Updated config file, didn't solve. Checked all URL's, nope!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
xterra
Forum Commoner
Posts: 69
Joined: Mon Mar 06, 2006 12:52 pm

Updated config file, didn't solve. Checked all URL's, nope!

Post by xterra »

I'm doing a simple image upload and basically as I'm sure all of you are aware no matter what tutorial I find on the internet the code is basically the same (for just simple image uploads).

But what I am finding is that it keeps returning "Possible image upload attack!".

I have changed the config file to the following:

"config.inc.php"


$cfg['UploadDir'] = 'http://www.mydomain.com/images/';


In my upload.php file:

Code: Select all

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = 'http://www.mydomain.com/images/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.\n";
} else {
   echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>
Notice the two upload directories are the same. It keeps saying possible image upload attack. The file size is only a few Kilobytes, it must have something to do with the directory that which I am trying to upload to.

Can anyone offer any advice? As far as I know there are no restrictions that would disable image uploads on my server. I mean I changed it in my config file.

Regards,
Rob.

User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Code: Select all

$uploaddir = 'http://www.mydomain.com/images/';
Needs to be something like...

Code: Select all

$uploaddir = '/home/username/www/html/website.com/images/';
xterra
Forum Commoner
Posts: 69
Joined: Mon Mar 06, 2006 12:52 pm

Post by xterra »

Ok so I'll try

Code: Select all

$uploaddir = '/home/username/www/html/domain.com/images/';
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

No, you will need to change the path to the path where your web site images folder is on the actualy server. If it's a unix server it will be something like the format above, otherwise it could be something like "C:/folder/folder/websites/mywebsite.com/images/"
xterra
Forum Commoner
Posts: 69
Joined: Mon Mar 06, 2006 12:52 pm

Post by xterra »

Thanks for responding.

Sorry I am a noob.

It is a Unix server. The directory looks like this, when I get to it through FileZilla, all my html files are under a folder called htdocs.

When i click the htdocs, all my files that I made are in there. Then, inside that htdocs, I have a folder called images. But, inside htdocs, but not images, there is phpMyAdmin.

So it looks like this:

htdocs

-----Welcome.html
-----submit.php
-----Images Folder
-----phpMyAdmin
-----------Config File


So the image directory is located:

myDomain.com/images/


And the PHP files are located:

myDomain.com/Submit.php


So then would it be:

$uploaddir = '/home/xterra/www/html/myDomain.com/images/';
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it might be best to base the path off $_SERVER['DOCUMENT_ROOT']
xterra
Forum Commoner
Posts: 69
Joined: Mon Mar 06, 2006 12:52 pm

Post by xterra »

That's a good idea.

I tried that, and just for testing purposes I outputted would it would be when I made the string (+images directory) and it looks good:

Code: Select all

$location=$_SERVER['DOCUMENT_ROOT'];
$imageName='images/';
$result="$location$imageName";



Makes:
/home/myUsername/htdocs/images/


Looks good. But I just put that PHP code in the config file so that would be the directory file, AND the upload file. But still doesn't work. Could this be something regarding permissions?
xterra
Forum Commoner
Posts: 69
Joined: Mon Mar 06, 2006 12:52 pm

Post by xterra »

Some more info:

Possible file upload attack!
Here is some more debugging info:Array
(
[userfile] => Array
(
[name] => t.bmp
[type] => image/bmp
[tmp_name] => /tmp/phpiy2BGp
[error] => 0
[size] => 11094
)

)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

Yes your images directory needs to have write permissions. Also (for security) you will need to add code to chmod the upload file to read only and ensure that it actually is an image.
xterra
Forum Commoner
Posts: 69
Joined: Mon Mar 06, 2006 12:52 pm

Post by xterra »

THANKS!!! IT WORKED!!!!!!!
Post Reply