Upload file, need help.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
vigour
Forum Newbie
Posts: 18
Joined: Thu Sep 29, 2005 2:04 am

Upload file, need help.

Post by vigour »

I need help with this code. I'm trying to upload a file but I always get the error message: Possible file upload attack!

I don't understand why.

Can someone please help me?

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Untitled Document</title>
</head>
<body>

<form action="test_upload.php" method="post" enctype="multipart/form-data"> 
<p>Pictures: 
<input type="file" name="pictures" /> 
<input type="submit" value="Send" /> 
</p> 
</form>  

</body>
</html>




Code: Select all

<?
$uploaddir = '/pictures/upload/'; 
$uploadfile = $uploaddir . basename($_FILES['pictures']['name']); 
if (move_uploaded_file($_FILES['pictures']['tmp_name'], $uploadfile))
	{ 
   	echo "File is valid, and was successfully uploaded.\n"; 
	} 
else
	{ 
   	echo "Possible file upload attack!\n"; 
	} 
//echo basename($_FILES['pictures']['name']);
echo '<br>';
echo $uploadfile;
?>
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

You probably need the full path for the upload_dir

Code: Select all

$uploaddir = $_SERVER['DOCUMENT_ROOT]."/pictures/upload/";
vigour
Forum Newbie
Posts: 18
Joined: Thu Sep 29, 2005 2:04 am

Post by vigour »

Pimptastic wrote:You probably need the full path for the upload_dir

Code: Select all

$uploaddir = $_SERVER['DOCUMENT_ROOT]."/pictures/upload/";
Sorry, that did not help, same error message.
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

in your else statement put this and post what it returns

Code: Select all

echo "<pre>";
print_r($_FILES);
echo "</pre>";
vigour
Forum Newbie
Posts: 18
Joined: Thu Sep 29, 2005 2:04 am

Post by vigour »

Pimptastic wrote:in your else statement put this and post what it returns

Code: Select all

echo "<pre>";
print_r($_FILES);
echo "</pre>";
This is what it returned:

Array
(
[pictures] => Array
(
[name] => 0003s.gif
[type] => image/gif
[tmp_name] => /var/tmp/phpEl44mP
[error] => 0
[size] => 2093
)

)

If I'm not totally wrong the error code 0 means no error, but if that's the case I don't understand why there is no picture in my folder after the upload.
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Post by JayBird »

vigour wrote:If I'm not totally wrong the error code 0 means no error, but if that's the case I don't understand why there is no picture in my folder after the upload.
Yes, the file was upload correctly, but the part it fails on is moving the uploaded file, to the place you want to store it.

Im pretty sure it is a file path error...are you using the full server path for $uploaddir
User avatar
trukfixer
Forum Contributor
Posts: 174
Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA

Post by trukfixer »

If you are going to use a relative path like this:

Code: Select all

$uploaddir = '/pictures/upload/';
make sure you either use no leading slash, or use a dot slash thus:

Code: Select all

$uploaddir = './pictures/upload/'; //relative path from "./" (this directory)  

//OR


$uploaddir = 'pictures/upload/';//no leading slash - relative path
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

you also want to consider using the function realpath()

:)
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Make sure the folder you are trying to move the file to has a CHMod of 0775 (or 0777).
Post Reply