UPLOADING TROUBLE

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
robjime
Forum Commoner
Posts: 46
Joined: Sat Apr 03, 2004 12:26 pm
Location: the RO

UPLOADING TROUBLE

Post by robjime »

So ive been able to use this method in the past for uploading files locally.
When i moved it to my server it doesn't even get the value for $origname.
I checked the phpinfo and it says fileuploads are on.
Any suggestions?

Code: Select all

include ("pics_functions.php");

include ("settings.php");

$origname = $_FILES['userfile']['name'] ;

$tmp_name = $_FILES['userfile']['tmp_name'] ;

if(empty($origname)) {
   $error += "No PHOTO";
}
$newuploadDir = $uploadDir;

$uploadFileDir = $newuploadDir ."/" . $origname;

$origname = strtolower($origname);

if (( strpos($origname,".jpg") !== false  
     || strpos($origname,".jpeg") !== false  
		   )    )       
  {  
	if(strpos($origname,".jpg") || strpos($origname,".jpeg")) {

		if (move_uploaded_file($tmp_name, $uploadFileDir)){

			if(resizejpg($x, $y, $uploadFileDir, $uploadFileDir, 0)) { 									//success total
								
			}
                        else {
                             echo "Unable to resize photo.<br>Photo not uploaded.";
                             unlink($uploadFileDir);
                             $error += "No Rezise";
                             }

                        
		}else { 
                      echo "Can't photo file!?!?!!?!?!?!?!<br>Photo not uploaded.";
                      unlink($uploadFileDir);
                      $error += "no movement";
                      }
	}else {
              echo "This isn't a JPEG.<br>File not uploaded.";
              unlink($uploadFileDir);
              $error += "Not a JPEG";        
              }   
}
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

Code: Select all

$error += "No Rezise";
???



Did you try print_r($_FILES); ? Also see if you're not uploading a file too large
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

what does

Code: Select all

echo '<pre>'; print_r($_FILES); echo '</pre>';
return??

Edit | damn too slow.. must resist when nature calls next time :P
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

+= doesn't work with strings..
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

you have repeating logic here as well. This allows allows for someone to simply change the extension of an image file to a jpg.. and possibly run malicious code on your webserver.
Instead, guarantee it is an image using using getimagesize()

Code: Select all

if (( strpos($origname,".jpg") !== false  
     || strpos($origname,".jpeg") !== false  
           )    )       
  {  
    if(strpos($origname,".jpg") || strpos($origname,".jpeg")) {
can be changed to

Code: Select all

$image = getimagesize($origname);

//make sure is jpg
if ($image !== false && $image[2] == 3) {
robjime
Forum Commoner
Posts: 46
Joined: Sat Apr 03, 2004 12:26 pm
Location: the RO

Post by robjime »

THANKS
Post Reply