PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
vigour
Forum Newbie
Posts: 18 Joined: Thu Sep 29, 2005 2:04 am
Post
by vigour » Mon Nov 21, 2005 2:57 am
I need help with this code. I'm trying to upload a file but I always get the error message: Possible file upload attack!
I don't understand why.
Can someone please help me?
Code: Select all
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<form action="test_upload.php" method="post" enctype="multipart/form-data">
<p>Pictures:
<input type="file" name="pictures" />
<input type="submit" value="Send" />
</p>
</form>
</body>
</html>
Code: Select all
<?
$uploaddir = '/pictures/upload/';
$uploadfile = $uploaddir . basename($_FILES['pictures']['name']);
if (move_uploaded_file($_FILES['pictures']['tmp_name'], $uploadfile))
{
echo "File is valid, and was successfully uploaded.\n";
}
else
{
echo "Possible file upload attack!\n";
}
//echo basename($_FILES['pictures']['name']);
echo '<br>';
echo $uploadfile;
?>
JayBird
Admin
Posts: 4524 Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:
Post
by JayBird » Mon Nov 21, 2005 3:24 am
You probably need the full path for the upload_dir
Code: Select all
$uploaddir = $_SERVER['DOCUMENT_ROOT]."/pictures/upload/";
vigour
Forum Newbie
Posts: 18 Joined: Thu Sep 29, 2005 2:04 am
Post
by vigour » Mon Nov 21, 2005 3:36 am
Pimptastic wrote: You probably need the full path for the upload_dir
Code: Select all
$uploaddir = $_SERVER['DOCUMENT_ROOT]."/pictures/upload/";
Sorry, that did not help, same error message.
JayBird
Admin
Posts: 4524 Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:
Post
by JayBird » Mon Nov 21, 2005 4:02 am
in your else statement put this and post what it returns
Code: Select all
echo "<pre>";
print_r($_FILES);
echo "</pre>";
vigour
Forum Newbie
Posts: 18 Joined: Thu Sep 29, 2005 2:04 am
Post
by vigour » Mon Nov 21, 2005 4:09 am
Pimptastic wrote: in your else statement put this and post what it returns
Code: Select all
echo "<pre>";
print_r($_FILES);
echo "</pre>";
This is what it returned:
Array
(
[pictures] => Array
(
[name] => 0003s.gif
[type] => image/gif
[tmp_name] => /var/tmp/phpEl44mP
[error] => 0
[size] => 2093
)
)
If I'm not totally wrong the error code 0 means no error, but if that's the case I don't understand why there is no picture in my folder after the upload.
JayBird
Admin
Posts: 4524 Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:
Post
by JayBird » Mon Nov 21, 2005 4:15 am
vigour wrote: If I'm not totally wrong the error code 0 means no error, but if that's the case I don't understand why there is no picture in my folder after the upload.
Yes, the file was upload correctly, but the part it fails on is moving the uploaded file, to the place you want to store it.
Im pretty sure it is a file path error...are you using the
full server path for $uploaddir
trukfixer
Forum Contributor
Posts: 174 Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA
Post
by trukfixer » Mon Nov 21, 2005 8:35 am
If you are going to use a relative path like this:
make sure you either use no leading slash, or use a dot slash thus:
Code: Select all
$uploaddir = './pictures/upload/'; //relative path from "./" (this directory)
//OR
$uploaddir = 'pictures/upload/';//no leading slash - relative path
Jenk
DevNet Master
Posts: 3587 Joined: Mon Sep 19, 2005 6:24 am
Location: London
Post
by Jenk » Mon Nov 21, 2005 8:41 am
you also want to consider using the function
realpath()
Grim...
DevNet Resident
Posts: 1445 Joined: Tue May 18, 2004 5:32 am
Location: London, UK
Post
by Grim... » Mon Nov 21, 2005 11:42 am
Make sure the folder you are trying to move the file to has a CHMod of 0775 (or 0777).