...

View Full Version : Problems with Image Upload & Chmod



Earunder
02-29-2008, 04:31 PM
Hi all,

I've been having problems with uploading images and setting the correct permissions.

The code will follow shortly.

The image uploads ok, i can download the image via ftp and view it so I know that it hasn't been corrupted. I go to check the permissions of the newly uploaded image but the permissions are set to:

Owner Group Others
X - -
X - -
- - -


The permissions for the images folder is 777.

The location of the upload image file is within a restricted access directory as only members of staff will have permission to upload new images.

www.mysite.com/folder1(restricted)/folder2(restricted)/uploadimage.php

I'm not sure the location of the imageupload file makes that much of a difference???

Any who the code:



if($_POST["action"] == "Upload Image")
{
unset($imagename);

if(!isset($_FILES) && isset($HTTP_POST_FILES))
$_FILES = $HTTP_POST_FILES;

if(!isset($_FILES['image_file']))
$error["image_file"] = "An image was not found.";


$imagename = basename($_FILES['image_file']['name']);


if(empty($imagename))
$error["imagename"] = "The name of the image was not found.";

if(empty($error))
{
$newimage = "../../images/" . $imagename;
$partid = $_POST['partid'];
mysql_select_db($database_vwpconn00, $vwpconn00);
$dbfilename = $imagename;
$sq0 = mysql_query("UPDATE parts SET imageurl = '$dbfilename' WHERE partid = '$partid'") or die (mysql_error());
chmod("../../images/".$imagename, `0777`);

$result = @move_uploaded_file($_FILES['image_file']['tmp_name'], $newimage);
if(empty($result))
$error["result"] = "There was an error moving the uploaded file.";
}

}

?>


<form method="POST" enctype="multipart/form-data" name="image_upload_form" action="<?$_SERVER["PHP_SELF"];?>">
<p><input type="file" name="image_file" size="20"></p>
<p><input type="submit" value="Upload Image" name="action">
<input name="partid" type="hidden" id="partid" value="<?php echo $_GET['partid'];?>">
</p>
</form>

<?
if(is_array($error))
{
while(list($key, $val) = each($error))
{
echo $val;
echo "<br>\n";
}
}
?>

Fou-Lu
03-01-2008, 04:51 AM
Likely the problem is with the chmod. The function requires a string for the filename and an int for the permissions. You appear to be giving it string,string:


chmod("../../images/".$imagename, '0777');

Try changing the permissions to:


chmod('../../images/' . $imagename, 0777); // Make sure the 0 is in the front!

If this is a public directory, I'd actually recommend using the permissions 0644 or 0666. Remember, just because PHP claims it to be an image does not mean that it is not an executable script!

As for the directory location, I would move it somewhere above your html root: ie:
~/public_html is the location of the html root, i'd put uploaded images in:
~/uploaded_images
This will stop (most) users from accessing the directory of those images and explicitly executing scripts. Then use a PHP script to retrieve those images from above the html root. Just make sure that Apache (assumably is the user) is given read + write permissions in the directory.

Does this help you?

Earunder
03-04-2008, 02:17 PM
Thank for your reply Fou-Lu.

I have tried the methods you have said but unfortunately I am still coming back with the same problems?

The image uploads correctly but still the permissions are only set at:
Owner Group Others
X - -
X - -
- - -

Earunder
03-04-2008, 02:27 PM
Ok I have figured it out!

I knew it would be something very simple but from the stress and aggrevation this caused me I couldnt pin a tail on a donkey!

I mis-placed the chmod command! DOH!!!!!!!!!!

Old Code:


...
$dbfilename = $imagename;
$sq0 = mysql_query("UPDATE parts SET imageurl = '$dbfilename' WHERE partid = '$partid'") or die (mysql_error());
chmod("../../images/".$imagename, `0777`);

$result = @move_uploaded_file($_FILES['image_file']['tmp_name'], $newimage);
if(empty($result))
$error["result"] = "There was an error moving the uploaded file.";
}
...


New Code:


...
$dbfilename = $imagename;
$sq0 = mysql_query("UPDATE parts SET imageurl = '$dbfilename' WHERE partid = '$partid'") or die (mysql_error());


$result = @move_uploaded_file($_FILES['image_file']['tmp_name'], $newimage);
chmod("../../images/".$imagename, `0777`);
if(empty($result))
$error["result"] = "There was an error moving the uploaded file.";
}
...


What a wombat I was!! That's why you shouldn't do 20 hour days! lol! I was nearly pulling out my eyes!

:D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum