File Uploading error

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
DuffMAn
Forum Newbie
Posts: 17
Joined: Thu Apr 03, 2003 4:53 pm

File Uploading error

Post by DuffMAn »

I have this error when I upload files

Warning: open_basedir restriction in effect. File is in wrong directory in /home/webcindario/php-test/uploadprueba.php on line 27

here is the code

<HTML>
<TITLE>
File upload
</title>
<body>
<B>File upload</b>
<form enctype="multipart/form-data" action="<?PHP echo $PHP_SELF ?>" method="post">
<!-- "MAX_FILE_SIZE" determines the biggest size an uploaded file can occupy -->
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
Send this file:
 <input name="userfile" type="file">
<input type="submit" name="submit" value="Send File">
</form>
</body>
<?php
/*
$userfile - The temporary filename in which the uploaded file was stored on the server machine.
$userfile_name - The original name or path of the file on the sender's system.
$userfile_size - The size of the uploaded file in bytes.
$userfile_type - The mime type of the file if the browser provided this information. An example would be "image/gif".
 
*/
// copy to this directory
$dir="./home/webcindario/php-test/";
if ($submit){
copy($userfile,$dir.$userfile_name);
if (!is_uploaded_file ($userfile)){
echo "<b>$userfile_name</b> couldn't be copied !!";
}
}
// check whether it has been uploaded
if (is_uploaded_file ($userfile)){
echo "
<b>$userfile_name</b> copied succesfully !!";



?>
</html>


I´m using a free web hosting if it help.
User avatar
mchaggis
Forum Contributor
Posts: 150
Joined: Mon Mar 24, 2003 10:31 am
Location: UK

Post by mchaggis »

for starters you have a dot in the destination dir which I don't think you want:

Code: Select all

// copy to this directory 
$dir="./home/webcindario/php-test/";
The second thing to check is that permissions are correct, ie you may find you need to create subdir and chmod a+rw it :?

Also,

Code: Select all

copy($userfile,$dir.$userfile_name);
is dagerous, as it looks like your uploading into same dir as the scripts without renaming the file, so what will happen if someone uploads a file called index.php?

The finall thing to be aware of is, the is_uploaded_file function should be used for sanity checking and to to check if the file has been successfully dealt with. So rather than:

Code: Select all

if ($submit)&#123; 
copy($userfile,$dir.$userfile_name); 
if (!is_uploaded_file ($userfile))&#123; 
echo "<b>$userfile_name</b> couldn't be copied !!"; 
&#125;
you want:

Code: Select all

if (is_uploaded_file)&#123; 
copy($userfile,$dir.$userfile_name); 
if (!is_uploaded_file ($userfile))&#123; 
echo "<b>$userfile_name</b> couldn't be copied !!"; 
&#125; else &#123;
echo "No Upload happened";
&#125;
User avatar
DuffMAn
Forum Newbie
Posts: 17
Joined: Thu Apr 03, 2003 4:53 pm

Post by DuffMAn »

well I remove the dot in the $dir var, but the same error appear.
Second, is a free web hosting, so how I check the permision?, (Using Windows 98)
Third, I guess the path /home/webcindario/php-test/ is correct, because I have index.php.
User avatar
mchaggis
Forum Contributor
Posts: 150
Joined: Mon Mar 24, 2003 10:31 am
Location: UK

Post by mchaggis »

use ftp client to change perms... but I would suggest creating a sub dir cos otherwise people can destroy your site
User avatar
DuffMAn
Forum Newbie
Posts: 17
Joined: Thu Apr 03, 2003 4:53 pm

Post by DuffMAn »

Yo have rigth, this is just a test, in my real page I put directories plus check file type to upload files.
Now I gonna test the permision with the CuteFtp PRo
User avatar
DuffMAn
Forum Newbie
Posts: 17
Joined: Thu Apr 03, 2003 4:53 pm

Post by DuffMAn »

F**c, I created a directory name prueba, and then put all the permisions, but the disgusting message is here again.

Warning: open_basedir restriction in effect. File is in wrong directory in /home/webcindario/php-test/uploadprueba.php on line 27
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

phpinfo() to see what you have for open_basedir


Php manual:

"The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"
User avatar
DuffMAn
Forum Newbie
Posts: 17
Joined: Thu Apr 03, 2003 4:53 pm

Post by DuffMAn »

McGruff wrote:phpinfo() to see what you have for open_basedir


Php manual:

"The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"
well this is what phpinfo say.

open_basedir /home/webcindario/php-test

How I change the permision on this path, (is the root), because the FTP program only let me change the permisions of the files and subdirectories.
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

I always write pathnames with no leading forward slash relative to the site root. So if, as you say, "home/webcindario/php-test" IS your site root leave it out.
User avatar
DuffMAn
Forum Newbie
Posts: 17
Joined: Thu Apr 03, 2003 4:53 pm

Post by DuffMAn »

I remove the backslash but still doesn´t work. :?:
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Sorry that was a little garbled was working all night.

What I meant to say was try leaving out $dir altogether if that's your site root folder: could it be you're aiming copy() at:

home/webcindario/php-test/home/webcindario/php-test

..which obviously doesn't exist.
User avatar
DuffMAn
Forum Newbie
Posts: 17
Joined: Thu Apr 03, 2003 4:53 pm

Post by DuffMAn »

Well I solve half problem, this is what I made.

1 - Switch the copy function by move_uploaded_file, because this work with safe mode. Doing this the file was transfer.
2- the only problem is that a warning message is showed.

Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access /tmp owned by uid 0 in /home/webcindario/php-test/myupload.php on line 7

Is there some way to remove this warning?
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

I think move_uploaded_file() is affected by safe mode I'm afraid.

Not sure what you should do.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You can't get around safe-mode restrictions without some help from your host. Have a read of:
http://www.php.net/manual/en/features.safe-mode.php

Mac
Post Reply