Page 1 of 1

File Uploading error

Posted: Tue Apr 22, 2003 5:50 am
by DuffMAn
I have this error when I upload files

Warning: open_basedir restriction in effect. File is in wrong directory in /home/webcindario/php-test/uploadprueba.php on line 27

here is the code

<HTML>
<TITLE>
File upload
</title>
<body>
<B>File upload</b>
<form enctype="multipart/form-data" action="<?PHP echo $PHP_SELF ?>" method="post">
<!-- "MAX_FILE_SIZE" determines the biggest size an uploaded file can occupy -->
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
Send this file:
 <input name="userfile" type="file">
<input type="submit" name="submit" value="Send File">
</form>
</body>
<?php
/*
$userfile - The temporary filename in which the uploaded file was stored on the server machine.
$userfile_name - The original name or path of the file on the sender's system.
$userfile_size - The size of the uploaded file in bytes.
$userfile_type - The mime type of the file if the browser provided this information. An example would be "image/gif".
 
*/
// copy to this directory
$dir="./home/webcindario/php-test/";
if ($submit){
copy($userfile,$dir.$userfile_name);
if (!is_uploaded_file ($userfile)){
echo "<b>$userfile_name</b> couldn't be copied !!";
}
}
// check whether it has been uploaded
if (is_uploaded_file ($userfile)){
echo "
<b>$userfile_name</b> copied succesfully !!";



?>
</html>


I´m using a free web hosting if it help.

Posted: Tue Apr 22, 2003 6:03 am
by mchaggis
for starters you have a dot in the destination dir which I don't think you want:

Code: Select all

// copy to this directory 
$dir="./home/webcindario/php-test/";
The second thing to check is that permissions are correct, ie you may find you need to create subdir and chmod a+rw it :?

Also,

Code: Select all

copy($userfile,$dir.$userfile_name);
is dagerous, as it looks like your uploading into same dir as the scripts without renaming the file, so what will happen if someone uploads a file called index.php?

The finall thing to be aware of is, the is_uploaded_file function should be used for sanity checking and to to check if the file has been successfully dealt with. So rather than:

Code: Select all

if ($submit)&#123; 
copy($userfile,$dir.$userfile_name); 
if (!is_uploaded_file ($userfile))&#123; 
echo "<b>$userfile_name</b> couldn't be copied !!"; 
&#125;
you want:

Code: Select all

if (is_uploaded_file)&#123; 
copy($userfile,$dir.$userfile_name); 
if (!is_uploaded_file ($userfile))&#123; 
echo "<b>$userfile_name</b> couldn't be copied !!"; 
&#125; else &#123;
echo "No Upload happened";
&#125;

Posted: Tue Apr 22, 2003 6:52 am
by DuffMAn
well I remove the dot in the $dir var, but the same error appear.
Second, is a free web hosting, so how I check the permision?, (Using Windows 98)
Third, I guess the path /home/webcindario/php-test/ is correct, because I have index.php.

Posted: Tue Apr 22, 2003 6:58 am
by mchaggis
use ftp client to change perms... but I would suggest creating a sub dir cos otherwise people can destroy your site

Posted: Tue Apr 22, 2003 7:02 am
by DuffMAn
Yo have rigth, this is just a test, in my real page I put directories plus check file type to upload files.
Now I gonna test the permision with the CuteFtp PRo

Posted: Tue Apr 22, 2003 7:19 am
by DuffMAn
F**c, I created a directory name prueba, and then put all the permisions, but the disgusting message is here again.

Warning: open_basedir restriction in effect. File is in wrong directory in /home/webcindario/php-test/uploadprueba.php on line 27

Posted: Tue Apr 22, 2003 7:30 am
by McGruff
phpinfo() to see what you have for open_basedir


Php manual:

"The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"

Posted: Tue Apr 22, 2003 7:49 am
by DuffMAn
McGruff wrote:phpinfo() to see what you have for open_basedir


Php manual:

"The restriction specified with open_basedir is actually a prefix, not a directory name. This means that "open_basedir = /dir/incl" also allows access to "/dir/include" and "/dir/incls" if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: "open_basedir = /dir/incl/"
well this is what phpinfo say.

open_basedir /home/webcindario/php-test

How I change the permision on this path, (is the root), because the FTP program only let me change the permisions of the files and subdirectories.

Posted: Tue Apr 22, 2003 8:04 am
by McGruff
I always write pathnames with no leading forward slash relative to the site root. So if, as you say, "home/webcindario/php-test" IS your site root leave it out.

Posted: Tue Apr 22, 2003 8:20 am
by DuffMAn
I remove the backslash but still doesn´t work. :?:

Posted: Tue Apr 22, 2003 1:53 pm
by McGruff
Sorry that was a little garbled was working all night.

What I meant to say was try leaving out $dir altogether if that's your site root folder: could it be you're aiming copy() at:

home/webcindario/php-test/home/webcindario/php-test

..which obviously doesn't exist.

Posted: Wed Apr 23, 2003 2:51 pm
by DuffMAn
Well I solve half problem, this is what I made.

1 - Switch the copy function by move_uploaded_file, because this work with safe mode. Doing this the file was transfer.
2- the only problem is that a warning message is showed.

Warning: SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access /tmp owned by uid 0 in /home/webcindario/php-test/myupload.php on line 7

Is there some way to remove this warning?

Posted: Wed Apr 23, 2003 7:51 pm
by McGruff
I think move_uploaded_file() is affected by safe mode I'm afraid.

Not sure what you should do.

Posted: Thu Apr 24, 2003 2:55 am
by twigletmac
You can't get around safe-mode restrictions without some help from your host. Have a read of:
http://www.php.net/manual/en/features.safe-mode.php

Mac