Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 19

Thread: File Upload

  1. #1
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts

    File Upload

    error =
    Code:
    Warning:  move_uploaded_file(/uploads/zzzzzzzzMORPH.png): failed to open stream: No such file or directory in /home/www/rafiki.freehostia.com/upload/upload.php on line 14
    
    
    
    Warning:  move_uploaded_file(): Unable to move '/tmp/phpQPbG4Q' to '/uploads/zzzzzzzzMORPH.png' in /home/www/rafiki.freehostia.com/upload/upload.php on line 14
    
    Possible file upload attack!
    Here is some more debugging info:Array
    (
        [mp4] => Array
            (
                [name] => 
                [type] => 
                [tmp_name] => 
                [error] => 4
                [size] => 0
            )
    
        [swf] => Array
            (
                [name] => zzzzzzzzMORPH.png
                [type] => image/png
                [tmp_name] => /tmp/phpQPbG4Q
                [error] => 0
                [size] => 6391
            )
    php code =
    PHP Code:
    <form action="upload.php" method="POST" enctype="multipart/form-data" class="upload_form">
    <input type="file" accept="MP4" name="mp4" id="mp4" />MP4<br />
    <input type="file" name="swf"  id="swf"  />SWF <br />
    <input type="hidden" value="MAX_FILE_SIZE" id="max" />
    <input type="submit" value="Upload!" id="Up_button" />
    </form>
    <?php
    if (isset($_FILES['mp4']['name'])||isset($_FILES['swf']['name'])){
        
    $uploaddir '/uploads/';
    $uploadfile $uploaddir basename($_FILES['swf']['name']);
    $uploadfile2 $uploaddir basename($_FILES['mp4']['name']);

    echo 
    '<pre>';
    if (
    move_uploaded_file($_FILES['swf']['tmp_name'], $uploadfile)||move_uploaded_file($_FILES['mp4']['tmp_name'], $uploadfile)) {
        echo 
    "File is valid, and was successfully uploaded.\n";
    } else {
        echo 
    "Possible file upload attack!\n";
    }

    echo 
    'Here is some more debugging info:';
    print_r($_FILES);

    print 
    "</pre>";
    }
    ?>
    any help appreciated..
    FYI:
    i have not set it to accept anyfile types, and left all file size's etc.. to default

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    First be sure that the uploads folder has the correct write permissions. I believe 777 or 666 should work.

    2nd it also looks like you are trying to move to a folder called uploads however from the error you don't seem to have a folder called uploads. Are you sure its not upload that you want instead of uploads?
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    tried both CHMOD's
    didnt work
    Current Path: www/rafiki.freehostia.com/upload/uploads/
    with upload.php in
    Current Path: www/rafiki.freehostia.com/upload/

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    The thing with this is I'm pretty sure its going back to the root directory passed the public_html folder.
    PHP Code:
    move_uploaded_file(/uploads/zzzzzzzzMORPH.png
    Change this
    PHP Code:
    $uploaddir '/uploads/'
    to this
    PHP Code:
    $uploaddir $_SERVER['DOCUMENT_ROOT'].'/uploads/'
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    i changed to
    PHP Code:
    $uploaddir $_SERVER['DOCUMENT_ROOT'].'/uploads/'
    and it went into upload/ not upload/uploads/ so i changed that to
    PHP Code:
    $uploaddir $_SERVER['DOCUMENT_ROOT'].'/upload/uploads/'
    and that didnt work either same result as
    PHP Code:
    $uploaddir $_SERVER['DOCUMENT_ROOT'].'/uploads/'
    Edit:
    heres a picture i tried uploading to /uploads folder
    http://rafiki.freehostia.com/upload/Me%20n%20baby.jpg
    as you can see its in the /upload folder.
    you need to copy the link into your browsers address bar for some strange reason :S
    Last edited by rafiki; 07-27-2007 at 02:58 AM.

  • #6
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Hmm I wonder if its the web host. Seeing as how the tmp folder is outside the root you may not have access to it on free hostia. You might have to use ini_set() to setup your own tmp folder on the root of the site.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #7
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    ok i made the dir
    /www/rafiki.freehostia.com/upload/temp/
    so use ini_set() to set the temp dir for uploads like so?
    ini_set('upload_tmp_dir','$_SERVER['DOCUMENT_ROOT']/upload/temp/');
    Edit:
    using that ini_set() line above it still doesnt move the file into /uploads/
    Last edited by rafiki; 07-27-2007 at 12:12 PM.

  • #8
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    No you need to concatenate the $_SERVER variable to the rest of the pat.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #9
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    No you need to concatenate the $_SERVER variable to the rest of the pat.
    while testing i got the unexpected $ error and concatenated the $_SERVER var i editted my post above.

  • #10
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Sighs, you didn't concatenate anything.
    PHP Code:
    ini_set('upload_tmp_dir',$_SERVER['DOCUMENT_ROOT'].'/upload/temp/'); 
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #11
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    i did in my php file, should of added that sorry, and thanks for the fast replies.
    current full file code ==
    PHP Code:
    <form action="upload.php" method="POST" enctype="multipart/form-data" class="upload_form">
    <input type="file" accept="MP4" name="mp4" id="mp4" />MP4<br />
    <input type="file" name="swf"  id="swf"  />SWF <br />
    <input type="hidden" value="MAX_FILE_SIZE" id="max" />
    <input type="submit" value="Upload!" id="Up_button" />
    </form>
    <?php
    ini_set
    ('upload_tmp_dir',$_SERVER['DOCUMENT_ROOT'].'/upload/temp/');
    if (isset(
    $_FILES['mp4']['name'])||isset($_FILES['swf']['name'])){
        
    $_SERVER['DOCUMENT_ROOT'].'/upload/uploads/';
    $uploadfile $uploaddir basename($_FILES['swf']['name']);
    $uploadfile2 $uploaddir basename($_FILES['mp4']['name']);

    echo 
    '<pre>';
    if (
    move_uploaded_file($_FILES['swf']['tmp_name'], $uploadfile)||move_uploaded_file($_FILES['mp4']['tmp_name'], $uploadfile)) {
        echo 
    "File is valid, and was successfully uploaded.\n";
    } else {
        echo 
    "Possible file upload attack!\n";
    }

    echo 
    'Here is some more debugging info:';
    print_r($_FILES);

    print 
    "</pre>";
    }
    ?>

  • #12
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    You have no $uploaddir variable. After adding that you shouldn't need ini_set. I just tried your script corrected on my freehostia account and it worked fine.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #13
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    Thanks Aero ill try it now, but i guess if yours works mine should too.
    leave rep if it lets me

  • #14
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    I would actually use this for upload.php
    PHP Code:
    <?php
    if(isset($_POST['submit']) && $_POST['submit'] == 'Upload!')
    {
        if (isset(
    $_FILES['mp4']['name']) || isset($_FILES['swf']['name']))
        {
            
    $uploaddir $_SERVER['DOCUMENT_ROOT'].'/upload/uploads/';
            
    $uploadfile $uploaddir basename($_FILES['swf']['name']);
            
    $uploadfile2 $uploaddir basename($_FILES['mp4']['name']);
        
            echo 
    '<pre>';
            echo (
    move_uploaded_file($_FILES['swf']['tmp_name'], $uploadfile) || move_uploaded_file($_FILES['mp4']['tmp_name'], $uploadfile2)) ? 'File is valid, and was successfully uploaded.<br>' 'Possible file upload attack<br>';
            echo 
    'Here is some more debugging info:';
            
    print_r($_FILES);
            
            print 
    "</pre>";
        }
    }
    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
    <html>
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <title>Untitled Document</title>
    </head>
    <body>
    <form action="/upload/upload.php" method="POST" enctype="multipart/form-data" class="upload_form">
        <input type="file" accept="MP4" name="mp4" id="mp4" />
        MP4<br />
        <input type="file" name="swf"  id="swf"  />
        SWF <br />
        <input type="submit" value="Upload!" name="submit" id="submit" />
    </form>
    </body>
    </html>
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #15
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    does it make much if any difference? apart from validating the html?
    edit also the acceptance isnt working in FF tried no other browser. or is it the wrong parameter?


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •