Hello everyone I'm trying to upload an image to parse with PHP. i was able to add the object all the columns works perfectly except the Image Column stays undefined i checked the php.ini (url_fopen:On ;) and the utf-8 charset and many other solutions i thins its a problem of security or Privilege !! Please if you have any useful Ideas share it and Thanks in Advance !!!
Here is my code
<?php
require_once( 'autoload.php' );
// Add the "use" declarations where you'll be using the classes
use Parse\ParseObject;
use Parse\ParseUser;
use Parse\ParseException;
use Parse\ParseFile;
use Parse\ParseCloud;
use Parse\ParseClient;
use Parse\ParseQuery;
try {
$app_id = "xxxxxxxxxxxxxxxxxxxxxx" ;
$rest_key = "xxxxxxxxxxxxxxxxxxxxxx";
$master_key = "xxxxxxxxxxxxxxxxxxxxxx";
ParseClient::initialize( $app_id, $rest_key, $master_key );
ParseClient::setServerURL('https://parseapi.back4app.com', '/');
if(isset($_GET['libelle']) && (isset($_GET['prix']) ) ){
$libelle = $_GET['libelle'];
$prix = $_GET['prix'];
}
if ( isset( $_FILES['image'] ) ) {
$isFileExists = file_exists ($_FILES['image']['tmp_name'] );
$isGoodSize = ($_FILES['image']['size'] < 600000) && ($_FILES['image']['size'] > 0);
if ( $isFileExists && $isGoodSize) {
// save file to Parse
$file = ParseFile::createFromData( file_get_contents( $_FILES['image']['tmp_name'] ), $_FILES['image']['name'] );
$file->save();
//echo 'File URL: ' . $file->getURL() . '';
} else {
echo "Erreur";
}
}
$Prod = ParseObject::create("Produit");
//$Prod = new ParseObject("Produit");
$Prod->set("libelle",$libelle);
$Prod->set("prix",(float)$prix);
if ( isset( $file ) ) {
$Prod->set("image",$file);
}
try {
$Prod->save();
echo 'Object Saved with ID: <strong>' . $Prod->getObjectId() . '</strong>.<br/>';
} catch (ParseException $ex) {
echo 'Failed to create new object, with error message: ' . $ex->getMessage();
}
} catch (ParseException $ex) {
echo $ex->getMessage();
}
?>
I was checking here more about files! Just for help you, the maximum file size is 20MB. You can test with different file sizes.
At releases page on GitHub from Parse PHP SDK, you can check the version 1.2.8 that fixed a error with ParseFiles.
Related
I am trying to fill out pdf files using a github project that i found on [https://github.com/mrdigitalau/PHP-PDFTK-Tutorial]
Basically there is 2 page, one named: GeneratedPDF that hold code:
<?php
namespace Classes;
if(!defined('ACCESSCHECK')) {
die('Direct access not permitted');
}
use mikehaertl\pdftk\Pdf;
class GeneratePDF {
public function generate($data)
{
try {
$filename = 'pdf_' . rand(2000,1200000) . '.pdf';
$pdf = new Pdf('./test.pdf');
$pdf->fillForm($data)
->flatten()
->saveAs( './completed/' . $filename);
//->send( $filename . '.pdf');
return $filename;
}
catch(Exception $e)
{
return $e->getMessage();
}
}
}
And another page name generate.php that holds this code:
<?php
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
exit;
}
define('ACCESSCHECK', TRUE);
require_once 'vendor/autoload.php';
use Classes\GeneratePDF;
$data = [
'name_field' => $_POST['fname'] .' ' . $_POST['lname'],
'email_field' => $_POST['email'],
'phone_field' => $_POST['phone'],
'enquiry_field' => $_POST['enquiry']
];
$pdf = new GeneratePdf;
$response = $pdf->generate($data);
header('Location: thanks.php?fname=' . $_POST['fname'] . '&link=' . $response);
The problem is every time i try to fill out a pdf I get this error:
Fatal error: Uncaught Error: Class 'Classes\GeneratePDF' not found in C:\xampp\htdocs\generate.php:23 Stack trace: #0 {main} thrown in C:\xampp\htdocs\generate.php on line 23
Any idea the problem here? Thanks in advance
This question already has answers here:
PHP - Failed to open stream : No such file or directory
(10 answers)
Reference - What does this error mean in PHP?
(38 answers)
Closed 2 years ago.
I am using Heroku for creating my website, as part of it, there is the ability to upload videos to the site. I have got it sort of working but I am struggling to get one last part working. As I have understood for uploading videos, the name of the file is uploaded to the database whilst the actual video itself is uploaded to a folder defined by myself. I have got it working so the video name is uploaded to the database but the video is not saving to the video folder I have created.
This is the code I have:
<?php
session_start();
require_once('../../includes/config.php');
require('../../vendor/autoload.php');
if(!isset($_SESSION['loggedin'])){ //if login in session is not set
header("Location: ../../index.php");
}
if($_SESSION['role'] !="admin") {
header("Location: ../../index.php");
}
if(isset($_POST["submit"])) {
//collect form data
extract($_POST);
$allowedExts = array("ogg", "mp4", "wma");
$extension = pathinfo($_FILES['video']['name'], PATHINFO_EXTENSION);
if ((($_FILES["video"]["type"] == "video/mp4")
|| ($_FILES["video"]["type"] == "video/ogg")
|| ($_FILES["video"]["type"] == "video/wma")
&& ($_FILES["video"]["size"] < 16000000 )
&& in_array($extension, $allowedExts))){
if ($_FILES["video"]["error"] > 0)
{
echo "Return Code: " . $_FILES["video"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["video"]["name"] . "<br />";
echo "Type: " . $_FILES["video"]["type"] . "<br />";
echo "Size: " . ($_FILES["video"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["video"]["tmp_name"] . "<br />";
$upload = $_FILES["video"]["name"];
if (file_exists("../videos/" . $_FILES["video"]["name"]))
{
echo $_FILES["video"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["video"]["tmp_name"],
"../videos/" . $_FILES["video"]["name"]);
echo "Stored in: " . "../videos/" . $_FILES["video"]["name"];
}
}
}else{
echo "Invalid file";
}
try {
//insert into database
$stmt = $dbconn->prepare('INSERT INTO videos (videotitle,video,editedBy,duration) VALUES (:videoTitle, :video, :editedBy, :duration)') ;
$stmt->execute(array(
':videoTitle' => $videoTitle,
':video' => $upload,
':editedBy' => "admin",
':duration' => "12"
));
//redirect to videos page
header('Location: index.php');
exit;
} catch(PDOException $e) {
echo $e->getMessage();
}
}
?>
I have looked at the heroku logs and the errors I am getting are:
PHP Warning: move_uploaded_file(../videos/VID_20201129_223935.mp4): failed to open stream: No such file or directory in /app/users/admin/videoUpload.php on line 53
PHP Warning: move_uploaded_file(): Unable to move '/tmp/phpoLjPU4' to '../videos/VID_20201129_223935.mp4' in /app/users/admin/videoUpload.php on line 53
This is to do with the lines:
// this is line 53
move_uploaded_file($_FILES["video"]["tmp_name"],
"../videos/" . $_FILES["video"]["name"]);
I am not sure what would cause this error, is there something I am missing or could it be to do with how I have heroku set up?
As a side note, I have become aware that using extract is not the most secure way to get form data and I am looking to change this.
Thanks
Edit -
This is the form where the information is gathered
<form action='videoUpload.php' method='post' enctype="multipart/form-data">
<h2>Add Video</h2>
<p><label>Title</label><br />
<input type='text' name='videoTitle' required value='<?php if(isset($error)){ echo $_POST['videoTitle'];}?>'></p>
<p><label>Video</label><br />
<input type="file" name='video' id="video" required value='<?php if(isset($error)){ echo $_POST['video'];}?>'></p>
<p><input type='submit' name='submit' value='Submit'></p>
</form>
In view of the comments I made regarding using the full path I put the following together with the hope that it might help solve your problem ~ though it is untested.
Any fields from the form that submits to this script that is used in the extract method should really be validated and sanitised ( though the prepared statement will help protect the db anyway ) - so by declaring these fields with a suitable filter you can call filter_input or filter_input_array to assist that protection. I usually run checks on the POST array before filtering so that I can deduce if I have omitted fields or have extra - you'll see what I mean below.
In terms of processing the upload if the target folder is not found you need to know about it and act accordingly before trying to save the file or write to the db ( pointless logging an upload that failed perhaps ). chdir returns true if it succeeds in navigating to the target directory so you can fork the logic at that stage to either bailout or create the folder structure ( using mkdir )
<?php
error_reporting( E_ALL | E_STRICT );
session_start();
$errors=array();
$createpath=true;
if( $_SERVER['REQUEST_METHOD']=='POST' ){
try{
$kb=1024;
$mb=pow( $kb,2 );
$maxfs=$mb * 15; # 15728640 ~ 15Mb
if( !isset( $_SESSION['loggedin'], $_SESSION['role'] ) or $_SESSION['role'] !== 'admin' ) {
exit( header( 'Location: ../../index.php' ) );
}
if( isset( $_POST['submit'], $_FILES['video'] ) ) {
require_once('../../includes/config.php');
require_once('../../vendor/autoload.php');
/*
To use `extract` in a more secure manner
*/
# create filter rules for form fields with their expected data type
$args=array(
'submit' => FILTER_SANITIZE_STRING,
'videoTitle' => array(
'filter' => FILTER_SANITIZE_STRING,
'flags' => FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH
)
);
# if there are fields that MUST be submitted
foreach( array_keys( $args ) as $field ){
if( !isset( $_POST[ $field ] ) or empty( $_POST[ $field ] ) ) $errors[]=sprintf('The field "%s" does not appear in the POST array',$field);
}
# check that no additional POST variables are present
foreach( $_POST as $field => $value ){
if( !in_array( $field, array_keys( $args ) ) ) $errors[]=sprintf('Unknown parameter supplied "%s"',$field);
}
$_POST=filter_input_array( INPUT_POST, $args );
extract( $_POST );
$name=$_FILES['video']['name'];
$type=$_FILES['video']['type'];
$size=$_FILES['video']['size'];
$error=$_FILES['video']['error'];
$tmp=$_FILES['video']['tmp_name'];
function uploaderror( $error ){
switch( $error ) {
case UPLOAD_ERR_INI_SIZE: return 'The uploaded file exceeds the upload_max_filesize directive in php.ini';
case UPLOAD_ERR_FORM_SIZE: return 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form';
case UPLOAD_ERR_PARTIAL: return 'The uploaded file was only partially uploaded';
case UPLOAD_ERR_NO_FILE: return 'No file was uploaded';
case UPLOAD_ERR_NO_TMP_DIR: return 'Missing a temporary folder';
case UPLOAD_ERR_CANT_WRITE: return 'Failed to write file to disk';
case UPLOAD_ERR_EXTENSION: return 'File upload stopped by extension';
default: return 'Unknown error';
}
}
$allowedExts = array('ogg', 'mp4', 'wma');
$types=array('video/mp4','video/ogg','video/wma');
$extension = pathinfo( $name, PATHINFO_EXTENSION );
if( in_array( $type, $types ) && in_array( $extension, $allowedExts ) && $size <= $maxfs ) {
if( $error !==UPLOAD_ERR_OK ) {
$errors[]=sprintf('Error uploading file: %s',uploaderror( $error ));
} else {
# get the full path to current working directory
$cwd=getcwd();
# attempt to traverse directory structure to desired location - up one level and find folder
$status=chdir('../videos/');
# If the directory does not exist...
if( !$status ) {
chdir('../');
$targetpath=sprintf( '%s/videos/', getcwd() );
# Attempt to create THIS path or exit???
if( $createpath ){
mkdir( $targetpath, 0777, true );
chdir( $targetpath );
} else exit( sprintf( '<h1>Fatal Error: Target Directory "%s" does not exist!</h1>', $targetpath ) );
}
# get the fully qualified path of the target directory
$target=getcwd();
# create the full filepath for uploaded file
$targetfile=sprintf('%s/%s',$target,$name);
# save the file
if( !file_exists( $targetfile ) ){
$status=move_uploaded_file( $tmp, $targetfile );
if( !$status )$errors[]=sprintf( 'Failed to move file to target directory: %s', $target );
}else{
$errors[]=sprintf('The file "%s" already exists!',$name);
}
}
if( empty( $dbconn ) )$errors[]='No database connection available';
if( empty( $errors ) ){
$sql='INSERT INTO `videos` ( `videotitle`, `video`, `editedBy`, `duration` ) VALUES ( :videoTitle, :video, :editedBy, :duration )';
try{
$stmt=$dbconn->prepare( $sql );
$args=array(
':videoTitle' => $videoTitle,
':video' => $name,
':editedBy' => 'admin',
':duration' => 12
);
$result=$stmt->execute( $args );
if( !$result ) $errors[]='Failed to add record';
# redirect if everything went OK
if( empty( $errors ) )exit( header( 'Location: index.php' ) );
}catch( PDOException $e ){
$errors[]=$e->getMessage();
}
}else{
$errors[]='Unwilling to commit to db due to previous errors';
}
}else{
$errors[]='File failed testing - incorrect type or too large';
}
}else{
$errors[]='Critical error';
}
# if there were errors, let the user know
foreach( $errors as $error )printf( '<div>%s</div>', $error );
}catch( Exception $e ){
exit( 'Bad foo: '.$e->getCode() );
}
}
# if page accessed by GET or similar....
http_response_code(404);
?>
I am trying to edit a few PHP codes lines in my Wordpress theme files with a snippet of PHP code, though I am stuck and have been struggling to do this for a while with this code.
I have been trying to tweak this piece of code to do the job but unfortunately without luck.
function update_GTour_theme_files()
{
$new_update = file_get_contents(__DIR__ . "/../../themes/grandtour/header.php");
$new_update = preg_replace('/$page_menu_transparent = 1/','$page_menu_transparent = 0',$new_update);
$new_update = preg_replace('/$grandtour_page_menu_transparent = 1/','$grandtour_page_menu_transparent = 0',$new_update);
file_put_contents (__DIR__ . "/../../themes/grandtour/header.php", $new_update);
if ( file_exists (__DIR__ . "/../../themes/grandtour/header.php") && is_writable (__DIR__ . "/../../themes/grandtour/header.php") ){
update_GTour_theme_files();
echo '</br><span style="color:green;font-weight:bold;">Changes were applied successfully.</span>';
}
else {
echo '</br><span style="color:red;font-weight:bold;">Error occured while applying the changes.</span>';
}
}
I am expecting that this code should replace some text as illustrated in the file with the described path but it doesn't work.
Where do I start... let me count the ways.
function update_GTour_theme_files()
{
$new_update = file_get_contents(__DIR__ . "/../../themes/grandtour/header.php");
$new_update = preg_replace('/$page_menu_transparent = 1/','$page_menu_transparent = 0',$new_update);
$new_update = preg_replace('/$grandtour_page_menu_transparent = 1/','$grandtour_page_menu_transparent = 0',$new_update);
file_put_contents (__DIR__ . "/../../themes/grandtour/header.php", $new_update);
if ( file_exists (__DIR__ . "/../../themes/grandtour/header.php") && is_writable (__DIR__ . "/../../themes/grandtour/header.php") ){
update_GTour_theme_files();
echo '</br><span style="color:green;font-weight:bold;">Changes were applied successfully.</span>';
}
else {
echo '</br><span style="color:red;font-weight:bold;">Error occured while applying the changes.</span>';
}
}
Lets see when you run this it does:
file_put_contents (__DIR__ . "/../../themes/grandtour/header.php", $new_update);
Then it checks:
if ( file_exists (__DIR__ . "/../../themes/grandtour/header.php") && is_writable (__DIR__ . "/../../themes/grandtour/header.php") ){
update_GTour_theme_files();
echo '</br><span style="color:green;font-weight:bold;">Changes were applied successfully.</span>';
}
Which is obviously true, or we would have gotten some errors already. So that is basically always true. Which means you call this update_GTour_theme_files(); itself again. Repeat the above steps a infinite number of times.
So that is obviously wrong. If you are calling this I would expect your browser to lockup.
So lets fix this up (single file):
function update_GTour_theme_files($file)
{
//fail early
if (!file_exists ($file) || !is_writable ($file) ) die("File $file Does not exists or is not writable");
$new_update = file_get_contents($file);
$new_update = preg_replace('/\$page_menu_transparent\s*=\s*1;/','$page_menu_transparent = 0;',$new_update);
$new_update = preg_replace('/\$grandtour_page_menu_transparent\s*=\s*1;/','$grandtour_page_menu_transparent = 0;',$new_update);
if(file_put_contents ($file, $new_update)){
echo '</br><span style="color:green;font-weight:bold;">Changes were applied successfully.</span>';
}else{
echo '</br><span style="color:red;font-weight:bold;">Error occured while applying the changes.</span>';
}
}
update_GTour_theme_files(__DIR__ . "/../../themes/grandtour/header.php");
This will only update the one file, to do more then that you need to use scandir, glob or SPL DirectoryIterator / FilesystemIterator.
PS your "main" or "big" problem (besides the recursion) is right here:
$new_update = preg_replace('/$page_menu_transparent = 1/','$page_menu_transparent = 0',$new_update);
$new_update = preg_replace('/$grandtour_page_menu_transparent = 1/','$grandtour_page_menu_transparent = 0',$new_update);
These $ in /$page_menu_transparent are not escaped so the are treated as REGEX. Which means they match the end of the string, which makes no sense. I also added some vaiable space \s*=\s* and the ; semi-colon otherwise $page_menu_transparent = 1345; will become $page_menu_transparent = 0;. This may have some impact if it's in () or an array etc. (anything without the ;)
For all files in a given folder and it's subfolders
function update_GTour_theme_files($dir)
{
if (!file_dir($dir) || is_writable ($dir) ) die("Dir $dir Does not exists or is not writable");
$Iterator = new RecursiveIteratorIterator(
new RecursiveDirectoryIterator(
$dir,
RecursiveDirectoryIterator::SKIP_DOTS|RecursiveDirectoryIterator::UNIX_PATHS
)
);
foreach($Iterator as $fileInfo){
if($fileInfo->isDir() || $fileInfo->getExtension() != 'php') continue;
$file = $fileInfo->getPathname();
$new_update = file_get_contents($file);
$new_update = preg_replace('/\$page_menu_transparent\s*=\s*1;/','$page_menu_transparent = 0;',$new_update);
$new_update = preg_replace('/\$grandtour_page_menu_transparent\s*=\s*1;/','$grandtour_page_menu_transparent = 0;',$new_update);
if(file_put_contents ($file, $new_update)){
echo '</br><span style="color:green;font-weight:bold;">Changes were applied successfully.</span>';
}else{
echo '</br><span style="color:red;font-weight:bold;">Error occured while applying the changes.</span>';
}
}
}
update_GTour_theme_files(__DIR__ . "/../../themes/grandtour/");
This uses RecursiveDirectoryIterator so it should look through all sub folders.
But this is all untested so be very careful. If you mess your files up don't come blaming me, you were warned.
That said Enjoy~
I have this plugin im making and in the file upload system i have this:
$mimes = array('image/jpeg','image/jpg','image/gif','image/png','application/pdf');
if(in_array($_FILES['attach']['type'], $mimes)){
$error = 0;
}
else {
$error = 1;
}
Then, along with other error checking i have this to upload the files to a custom folder
if($error == 0) {
$folder = PLUGIN_DIR . '/uploads/';
if(is_dir($folder)) {
$file = $_FILES["attach"]["tmp_name"];
move_uploaded_file($file, $folder.date('Ymd').'_'.$name);
}
}
This works perfectly. I've tested it but, is it ok to do like this? Or is there a better way to do it?
Thanks in advance!
I think better use this codex.wordpress.org
<?php
// We will check the protection of nonce and that the user can edit this post.
if (
isset( $_POST['my_image_upload_nonce'], $_POST['post_id'] )
&& wp_verify_nonce( $_POST['my_image_upload_nonce'], 'my_image_upload' )
&& current_user_can( 'edit_post', $_POST['post_id'] )
) {
// all OK! We continue.
// These files must be connected to the front end (front end).
require_once( ABSPATH . 'wp-admin/includes/image.php' );
require_once( ABSPATH . 'wp-admin/includes/file.php' );
require_once( ABSPATH . 'wp-admin/includes/media.php' );
// Let WordPress catch the download.
// Do not forget to specify the attribute name field input - 'my_image_upload'
$attachment_id = media_handle_upload( 'my_image_upload', $_POST['post_id'] );
if ( is_wp_error( $attachment_id ) ) {
echo "Error loading media file.";
} else {
echo "The media file has been successfully uploaded!";
}
} else {
echo "Verification failed. Unable to load file.";
}
?>
check whether free space availability. I had the same issue I have checked every thing and done more but the issue was with my file storage
Running Apache 2.2 with PHP 5.3 on Windows 8. Trying to get the PHP class ImapMailbox to download attachments, but each time I getMail(), the attachments value is empty on every email that has attachments.
All the rest of the email info is downloaded correctly.
I've looked through the class code but can't identify where the problem might be.
Here is my current code:
$mailbox = new ImapMailbox('{testsite.com:110/pop3/novalidate-cert}INBOX', 'testemail#testsite.com', 'MyPaSs', ATTACH_DIR, 'utf-8');
$mails = array();
foreach($mailbox->searchMailbox('SUBJECT "test attach" SINCE "' . date('m/d/Y', strtotime('-1 week')) . '"') as $mailId) {
$mail = $mailbox->getMail($mailId);
$mails[] = $mail;
}
After dumping the $data var in getMail(), it appears there are attachments in winmail.dat format. The code cannot get to these because no attachmentId value is being assigned due to an empty 'ifid' value. Decoding the winmail.dat attachments can be done, but only if they are detected and written to file.
Any ideas how create a workaround in the ImapMailbox code for this?
Here is what I wrote that fixes this problem.
At the beginning of initMailPart() method, add the following:
static $altAttachmentId = 0;
At the end of the IF block for if($this->attachmentsDir) { add the following where the closing } bracket is:
} elseif (!empty($params['fileName']) || !empty($params['filename']) || !empty($params['name'])) { // Process attachments that are not inline.
// Check if need to decode TNEF (Winmail.dat) file.
if ($partStructure->ifsubtype && $partStructure->subtype == 'MS-TNEF') {
require_once 'path_to_your/tnef_decoder.php';
$Tnef = new tnef_decoder;
$un_tnef = $Tnef->decompress($data);
$attached_files = array();
foreach ($un_tnef as $f) {
if (!empty($f['name']) && !empty($f['stream'])) {
$attachment = new IncomingMailAttachment();
$attachment->id = $altAttachmentId;
$attachment->name = $f['name'];
$attachment->filePath = $this->attachmentsDir . DIRECTORY_SEPARATOR . preg_replace('~[\\\\/]~', '', $f['name']);
$mail->addAttachment($attachment);
if (file_exists($attachment->filePath) && md5($f['stream']) != md5_file($attachment->filePath)) {
$attachment->filePath = $this->attachmentsDir . DIRECTORY_SEPARATOR . preg_replace('~[\\\\/]~', '', $mail->id . '_' . $altAttachmentId . '_' . $f['name']);
}
file_put_contents($attachment->filePath, $f['stream']);
$altAttachmentId++;
}
}
} else {
if (!empty($params['filename'])) {
$fileName = $params['filename']; // Account for random camel-case mistake on element.
} elseif (!empty($params['fileName'])) {
$fileName = $params['fileName'];
} else {
$fileName = $params['name'];
}
$attachment = new IncomingMailAttachment();
$attachment->id = $altAttachmentId;
$attachment->name = $fileName;
$attachment->filePath = $this->attachmentsDir . DIRECTORY_SEPARATOR . preg_replace('~[\\\\/]~', '', $mail->id . '_' . $altAttachmentId . '_' . $fileName);
$mail->addAttachment($attachment);
file_put_contents($attachment->filePath, $data);
$altAttachmentId++;
}
}
Note that you must include the tnef_decoder.php file found in the Roundcube Webmail package for the TNEF decoding to work. I got inspiration for the TNEF solution here.
This modification will process all TNEF encoded files in a Winmail.dat file and any other attachment that is not attached inline. Watch your memory usage on large files.
It also won't overwrite existing files that are the same name if they are not exactly the same.