I have a very basic, very straightforward function that takes a file (after checking it to make sure its a zip among other things) and uploads it, unpacks it and such:
public function theme(array $file){
global $wp_filesystem;
if(is_dir($wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/")){
$target_path = $wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/";
if(move_uploaded_file($file['tmp_name'], $target_path . '/' . $file['name'])) {
$zip = new ZipArchive();
$x = $zip->open($target_path);
if ($x === true) {
$zip->extractTo($target_path); // change this to the correct site path
$zip->close();
//unlink($target_path);
}
$this->success('We have uplaoded your new theme! Activate it bellow!');
} else {
$this->error('Oops!', 'Either your zip is corrupted, could not be unpacked or failed to be uploaded.
Please try again.');
}
}else{
$this->error('Missing Directory', 'The Directory theme under custom in Aisis Theme does not exist.');
}
if(count(self::$_errors) > 0){
update_option('show_errors', 'true');
}
if(count(self::$_messages) > 0){
update_option('show_success', 'true');
}
}
Extremely basic, yes I have used my target path as both the path to upload too and unpack (should I use a different path, by default it seems to use /tmp/tmp_name)
Note: $file is the array of $_FILES['some_file'];
My question is I get:
Warning: move_uploaded_file(/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip): failed to open stream: Permission denied in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82
Warning: move_uploaded_file(): Unable to move '/tmp/phpfwechz' to '/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip' in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82
Which basically means that "oh the folder your trying to move from is owned by root, no you cannot do that." the folder I am moving too is owned by apache, www-data. - I have full read/write/execute (it's localhost).
So question time:
Should my upload to and move to folder be different?
How, in a live environment, because this is a WordPress theme, will users who have the ability to upload files be able to get around this "you dont have permission"?
You should try to do it the wordpress way. Uploading all user content to wp-content/uploads, and doing it with the native functions.
As you mention, uploading to a custom directory, may be an issue to non tech savvy users. /uploads already have the special permissions.
Check out wp_handle_upload. You just have to limit the mime type of the file.
The path you are trying to upload is some where wrong here
wp-content//themes
try removing one slash
Related
My aim is to download multiple files into the folder on my localhost. I am uploading them using the HTML form.
Here is the code (really sorry that I can't give a link to the executable version of the code because it relies on too many other files and database if anyone knows the way then please let me know)
foreach ($_FILES as $value) {
$dir = '/';
$filename = $dir.basename($value['name']);
if (move_uploaded_file($value['tmp_name'],$filename)) {
echo "File was uploaded";
echo '<br>';
}
else {
echo "Upload failed";
echo '<br>';
}
}
So this little piece of code give me an error:
And here are the lines of code:
The problem is that the adress is correct, I tried enterring it into my file directory and it worked fine, I have seen some adviced on other people's related questions that // or \ should be used instead, but my version works just fine! Also I have checked what's inside the $_FILES and here it is if that's required for someone trying to help:
Thank you very much if anyone could help!!
You are trying to move the file to an invalid (or non-existent) path.
For the test you will write
$dir = 'c:/existing_dir/';
$filename = $dir.basename($value['name']);
If you want to move the file to a folder that is relative to the running file try
$dir = '../../directory/';// '../' -> one directory back
$filename = $dir.basename($value['name']);
By starting your file path with $dir = '/'; you are saying store the file on the root folder, I assume of C:
Apache if correctly configures should not allow you access to C:\
So either do
$dir = '../';
$filename = $dir.basename($value['name']);
to make it a relative path or leave the $dir = '/'; out completely
I'm creating a PHP script, which supposed to extract a zip archive stored on the php file directory to a folder.
Everything works well, but when I check te result, I find 2 folders under the directory: a folder with the name of the zip archive, and another folder named __MACOSX. I don't know how this folder came there, especially as I'm using Windows 7. Second, in each folder there is a file called .DS_Store.
Now, I don't know how these things got there. This is my code:
$zip = new ZipArchive;
if ($zip->open('File.zip')) {
$path = getcwd() . "/details/" . trim($id) . "/";
$path = str_replace("\\","/",$path);
echo $path;
echo $zip->extractTo($path);
$zip->close();
echo 'ok';
} else {
echo 'failed';
}
This is the only code that extracts the zip file, or touching it, and as you can see, there is nothing like __MACOSX or .DS_Store.
Can you please help me?
File.zip originated on a OSX system. __MACOSX and .DS_Store have 0 usage or bearing on any other OS. Delete / Ignore them and keep trucking.
As an aside, you may want to add the stated file system objects to your project .gitignore.
https://superuser.com/questions/104500/what-is-macosx-folder
https://en.wikipedia.org/wiki/.DS_Store
So i am trying to create a php on webhost allow client to upload files to the webhost then webhost use ftp_put to upload file to another ftp server. The following function is used for upload the file.
//upload ftp
function ftp_upload($conn, $vid_name, $video){
//get tmp file
$file_tmp_name = $video['tmp_name'];
echo $file_tmp_name;
//combine name with extension name
$server_file_name = $vid_name . "." . pathinfo($video['name'],PATHINFO_EXTENSION);
//upload video
$upload = ftp_put($conn, $server_file_name, $file_tmp_name , FTP_BINARY);
return $upload;
}
However it keeps getting the error msg,
Warning: ftp_put(/tmp/phpKOtNWK) [function.ftp-put]: failed to open stream: No such file or director.
So i went to the file manager in the webhost under my subdomain, there is no such directory called tmp, and i don't have privilege to enter the root directory for the webhost.
appreciate for your helps.
So thanks to Twisty 23 and Jon Stirling's advices, i've solved the issue. Unfortunately noone posted answer(all comments) which bugs me to keep this unsolved, so i'll just answer myself.
This is the code i used at the beginning to redirect
//store video information into session
if(count($_POST) >0 ){
$_SESSION['vid_name'] = $_POST['vid_name'];
$_SESSION['video'] = $_FILES['video'];
//move tmp file to permanent location temp folder
move_uploaded_file($_FILES['video']['tmp_name'], "./temp/" . $_POST['vid_name'] . ".tmp");
//change tmp location to temp folder
$_SESSION['video']['tmp_name'] = "./temp/" . $_POST['vid_name'] . ".tmp";
//redirect
header("Location: " . $_SERVER['REQUEST_URI']);
die();
}
and then i don't need to change anything on ftp_upload function, i can use $_SESSION['video']['tmp_name'] straight away.
I wrote a script that would allow me to upload images and files to my servers, and now that I've switched domains, everything seems a bit messed up.
I've changed the urls and directories, and I've got my chmod set at 777 for the directories needed (cdn and img)
Script:
$folder = "/cdn/img";
$HTTP_POST_FILES = "";
if(isset($_FILES['filename']['tmp_name'])) {
if (is_uploaded_file($_FILES['filename']['tmp_name'])) {
$ext = strtolower(end(explode('.', $_FILES['filename']['name'])));
$fileCode = fileCode($ext);
if(move_uploaded_file($_FILES['filename']['tmp_name'], $folder . $fileCode)) {
echo 'Your file has been uploaded! View and share your file here';
} else {
echo "THERE'S A GLITCH IN THE MATRIX! YOUR FILE COULDN'T BE UPLOADED!";
}
} else {
Echo "Failed. Try again.";
}
And I'm getting this error:
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpZ1TbaL' to 'http://codyleek.me/cdn/img/e6fmd6.png' in /home/codyleek/public_html/cdn/upload.php on line 17
Sorry that my formatting sucks. I'm new here aha.
But um, could any of you help me? I've tried redoing the URLs, resetting permissions, everything I can think of.
My PHP knowledge is limited.
Thanks in advance.
You should move it to a path on your disk (for example /srv/www/mydomain.com/img/test.png) and not to another website like you're doing now (http://...). By using http://x you are saying: 'use the HTTP-protocol, on domain x to ....'
I am using the following php file upload class to upload my files in relative security. I'll be adding more security features later:
http://www.verot.net/php_class_upload.htm
My problem is though, I would like to upload my file to the folder www.mysite.com/upload which I've already pre-created ready to take the files.
The only problem is I don't know how to set it properly to do that. I've confirmed the form is submitting fine. Here's what I tried to use:
$handle = new class_upload($_FILES['image_upload']);
if ($handle->uploaded) {
$handle->file_new_name_body = 'image_resized';
$handle->image_resize = true;
$handle->image_x = 100;
$handle->image_ratio_y = true;
$handle->process('/home/user/upload');
if ($handle->processed) {
echo 'image resized';
$handle->clean();
} else {
echo 'error : ' . $handle->error;
}
}
I get the error:
"Destination directory can't be created. Can't carry on a process."
What do I set for $handle->process('/home/user/upload'); so that it will upload into the correct directory?
The error message suggests that the user your webserver is running under may not have permissions to create directories... so it would imply the directory you've created is not being targeted.
You'll need full path to this folder... one way to get it would be to use:
$handle->process($_SERVER['DOCUMENT_ROOT'] . '/upload/');
I'd try and avoid this though as the $_SERVER variable can be tampered with or can be inaccurate in general.
The better approach imho would be:
$handle->process(realpath(dirname(__FILE__) . '/upload/');
And ensure the folder you've created has writable permissions for the web-server's user/group.
I suspect, what you are looking for is $handle->process(dirname(__FILE__).'/home');, assuming the calling script is directly in the web root folder.