Page 1 of 1

UPLOADING TROUBLE

Posted: Sun Apr 02, 2006 8:26 pm
by robjime
So ive been able to use this method in the past for uploading files locally.
When i moved it to my server it doesn't even get the value for $origname.
I checked the phpinfo and it says fileuploads are on.
Any suggestions?

Code: Select all

include ("pics_functions.php");

include ("settings.php");

$origname = $_FILES['userfile']['name'] ;

$tmp_name = $_FILES['userfile']['tmp_name'] ;

if(empty($origname)) {
   $error += "No PHOTO";
}
$newuploadDir = $uploadDir;

$uploadFileDir = $newuploadDir ."/" . $origname;

$origname = strtolower($origname);

if (( strpos($origname,".jpg") !== false  
     || strpos($origname,".jpeg") !== false  
		   )    )       
  {  
	if(strpos($origname,".jpg") || strpos($origname,".jpeg")) {

		if (move_uploaded_file($tmp_name, $uploadFileDir)){

			if(resizejpg($x, $y, $uploadFileDir, $uploadFileDir, 0)) { 									//success total
								
			}
                        else {
                             echo "Unable to resize photo.<br>Photo not uploaded.";
                             unlink($uploadFileDir);
                             $error += "No Rezise";
                             }

                        
		}else { 
                      echo "Can't photo file!?!?!!?!?!?!?!<br>Photo not uploaded.";
                      unlink($uploadFileDir);
                      $error += "no movement";
                      }
	}else {
              echo "This isn't a JPEG.<br>File not uploaded.";
              unlink($uploadFileDir);
              $error += "Not a JPEG";        
              }   
}

Posted: Sun Apr 02, 2006 9:18 pm
by josh

Code: Select all

$error += "No Rezise";
???



Did you try print_r($_FILES); ? Also see if you're not uploading a file too large

Posted: Sun Apr 02, 2006 9:21 pm
by John Cartwright
what does

Code: Select all

echo '<pre>'; print_r($_FILES); echo '</pre>';
return??

Edit | damn too slow.. must resist when nature calls next time :P

Posted: Sun Apr 02, 2006 9:31 pm
by feyd
+= doesn't work with strings..

Posted: Sun Apr 02, 2006 9:42 pm
by John Cartwright
you have repeating logic here as well. This allows allows for someone to simply change the extension of an image file to a jpg.. and possibly run malicious code on your webserver.
Instead, guarantee it is an image using using getimagesize()

Code: Select all

if (( strpos($origname,".jpg") !== false  
     || strpos($origname,".jpeg") !== false  
           )    )       
  {  
    if(strpos($origname,".jpg") || strpos($origname,".jpeg")) {
can be changed to

Code: Select all

$image = getimagesize($origname);

//make sure is jpg
if ($image !== false && $image[2] == 3) {

Posted: Tue Apr 04, 2006 9:52 am
by robjime
THANKS