I am working on my school project which we use Winscp as a server.
So im new to php trying to work on image upload and I have read many articles saying I need to edit my php.ini file and set file_uploads directive to "on". But I just do not know where my php.ini file is at.
Here is my link to my phpinfo.php: http://cgi.sice.indiana.edu/~baehy/phpinfo.php
So it says my php.ini is at /etc/php.ini and I cannot find it on my computer(i know it may sound silly)
Every comment is appreciated! Thank you all in advance!
Here is my code
<?php
session_start();
include('database.php');
ini_set('max_exection_time', 60);
if(!isset($_SESSION['userid'])){
header('location: http://cgi.sice.indiana.edu/~baehy/team72index.php');
} else {
echo "Welcome " . $_SESSION['userid'] . "<br>";
if(isset($_POST['submit'])){
$title = $_POST['title'];
$category = $_POST['category'];
$description = $_POST['description'];
//get file from the form and get following information
$file = $_FILES['coverimage'];
$fileName = $_FILES['coverimage']['name'];
$fileTmpName = $_FILES['coverimage']['tmp_name'];
$fileSize = $_FILES['coverimage']['size'];
$fileError = $_FILES['coverimage']['error'];
$fileType = $_FILES['coverimage']['type'];
//retrieve file extention using explode()
$fileExt = explode('.', $fileName);
//because some file extentions might be in capital letters
$fileActualExt = strtolower(end($fileExt));
$allowed = array('jpg','jpeg','png');
if(in_array($fileActualExt, $allowed)){
if($fileError === 0){
//if the size of the file is lesser than 1M kb = 1000mb
if($fileSize < 1000000){
$fileNameNew = uniqid('',true).".".$fileActualExt;
chmod('uploads/',0777);
echo "permission granted to uploads directory!" . "<br>";
$fileDestination = 'uploads/'.$fileNameNew;
move_uploaded_file($fileTmpName, $fileDestination);
echo $fileNameNew . "<br>";
echo "Successfully uploaded your file" . "<br>";
} else {
echo "Your file is too big to upload" . "<br>";
}
} else {
echo "There was an error uploading your file" . "<br>";
}
} else {
echo "This file extention is not allowed to be uploaded" . "<br>";
}
$sql = "INSERT INTO `recipe` (title, category, description, coverimage, userid)
VALUES ('".$title."', '".$category."', '".$description."', '".$fileName."', '".$_SESSION['userid']."')";
$result = mysqli_query($conn, $sql);
if($result){
echo "successfully added to database";
} else {
echo "failed to add to database";
}
$showImage = mysqli_query($conn, "SELECT `coverimage` FROM `recipe`");
}
}
p.s. and also do I need to put the absolute path of the folder('uploads') to use it in the code? Thank you!
Php.ini is system file located at remote web server and it contains global configuration for PHP. Only privileged users can edit php.ini.
You can change local configuration for your script using function ini_set, for example:
ini_set('max_exection_time', 60);
According to phpinfo() you sent, you already have file_uploads set to On. So you don't need to edit anything. Just open link you sent, press CTRL+F and search for file_uploads.
By the way, WinSCP is only application used to transfer files to remote web server using FTP/SFTP or similar protocols. Actually your web server is running on RHEL Apache 2.4.6. Just see section SERVER_SOFTWARE in your phpinfo.
Using WinSCP, connect to remote server. Go to remote server's root directory and then go to /etc/php.ini.
It won't be on your computer, it's on the remote server. The server is running on Apache. You are using Winscp as a FTP software to access the files of remote server.
Learn how to use WinSCP - https://www.siteground.com/tutorials/ssh/winscp/
Related
I am actually sending a file from my android app to the localhost application server . for this i am using xampp in ubuntu, but for some unknown reason the file that are creating in the htdocs folder are owned by some user called as daemon and it is locked. Due to this my python service module (watch dog) is not able to detect the creation of the file in that folder. Plzz help as i not getting any ideas?????
?php
if(isset($_FILES["uploaded_file"]["name"])){
$name = $_FILES["uploaded_file"]["name"];
$tmp_name = $_FILES['uploaded_file']['tmp_name'];
$error = $_FILES['uploaded_file']['error'];
if(!empty($name))
{
$location = './uploads/';
if(!is_dir($location))
mkdir($location);
if(move_uploaded_file($tmp_name, $location.$name))
{
echo "Uploaded";
}
}
else
echo 'Please choose a file';
}
?>
PHP code for uploading the file
Been trying to connect Filezilla and my website together via PHP and SFTP is proving to be tedious.
How do you connect with STFP, the information online is very brief for the most part, I have downloaded the SSH2.php file and have used the code that is included in the file (the Test File) and it does not work. The page does not load, an error message is displayed due to the use of the SSH2 functions I suspect.
Connection
// Connect to FileZilla
include("../model/connection.php");
$con = new SFTPobj();
$connect = $con->serverConnection();
Test File:
Class SFTPobj{
function serverConnection()
{
include('../controller/SSH2.php');
$server = "xx";
$user = "xx";
$pass = "xx";
$ssh = new Net_SSH2($server);
if (!$ssh->login( $user, $pass)) {
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
}
}
Test File- * code (irrelavant for the most part):
<?php
// Connect to database
include("../model/connection.php");
$con = new SFTPobj();
$connect = $con->serverConnection();
if(isset($_POST['submit']))
{
$file = $_FILES['file'];
print_r($file);
$fileName=$_FILES['file']['name'];
$fileTmpName=$_FILES['file']['tmp_name'];
$fileSize=$_FILES['file']['size'];
$fileError=$_FILES['file']['error'];
$fileType=$_FILES['file']['type'];
#only allow images
$fileExt = explode('.', $fileName);
$fileActualExt = strtolower(end($fileExt));
#Image types
$allowed = array('jpg','jpeg', 'png');
#Check file type
if(in_array($fileActualExt,$allowed))
{
if($fileError === 0)
{
if($fileSize < 500000) #500KB
{
$fileNameNew = uniqid('', true).".".$fileActualExt; #Random Number Generate
$fileDestination = '../view/pictures/week1'.$fileNameNew;
move_uploaded_file($fileTmpName,$fileDestination);
header("Location:../view/test.php?uploadSuccess");
}else{
echo "Your file is too big";
}
}else{
echo "There was an error uploading your file";
}
}else{
echo "You can not upload files of this type";
}
}
?>
From your file:
include('../controller/SSH2.php');
In the zip file download SSH2.php is in the Net/ directory. There's also a Crypt/ directory and a Math/ directory. Both of those are needed and the relative path's need to be correct as well.
The fact that you've taken SSH2.php out of the Net/ directory makes me think you may not have the other requisite files. And even if you do I'm skeptical that they're in the right relative location.
Also, since you appear to be using the 1.0 branch, you may need to set the include_path to get it to work properly, depending on where you place the directory:
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
include('Net/SSH2.php');
?>
Really, I'd just recommend against picking and choosing the files you think you need. Just take the entire phpseclib zip file and dump it into the phpseclib file.
I'm converting an image to a binary file in IOS, which works just fine. This will be handled by my php script which is suppose to upload this image to my ubuntu server. The problem is i keep getting file=unsuccessful. i've tried different directory paths, but cant seem to solve this issue.
This $directory will return this: /var/www/User/core/ios/
<?
if(!empty($_POST))
{
$message = $_POST['message'];
$directory = $_SERVER['DOCUMENT_ROOT'] . '/User/core/ios/';
$file = basename($_FILES['userfle']['upload']);
$uploadfile = $directory . $file;
var_dump($_FILES);
$randomPhotoID = md5(rand() * time());
echo 'file='.$file;
echo $file;
if (move_uploaded_file($_FILES['userfle']['tmp_name'], $uploadfile)) {
echo 'successful';
}
else
{
echo 'unsuccessful';
}
}
else
{
echo('Empty post data');
}
?>
Check the error file of your php(you can make sure if you enabled the error log in php.ini),
if you don't have the permission or for some other reasons it can't move the file ,there will be a record in that file.
Some time you can try the command setenforce 0 if you confirm you(I means the user of apache) have the permission to move the file but it not work.
By the way if the file you want to move is not upload by post, there is no error log and the move function will return false.
I have changed the php.ini file and added a set_time_limit(0) on the top of my page and i still cant upload big files with php. I am also using ajax and javascript to upload, and i can upload 400Mb files. i was trying to upload a 3.2GB file on WAMP.
My code:
<?php
set_time_limit(0);
session_start();
include('../Connect/Connect.php');
$User = $_SESSION['User'];
$Files = $_FILES['File'];
if(isset($User))
{
if(!empty($Files))
{
for($X = 0; $X < count($Files['name']); $X++)
{
$Name = $Files['name'][$X];
$TMP = $Files['tmp_name'][$X];
move_uploaded_file($TMP, '../Users/' . $User . '/' . $Name);
}
}
}
else
{
header("location:../");
}
header("location:index.php");
$Connect->close();
?>
check your browser, that it supports >2 GB files
set POST_MAX_SIZE higher than UPLOAD_MAX_FILESIZE (ofcourse set
normal values in settings, not like memory_limit 10 000GB....
max_input_time set for example to 30000
check x64 or x86 OS/Browser
had on debian with php 5.3.21 error, that it does not allow >2GB files cause of bug in PHP -> it just gives u a chance that u may get
php version with wrong atoi() and atol() converting.
hi guys i am uploading the images using the #PhP file upload Method # If i upload 10 Images at a time (Each Images is 2000 /3000 dimension). then the on click save function is not working. if i upload 5 images or less than five images then its working fine wats wrong with my coding i just include my php code with this post <input value="Save" type="submit" name="SubSave" id="SubSave" onClick="return changes();">
if($_POST['SubSave'] == "Save"){
$aid = $_GET['rid'];
$updcount = $_POST['theValue'];
if($_SESSION["almgtype"]==1 || (GetUserNoPhoto($_SESSION["almgid"]))>(GetTotalPhotoCount1($_SESSION["almgid"],$aid))) {
$uid = $_SESSION["almgid"];
for($k=1;$k<=$updcount;$k++) {
//echo $k;
echo $_FILES["uploadfile"]["type"];
if($_FILES["uploadfile".$k]["name"]!="") {
if(($_FILES["uploadfile".$k]["type"] == "image/gif") || ($_FILES["uploadfile".$k]["type"] == "image/jpeg")|| ($_FILES["uploadfile".$k]["type"] == "image/pjpeg") || ($_FILES["uploadfile".$k]["type"] == "image/png")) {
if ($_FILES["uploadfile".$k]["error"] > 0)
{
echo "Error: " . $_FILES["uploadfile".$k]["error"] . "<br />";
}
else
{
move_uploaded_file($_FILES["uploadfile".$k]["tmp_name"],
"photoalbum/" . $_FILES["uploadfile".$k]["name"]);
$uploadfile = "photoalbum/" . $_FILES["uploadfile".$k]["name"];
}
$path = $uploadfile;
$checklist = "select * from amt_photos1 where aid = '".trim($aid)."' and uid = '".trim($uid)."' and path = '".trim($path)."'";
$chkresult = mysql_query($checklist);
if(mysql_num_rows($chkresult) == 0) {
$i = 0;
$path =$uploadfile;
$result = "insert into amt_photos1 set uid = '".trim($uid)."',
aid = '".trim($aid)."',
path = '".trim($path)."',
status = '0',
createdby = '".$_SESSION["almgid"]."',
createddate = now()";
$rowlist = mysql_query($result) or die("Error:(".mysql_error().")".mysql_error());
}
/********************** if file already exist means ******************************************/
else {
$err= "The Uploaded file name ".$path." Is already exisit in the Album. Rename It or try to add Any other Photos";
}
/********************** if file already exist means ******************************************/
$path ="";
$uploadfile = "";
$i = "";
} // file extention
else {
$err= "Unable To Upload The File Please Check The File Extention.Try Again Later";
}
}
}
}
} // if save close
You probably need to change the maximum POST size in your php.ini configuration file (post_max_size setting).
You can use the command phpinfo() to dump your configuration. Likely, as others have stated you need to increase the upload size and execution time.
These can be modified through a .htaccess file.
php_value upload_max_filesize 20M
php_value post_max_size 20M
php_value max_execution_time 200
php_value max_input_time 200
Just as a warning: Your upload handling script will make it utterly trivial to completely subvert your server:
You blindly trust that the $_FILES[...]['type'] value is correctly set - this value is completely under the user's control, and they can stuff in "image/jpeg" and upload any type of file they want
You blindly trust that the $_FILES[...]['filename'] value is correctly set - again, this value is completely under the user's control, and they can stuff in "hackme.php" if they want to
You blindly write the file to your photoalbum directory, but don't check if the user-supplied filename contains pathing data
So, what happens if someone uploads the following file:
$_FILES['uploadfile0']['type'] = 'image/gif';
$_FILES['uploadfile0']['filename'] = '../pwn_me.php';
You've now happily put a user-provided PHP script ONTO YOUR WEBSERVER and they can now do anything they want.
On top of that, your database queries blindly insert the same data into the queries, leaving you wide open to SQL injection attacks. As well, you don't check for filename collisions until AFTER you've moved the file. So, someone could upload a malicious script, but only do it once for that particular filename. Congratulations, you've implemented versioned attacks on your server. You'll have "pwn_me.php", "pwn_me2.php", "pwn_me3.php", "my_little_pwnme.php", and so on.