I a php script which is called from a file form and it is supposed to check the form for password, filename, filetype and errors uploading to temp. If it passes all tests it's supposed to upload using move_uploaded_file but this does not work. No errors are outputted but I know it passes all the tests otherwise it would return back to the page.
PHP script:
<?php
$temp = explode(".", $_FILES["file"]["name"]);
if ($_POST["pass"] == "examplePass"){
if($_FILES["file"]["name"] == ""){
header("Location: /upload?i=f");
}
elseif($_FILES["file"]["type"] != "application/x-shockwave-flash"){
header("Location: /upload?i=s");
}
elseif ($_FILES["file"]["error"] > 0){
header("Location: /upload?i=e");
}
else{
move_uploaded_file($_FILES["file"]["tmp_name"], "/swf/". $_FILES["file"]["name"]);
if(file_exists("/swf/" . $_FILES["file"]["name"])){
header("Location: /upload?i=o");
}
else{
print_r($_FILES);
}
}
}
else{
header("Location: /upload?i=p");
}
?>
This outputs:
Array ( [file] => Array ( [name] => launcher.swf [type] => application/x-shockwave-flash [tmp_name] => /tmp/phpBugtQL [error] => 0 [size] => 161303 ) )
I have tried this with multiple swf files and I can remember it used to work.
I have set the whole of my web folder to 0777 and also recursed this into all sub-directories and files.
The directory /swf/ is at root so that is the absolute path.
Thanks in advance, Kyle
You can try using, ../swf/ or full path of the swf folder instead of /swf/
move_uploaded_file($_FILES["file"]["tmp_name"], "../swf/". $_FILES["file"]["name"]);
Reason for swf folder path, make sure you have used the correct path
Related
I'm trying to download a file from my website to my server but can't find why or where I'm doing that wrong.
Here my php code :
$fn = $_FILES['file']['name'];
if (is_writable('.')) {
echo "Writable<BR>";
} else {
echo "Not writable<BR>";
}
$upfile = './'.basename($fn);
echo $upfile.'<BR>';
shell_exec("echo 'baaaaah' > test.baaaah");
$f = $_FILES['file']['tmp_name'];
echo $f.'<BR>';
if (is_uploaded_file($f)) { echo "uploaded<BR>"; } else { echo "not uploaded<BR>";}
$com = "test - f ".$f." && echo 'F' || echo 'N'";
echo $com.'<BR>';
echo shell_exec($com).'<BR>';
if (move_uploaded_file($f,$uploadfile)) {
echo "File transfer OK<BR>";
} else {
echo "File transfer NOK<BR>";
}
print_r($_FILES);
And here the website output :
Writable
./flag.jpg
/tmp/phpyKvhEz
uploaded
test - f /tmp/phpyKvhEz && echo 'F' || echo 'N'
N
File transfer NOK
Array ( [file] => Array ( [name] => flag.jpg [type] => image/jpeg [tmp_name] => /tmp/phpyKvhEz [error] => 0 [size] => 1660 ) )
So first thing I check if my folder is writable (it's not intended to be '.' but I moved to here because the folder I want wasn't working either (same behavior as '.' through...)) => check
Then I try to shell_exec a file here juste to be sure => check, file is on server
Then I check if the temp file is created on the server :
- check, anyway is_uploaded thinks the file is here
- not check, but a test on the temp file doesn't work (and since the file is not supposed to be removed before the end of the script it should see the file here imho ?)
Then I try to make the move_uploaded_file => not check
And I print the $_FILES who shows nothing suspicious (error = 0, file names matches what I see before).
I can't figure what goes wrong nor where a mistake can come from ><
$uploadfile is undefined in your code. Change it or set it to '.' and it should work.
Got a script I've used several times, using move_uploaded_file. But what I can't figure out is why it do not respond in any way, no error reports, nothing.
<form> using method="post", target="upload" that is an <iframe>
action="file.php" responds to $_FILES
Correct enctype
Filerights is set to 777
Upload folder "uploads" exists
print_r($_FILES['file']) gives me:
Array
(
[name] => 1392930853.png
[type] => image/png
[tmp_name] => /tmp/php0rZdBf
[error] => 0
[size] => 611
)
The code below illustrates my script, and what I've figured out is that the last line with move_uploaded_file is the cause of my problem as it do not respond at all. As I wrote above, no error, no nothing.
Pastebin to script: http://pastebin.com/49m9Siqi
Got a clue what could be the cause of this?
$destination_path = getcwd().'/uploads/';
//echo $destination_path;
// File handling
$counted = count($_FILES['file']['name']);
$counted = $counted-1;
for ($i=0; $i<=$counted; $i++) {
if ($_FILES['file']['error'][$i] == UPLOAD_ERR_OK) {
$md5file = rand() . rand() . md5($_FILES['file']['name'][$i]) . rand() . rand();
if(move_uploaded_file($_FILES['file']['tmp_name'][$i], $destination_path . $md5file . "." . basename($_FILES['file']['type'][$i]))) { echo 'THIS WILL NOT BE ECHOED OUT ON THE PAGE'; }}}
There was a simple error in my form, as I handle my uploaded files like an array I need to create the array first.... Which I forgot to do in my form.
Wrong
<input type="file" name="file">
Correct
<input type="file" name="file[]">
With PHP 5 I would like to upload an XML file via a web form and parse it using SimpleXML.
I've tried few SimpleXML examples and they work fine at my CentOS 6 Linux server.
However, I don't have any experience with handling uploaded files in PHP yet.
Should I use the $_FILES and do I always have to use a temporary file or can it be done completely in memory?
From PHP Cookbook I've copied this example:
<html>
<body>
<?php if ($_SERVER['REQUEST_METHOD'] == 'GET') { ?>
<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME'] ?>"
enctype="multipart/form-data">
<input type="file" name="doc"/>
<input type="submit" value="Send File"/>
</form>
<?php } else {
if (isset($_FILES['doc']) &&
($_FILES['doc']['error'] == UPLOAD_ERR_OK)) {
$oldPath = $_FILES['doc']['tmp_name'];
$newPath = '/tmp/' . basename($_FILES['doc']['name']);
if (move_uploaded_file($oldPath, $newPath)) {
print "File moved from $oldPath to $newPath";
} else {
print "Couldn't move $oldPath to $newPath";
}
} else {
print "No valid file uploaded.";
}
}
?>
</body>
</html>
It works fine and for the print_r statement added by me the following output is printed:
Array
(
[document] => Array
(
[name] => my_file.xml
[type] => text/xml
[tmp_name] => /tmp/phpRD9cYI
[error] => 0
[size] => 1610252
)
)
And I can see the /tmp/my_file.xml file.
My question is though if I can skip the creation of temporary files?
I don't like them because:
They are sometimes security issue
They have to be cleaned up (by a cronjob?)
Their names might collide (probably seldom case unless it's 1)
UPDATE: Also, I don't understand, why can't I read the file at $oldPath? It is not found there and I have to call the move_uploaded_file() and then read the $newPath...
You don't need to save/move the file in a new folder,
if (isset($_FILES['doc']) && ($_FILES['doc']['error'] == UPLOAD_ERR_OK)) {
$xml = simplexml_load_file($_FILES['doc']['tmp_name']);
}
The tempfile generated will be automatically removed when the PHP script finishes. Hope this helps.
I have looked through the five other similar questions on here and none of them have been able to solve my problem. I am uploading a CSV file that is 1657 bytes in size.
Here are some values from my php.ini file
upload_max_filesize = 2M
post_max_size = 8M
$file = $_FILES['csv'];
if (!isset($file)) {
halt(HTTP_NOT_FOUND, 'This page could not be found on the web server');
}
if (substr(strrchr($file['name'], '.'), 1) != 'csv') {
halt(500, 'Sorry but please upload a CSV file next time!');
}
if ($file['error'] != '0') {
die('An error occurred during upload.<br />Error: ' . $file['error']);
}
$file_loc = '/home/x/tmp/up/' . basename($file['tmp_name']) . '.csv';
if (file_exists('/home/x/tmp/up/')) {
echo 'the directory exists....<br/>';
}
if (file_exists($file['tmp_name'])) {
echo 'tmp file exists<br/>';
echo filesize($file['tmp_name']) . 'b<br/>';
}
if (move_uploaded_file($file['tmp_name'], $file_loc)) {
echo 'Uploaded to: ' . $file_loc;
} else {
echo 'something went wrong!' . print_r($_FILES['csv'], true);
echo '<br />Upload Max Size: ' . ini_get('upload_max_filesize');
echo '<br />POST Max Size: ' . ini_get('post_max_size');
}
And here is the generated output when I upload the file:
the directory exists....
tmp file exists
1657b
something went wrong!Array ( [name] => hm.csv [type] => application/vnd.ms-excel [tmp_name] => /tmp/php72p1VP [error] => 0 [size] => 1657 )
Upload Max Size: 2M
POST Max Size: 8M
I have already looked on PHP.net under the "common pitfalls" article which didn't lead to anything being fixed. Can anyone see what is wrong or give me some tips?
The following tips can be helpful.
1. The folder exists, check for spellings
2. Check the properties of the folder and make sure the permissions have read+write 0666
3. Make sure the file is within your public html root, otherwise double check the owner of the file, and make sure PHP Has read / write access to it.
4. Look for the logs i.e. Unable to move '/tmp/php6wlOg1' to 'upload/110216104651_00134_smooth_1440x900.jpg'
5. If the size of post data is greater than post_max_size, the $_POST and $_FILES superglobals are empty. So set it according to your need.
Also set this to see if there are any errors
error_reporting(E_ALL); // or E_STRICT
ini_set("display_errors",1);
ini_set("memory_limit","1024M");
After multiple exchanges with a tech at the hosting provider, they managed to give the folder the right permissions (I had tried 0777 before but it did not work). I believe some voodoo went on behind the scenes but this is No errors in the error_log; I have set 777 permissions on /home/x/up and the script began working.
As a bit of a follow up to Javascript form won't submit (to view the code I am using visit that link) I am now encountering a problem that I cannot find the file that has been uploaded.
I have added $files = apc_fetch('files_'.$_POST['APC_UPLOAD_PROGRESS']); to the top of my page and this is the output of print_r($files);
Array
(
[theFile] => Array
(
[name] => tt1.mp4
[type] => video/mp4
[tmp_name] => /tmp/php2BEvy7
[error] => 0
[size] => 1050290
)
)
However when I try to run the following code:
if (file_exists($files['theFile']['tmp_name'])) {
$webinarType = strcmp($files['theFile']['type'], 'video/mp4');
if($webinarType == 0) {
$webinarFile = $fileTitle;
$webinarTempName = $files['theFile']['tmp_name'];
} else {
echo 'Webinar must be .mp4';
}
} else {
echo "No File";
}
I get the No File output.
I have ssh'd into the server and the file is not in /tmp/, /path/to/public_html/tmp/ or path/to/file/tmp/ all of which exist.
I have tried to use move_uploaded_file() but as this is executed on all file inputs I can't get the tmp_name dynamically due to my limited knowledge of javascript.
tl;dr version; Where is my file gone and how can I find it?
NOTE; This form did work before the APC intevention and I am running wordpress in case that affects anything.
Fixed this one on my own as well.
In the progress.php file (found on the other question) I modified the elseif statement with this:
elseif(($s_progressId = $_POST['APC_UPLOAD_PROGRESS']) || ($s_progressId = $_GET['APC_UPLOAD_PROGRESS']))
{
// If the file has finished uploading add content to APC cache
$realpath = realpath($PHP_SELF);
$uploaddir = $realpath . '/tmp/';
foreach ($_FILES as $file) {
if(!empty($file['name'])) {
$uploaded_file = $file['name'];
$moveme = $uploaddir.$uploaded_file;
move_uploaded_file($file['tmp_name'], $moveme);
}
}
apc_store('files_'.$s_progressId, $_FILES);
die();
}
That way I could iterate through the $_FILES array without knowing the name of the input. I noticed that it loops through a couple of times hence the if(!empty()) however in hindsight it's probably best practice anyway.