I am trying to allow users to upload a max of a 2GB jar file with an HTML file input and PHP. The process works fine and it uploads the file, but only if it is small. I have set the php.ini to this:
max_execution_time = 10000
max_input_time = 10000
post_max_size = 2048M
upload_max_filesize = 2048M
After I did this it made all my php pages that has in it:
require_once("../include/config.php");
to load as a plain white page with NOTHING on it OR (SOMETIMES) it gives me this error:
Fatal error: Cannot redeclare encodePassword() (previously declared in /home/duskfall/public_html/authentication/encode.php:2) in /home/duskfall/public_html/authentication/encode.php on line 80
On line 80 where it said it was is:
$coded = "";
Why would it do this when I only put 4 things in the php.ini. They are also the only 4 things when I created the php.ini file. It even does it when I put NOTHING in the php.ini file. Do I need to put some other things in the file?
How would I fix this problem. Or is there a better way to do it with the php.ini and make it effect just ONE php page?
EDIT: Also I am using the host godaddy.com on a linux server if that helps at all.
Before use post_max_size you must set memory_limit.
post_max_size depend of memory_limit, memory_limit is must be higher than post_max_size, not equal.
Also post_max_size must be higher than upload_max_filesize.
Use in php script:
echo ini_get("memory_limit")."\n";
ini_set("memory_limit","30M");
echo ini_get("memory_limit")."\n";
echo ini_get("post_max_size")."\n";
ini_set("post_max_size","20M");
echo ini_get("post_max_size")."\n";
echo ini_get("upload_max_filesize")."\n";
ini_set("upload_max_filesize","19M");
echo ini_get("upload_max_filesize")."\n";
Also:
I think you have a problem with your function encodePassword().
Try use new clear test files like:
test.html
<form enctype="multipart/form-data" action="/path/to/your/phpscript" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
Send this file: <input name="userfile" type="file" />
<input type="submit" value="Send File" />
</form>
test.php
$uploaddir = '/path/to/your/dir';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "Success.\n";
} else {
echo "Error!\n";
}
echo '<pre>';
echo 'Debug file:';
print_r($_FILES);
echo "</pre>";
Related
This is my first post here to stackoverflow. I searched for other solutions to this problem on this site but was unable to find any solution. I even had an extensive session with GoDaddy support that was unsuccessful.
Here is my code, which is slighty modified from the PHP reference:
<html>
<body>
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
if (isset($_POST['submit'])){
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
$tmpfile = $_FILES['userfile']['tmp_name'];
echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'File name: '.$uploadfile."\r\n";
echo 'Temp file: '.$tmpfile."\r\n\r\n";
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
}
}
?>
<form enctype="multipart/form-data" action="#" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file" />
<input type="submit" name="submit" id="submit" value="Send File" />
</form>
</body>
</html>
The output when I upload a file is this:
Warning: move_uploaded_file(uploads/Bender.jpg): failed to open stream: No such file or directory in /home/nflaum/public_html/_working/file_upload.php on line 15
Warning: move_uploaded_file(): Unable to move '/tmp/phpWmeSDx' to 'uploads/Bender.jpg' in /home/nflaum/public_html/_working/file_upload.php on line 15
Possible file upload attack! File name: uploads/Bender.jpg Temp file: /tmp/phpWmeSDx
Here is some more debugging info:Array (
[userfile] => Array
(
[name] => Bender.jpg
[type] => image/jpeg
[tmp_name] => /tmp/phpWmeSDx
[error] => 0
[size] => 91463
)
)
Here are things I have already tried:
Created my own php.ini file and tried every combination of upload_tmp_dir imaginable (verifying with phpinfo), both on my own and with a GoDaddy rep. Verified file_uploads is on and all settings are ok.
Verified that the folders had 777 permissions for every combination tried.
Tried renaming .htaccess in case some routing configuration was causing an issue.
Connected to SSH and checked the root /tmp folder to see if it was there (GoDaddy sets home folder to /home/)
None of it resolved the issue. It looks like PHP thinks the file is being uploaded correctly, yet it's nowhere to be found. I'm hoping one of the geniuses on this forum is able to help me see something I've missed.
I think the path is not correct from the script current position. Did you check that? Is the folder "uploads" in the same directory of the file_upload.php script?
I've been pulling hairs on this one. I am creating a quit simple file upload application. On a specific point, the files are not uploaded and I receive the message: "Sorry, your file is too large.". I am uploading a file of ±2MB.
The relevant parameters in the php.ini are:
file_uploads On
max_execution_time 60
max_file_uploads 20
post_max_size 32M
upload_max_filesize 32M
So, there shouldn't be a problem there. Anybody an idea?
Used code:
if (isset($_POST['fileUploadBtn'])) {
echo 'File Size: '.$_FILES['file']['size'];
if(isset($_FILES['file']['error'])) {
echo $error_types[$_FILES['file']['error']].'<br>';
}
if(isset($_FILES["file"])) {
if($_FILES["file"]["name"] != '') {
uploadFile($mysqli, $orderid, $md5, $_FILES["file"], 'weefontwerp');
}
}
}
In your code, did you check the file size?
like this:
if ($_FILES['fileToUpload']['size'] > 500000) {
echo 'file too large.';
}
Or, did you restart php to reload the php.ini?
OK, the problem was in the downloaded upload function. There was the check, I forgot to check. I'm terribly sorry to post this here!
I have a problem. I am creating my own PHP application and I want to allow users to upload files.
My PHP
function make_upload() {
echo "<pre>";
print_r($_FILES);
echo "</pre>";
}
if (isset($_GET["upload"]) && $_GET["upload"] == "1") {
make_upload();
}
My HTML
<form action="?upload=1" method="post" enctype="multipart/form-data">
<input name="file[]" type="file" multiple/>
<input type="submit" value="Upload"/>
</form>
When I try to browse and select many files, the print_r($_FILES); shows blank Array ( ) instead of the array with my files. That's happens because of post_max_size which is set to 8M. If I change my post_max_size then I can select more images.
I want to share my application to be installed on websites, but I don't want to tell users to increase their post_max_size.
Is there any option to avoid post_max_size? (I see that in wordpress I can select images which are over the post_max_size - how is made?)
you can do it via .htaccess file.
php_value upload_max_filesize 200M
but sometime hosting provider does not allow you to overrite it. you will get 500 Internal Server Error in that case
You need to set the value of upload_max_filesize and post_max_size in your php.ini :
Maximum allowed size for uploaded files.
upload_max_filesize = 40M;
Must be greater than or equal to upload_max_filesize
post_max_size = 40M;
After modifying php.ini file(s), you need to restart your HTTP server to use new configuration.
If you can't change your php.ini, you're out of luck. You cannot change these values at run-time; uploads of file larger than the value specified in php.ini will have failed by the time execution reaches your call to ini_set.
See the Description of core php.ini directives.
you have not passed array to function pass it when you calling
if (isset($_GET["upload"]) && $_GET["upload"] == "1") {
make_upload($_FILES); // pass this $_FILES array to function
}
AND function would be like this
function make_upload($_FILES) {
echo "<pre>";
print_r($_FILES); // will print array
echo "</pre>";
}
Okay, so I set up an upload engine for a website so that an authenticated user can upload a audio file (a key) for a song in the library, but I come across this strange problem when I try to upload any file over 5MB.
I set my php.ini max filesize to 50MB by the way
Everything uploads properly, but there is no data associated with the file on the other end.
HTML CODE:
<form action="keyUpload.php?id=<?php echo $id;?>" method="post" enctype="multipart/form-data">
<p style="color:#fff;font-size:30px;font-family:Times">
Add a new Key:<br/><input name="uploaded" type="file" id="file"><br />
<input type="text" name="kname" id="kname" value placeholder="Key Name (Ex. Demo, A#, etc.)" style="width:300px;"><br/>
<button class="button">Upload File</button><br/>
<span style="font-size:12px;">*Max Filesize is 50 MB*</span>
</p>
</form>
PHP CODE:
<?php
$id=$_GET["id"];
$name=$_POST["kname"];
$name = str_replace(" ","%20",$name);
$allowed_filetypes = array('.mp3','.m4a','.wav','.wma');
$filename = $_FILES['uploaded']['name'];
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
Both $filename and $ext are empty variables when I upload a file larger than 5 MB. In all other cases, this engine works perfectly.
When echoed, simply nothing happens, so obviously the engine will not save the file if it doesn't exist. What's going on?
var_dump:
array(0) { }
Thanks for all your help!
Check for upload errors:
if ($_FILES['uploaded']['error'] !== UPLOAD_ERR_OK) {
die("Upload failed with error code " . $_FILES['uploaded']['error']);
}
The error codes are defined here: http://www.php.net/manual/en/features.file-upload.errors.php
As well, do NOT use filenames to validate the uploads. It is beyond trivial for a malicious user to fake a filename and upload malicious files, eg.
ren nastyvirus.exe good_tune.mp3
And don't use string operations on filenames. There's a whole whack of PHP functions for filename manipulation, e.g. http://php.net/basename
Set max_post_size in php.ini as well.
i am new to this one and in a learning phase. i created a form like below,
<html>
<body>
<form enctype="multipart/form-data" action="/cgi-bin/FileUpload.php" method="POST">
<label for="file">Filename:</label>
<input type="file" name="ufile"/>
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
and my php script looks like,
#!/usr/bin/php
<?
header("Content-type:text/html");
echo "\n";
if (isset($HTTP_POST_VARS['submit'])){
echo "HTTP_POST_VARS['submit'] is set" . "<br />";
}
if (empty($_POST)) {
echo "Empty POST !" . "<br />";
}
if(isset($_POST['type'])){
echo "POST['type'] is set to " . $_POST['type'] . "<br />";
}
if (isset($_SERVER['REQUEST_METHOD'])){
echo "_SERVER['REQUEST_METHOD'] is set and REQUEST_METHOD = " . $_SERVER['REQUEST_METHOD'] . "<br />";
}
if (empty($_FILES)){
echo "_FILES is empty ! " . "<br /> <br />";
}
the putput looks like,
Empty POST !
_SERVER['REQUEST_METHOD'] is set and REQUEST_METHOD = POST
_FILES is empty !
the related items in php.ini is like below,
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
upload_tmp_dir = /tmp
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 2M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
; Maximum size of POST data that PHP will accept.
; http://php.net/post-max-size
post_max_size = 10M
now, why the _POST and _FILES are getting empty ?
A few things:
1.
#!/usr/bin/php
^^^^
The spaces before your shebang will be treated as output by the PHP interpreter. The shebang should appear at the very start of your file
2.
HTTP_POST_VARS is deprecated and should not be used anymore, unless you're on an ancient PHP version, in which case you really should upgrade.
3.
Put a phpinfo(); call into your script. It'll show both the global settings AND the local settings. It's possible that a config file (.htaccess, another .ini later in the loading chain, etc...) is overriding your settings and disabling file uploads. If the local column in the phpinfo output doesn't show the proper settings, you'll have to figure out where the override is occuring.
4.
Instead of doing "blahblah is empty" and the like, try doing var_dump($whatever), which'll show you the actual empty array, or its contents (type+size+data) if there is anything present.
In addition to the comments above, try var_dump($_POST) and var_dump($_FILES); that will dump every file and values posted to the page.
If it's not working, and your php.ini settings are as you wrote earlier, you can try using the ini_set() function on the action page. Use ini_set() to set the file_uploads and the other configuration settings. Ini_set() will not work for all the settings, but it should be enough to get you started.
Don't forget the dependable phpinfo() function also.