']['type'];
	$file_size = $_FILES['userfile']['size'];
	
	/////////////  Print File Info.  \\\\\\\\\\\\\\
	print "<br>File Name: $file_name";
	print "<br>File Type: $file_type";
	print "<br>File Size: $file_size"." kb";
	
	/////////////  Insert File Info. into DB  \\\\\\\\\\\\\\
	$result = mysql_query("INSERT INTO files (file_name, file_type, file_size, upload_date) VALUES('$file_name', '$file_type', '$file_size', now())")
	or die(mysql_error());
	
	
	
	// #################################### -- UPLOAD FILE SCRIPT -- #####################################
	
	set_time_limit(90); // Changes FTP time-out limit from 30 seconds to X
	
	print "<table width='$titlewide'>";
		print "<tr align='center'>";
			print "<td>Uploading File...</td>";
		print "</tr>";
	
		IF ( $userfile != "" )
		{
			IF ( $file_size == 0 )
				{ print "<tr><td>Uploaded file has no file size</td></tr>"; }
				
			IF ( $file_size > 3145728 ) // Limit (upload.php?action=upload_send) will POST is 900-MB -but- Limit upload_send.php will only send 3-MB
				{ print "<tr><td>Uploaded file is too large must be under 3,145,728 bytes</td></tr>"; }
			
		/*
			IF ($userfile_type != "image/pjpeg" OR $userfile_type != "image/gif")
				{ print "Your uploaded file must be of JPG or GIF. Other file types are not allowed"; }
				
			IF ( $userfile_type != "text/plain" )
				{ print "<tr><td>File is not plain text</td></tr>"; }
		*/
			
			IF ( !is_uploaded_file($userfile) )
				{ print "<tr><td>Possible file upload attack</td></tr>"; }
			
			
			$upfile = "/home2/darule/public_html/files/".$userfile_name;
			
			IF ( !copy($userfile, $upfile) )
			{
				print "<tr><td>Could not move file into directory</td></tr>";
			}
			ELSE
			{
				print "<tr><td>File uploaded successfully!</td></tr>";
				$fp = fopen($upfile, "r");
				$contents = fread ($fp, filesize($upfile));
				fclose ($fp);
				
				$contents = strip_tags($contents);
				$fp = fopen($upfile, "w");
				fwrite($fp, $contents);
				fclose($fp);
	
				print "<tr align=\"center\"><td height=\"80px\"><p>Go back to <a href=\"upload.php\">Upload</a> page or go <a href=\"index.php\">Home</a>?</td></tr>";
				print "<tr><td><hr></td></tr>";
		
				print "<tr><td><br><b>File Uploaded:</b></td></tr>";
					IF ( $contents == "text/plain" )
					{
						print "<tr><td><p>Contents of File:</td></tr> <tr><td>$contents</td></tr>";
					}
					ELSE
					{
						print "<tr><td><p>$userfile_name</td></tr>";
					}
			}
		}
		ELSE
		{
			print "<tr><td>There is no file to upload</td></tr>";
		}
		print "</table>";
		
	include("nav_bottom.inc");
	
	
	function is_uploaded_file($filename) {
		if ( !$tmp_file = get_cfg_var('upload_tmp_dir')) {
			$tmp_file = dirname(tempnam('', ''));
		}
		$tmp_file .= '/' . basename($filename);
		/* User might have trailing slash in php.ini... */
		return (ereg_replace('/+', '/', $tmp_file) == $filename);
	}
d11wtq | Please use

Code: Select all

tags instead of

Code: Select all

tags when posting PHP code[/color][/size]

Posted: Tue May 10, 2005 3:25 pm
by hongco
line 46, $userfile_name was not defined. I couldn't find it anywhere else.

Posted: Tue May 10, 2005 5:47 pm
by Jr
I ended up just changing this completely and got it to work. Thanks anyway!