PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
robjime
Forum Commoner
Posts: 46 Joined: Sat Apr 03, 2004 12:26 pm
Location: the RO
Post
by robjime » Sun Apr 02, 2006 8:26 pm
So ive been able to use this method in the past for uploading files locally.
When i moved it to my server it doesn't even get the value for $origname.
I checked the phpinfo and it says fileuploads are on.
Any suggestions?
Code: Select all
include ("pics_functions.php");
include ("settings.php");
$origname = $_FILES['userfile']['name'] ;
$tmp_name = $_FILES['userfile']['tmp_name'] ;
if(empty($origname)) {
$error += "No PHOTO";
}
$newuploadDir = $uploadDir;
$uploadFileDir = $newuploadDir ."/" . $origname;
$origname = strtolower($origname);
if (( strpos($origname,".jpg") !== false
|| strpos($origname,".jpeg") !== false
) )
{
if(strpos($origname,".jpg") || strpos($origname,".jpeg")) {
if (move_uploaded_file($tmp_name, $uploadFileDir)){
if(resizejpg($x, $y, $uploadFileDir, $uploadFileDir, 0)) { //success total
}
else {
echo "Unable to resize photo.<br>Photo not uploaded.";
unlink($uploadFileDir);
$error += "No Rezise";
}
}else {
echo "Can't photo file!?!?!!?!?!?!?!<br>Photo not uploaded.";
unlink($uploadFileDir);
$error += "no movement";
}
}else {
echo "This isn't a JPEG.<br>File not uploaded.";
unlink($uploadFileDir);
$error += "Not a JPEG";
}
}
josh
DevNet Master
Posts: 4872 Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida
Post
by josh » Sun Apr 02, 2006 9:18 pm
???
Did you try print_r($_FILES); ? Also see if you're not uploading a file too large
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Sun Apr 02, 2006 9:21 pm
what does
Code: Select all
echo '<pre>'; print_r($_FILES); echo '</pre>';
return??
Edit | damn too slow.. must resist when nature calls next time
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Apr 02, 2006 9:31 pm
+= doesn't work with strings..
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Sun Apr 02, 2006 9:42 pm
you have repeating logic here as well. This allows allows for someone to simply change the extension of an image file to a jpg.. and possibly run malicious code on your webserver.
Instead, guarantee it is an image using using getimagesize()
Code: Select all
if (( strpos($origname,".jpg") !== false
|| strpos($origname,".jpeg") !== false
) )
{
if(strpos($origname,".jpg") || strpos($origname,".jpeg")) {
can be changed to
Code: Select all
$image = getimagesize($origname);
//make sure is jpg
if ($image !== false && $image[2] == 3) {
robjime
Forum Commoner
Posts: 46 Joined: Sat Apr 03, 2004 12:26 pm
Location: the RO
Post
by robjime » Tue Apr 04, 2006 9:52 am
THANKS