I am trying to upload files in dynamically created folder. It is working properly in my localhost but on server it is showing me error.
The Error is:-
Warning: move_uploaded_file() [function.move-uploaded-file]: open_basedir restriction in effect. File(/tmp/php323kcy) is not within the allowed path(s): (/home/) in /home/..../public_html/www..com./.../controller/add-product-process.php on line 83
My Php code is Here
<?php
include 'connection.php';
if(isset($_POST['product_name']) && ($_POST['category'])&& ($_POST['sub-category']) && ($_POST['product_qty']) && ($_POST['price']) && ($_POST['description']) && ($_POST['weight']))
{
$pname = $_POST['product_name'];
$category = $_POST['category'];
$scategory = $_POST['sub-category'];
$qty = $_POST['product_qty'];
$price = $_POST['price'];
$desc = $_POST['description'];
$dp=$_POST['dp'];
$offer= $_POST['offer'];
$size=$_POST['size'];
$weight=$_POST['weight'];
if(isset($_POST['color']))
{
$color=$_POST['color'];
}
else
{
$color = "N/A";
}
$query3 = mysql_query("select category_id from category where category_name='$category'");
$row3 = mysql_fetch_array($query3);
$query4 = mysql_query("select sub_category_id from sub_category where sub_category_name='$scategory'");
$row4 = mysql_fetch_array($query4);
$query1 = mysql_query("select product_id from stock");
while ($row = mysql_fetch_row($query1)) {
$id = $row[0];
}
$str1 = substr($id, 2, 5);
if (($str1 >= 1) && ($str1 < 9)) {
$str1++;
echo $new_id = "RD0000" . $str1;
} else if (($str1 >= 9) && ($str1 < 99)) {
$str1++;
echo $new_id = "RD000" . $str1;
} else if (($str1 >= 99) && ($str1 < 999)) {
$str1++;
echo $new_id = "RD00" . $str1;
} else if (($str1 >= 999) && ($str1 < 9999)) {
$str1++;
echo $new_id = "RD0" . $str1;
} else if (($str1 >= 9999) && ($str1 < 99999)) {
$str1++;
echo $new_id = "RD" . $str1;
} else {
echo 'Error: Contact PSSP.';
}
$dirPath = "../products/$new_id";
$imgpath = "products/$new_id";
$result = mkdir($dirPath, 0755);
if ($result == 1) {
echo $dirPath . " has been created";
} else {
echo $dirPath . " has NOT been created";
}
define ("FILEREPOSITORY","../products/$new_id");
for ($i = 0; $i < sizeof($_FILES['uploadfile']['name']); $i++) {
echo $path=$new_id.$i;
$filename = $dirPath.$path.'.jpeg';
if (is_uploaded_file($_FILES['uploadfile']['tmp_name'][$i]))
{
$filename2 = $imgpath."/".$path.'.jpeg';
$fl[$i]=$filename2;
if ($_FILES['uploadfile']['type'][$i] != "image/jpeg")
{
echo "<p>Must be Image file.</p>";
}
else if(file_exists($filename))
{
echo "already exist";
}
else
{
//$name = $_POST['corname'];
$result = move_uploaded_file($_FILES['uploadfile']['tmp_name'][$i], FILEREPOSITORY."/$path.jpeg");
echo "result is".$result;
if ($result == 1)
{
echo "<p>File successfully uploaded.</p>";
}
else
{
echo "not uploaded";
}
}
}
}
$files=implode(',',$fl);
>
$query2 = mysql_query("insert into stock(product_id,product_name,category,sub_category,quantity,price,dp,offer,description,image,size,weight,color)values('$new_id','$pname','$row3[0]','$row4[0]','$qty','$price','$dp','$offer','$desc','$files','$size','$weight','$color')");
if (!$query2) {
echo mysql_error();
} else {
?>
<script language="javascript" type="text/javascript">
// Print a message
alert('Successfully Added..');
// Redirect to some page of the site.
window.location = '../add-product.php';
</script>
<?php
}
}
else
{
echo "Error in page...";
}
?>
Please aware me about the problem..
Thanks in advance
Your hosting account is configured in such a way that PHP uploads are not functional:
Apache stores temporary files in /tmp.
PHP is not allowed to read files outside /home/ (funnily enough, it's apparently allowed to read files from other users).
The first path is controlled with the upload_tmp_dir directive. The second path is controlled with the open_basedir directive. As far as I know, both of them are global settings you aren't allowed to change.
You need to contact support and ask for help to get this fixed.
Related
Is there any way to check if there will be an error on file uploading? Like putting a variable to know if there's an error on every else statement so that before it will prevent running the query. Because what's happening is even there's an error on moving/copying/deleting a file, it still runs the query.
$dir = './uploads/images/';
if ($_FILES['thumbnail']['size'] == 0 && $_FILES['thumbnail']['error'] > 0){
$new_path = $dir;
$new_file = $new_path . $exist_tn;
$move = rename($cur_file,$new_file);
if ($move) {
$thumbnail = $exist_tn;
} else {
echo "Error Moving File.";
}
}else{
$thumbnail = $thumb;
$deletefile = unlink($cur_file);
if($deletefile){
$targetPath = $dir.$thumbnail;
$sourcePath = $_FILES['thumbnail']['tmp_name'];
$movefile = move_uploaded_file($sourcePath,$targetPath);
if ($movefile) {
echo "File upload successfully.";
}else{
echo "Upload File Failed.";
}
}else{
echo "Delete File failed.";
}
}
$query = '
UPDATE
`mytbl`
SET
`title` = "'.$title.'",
`thumbnail` ="'.$thumbnail.'",
`date` = "'.$date.'",
`part` = "'.$part.'",
`tags`= "'.$tags.'"
WHERE
`id` = "'.$id.'"
';
$update = mysqli_query(db(),$query);
//Check if there's an error first then run query
if (checkCondition) {
if($update === TRUE){
echo "sql_update";
}else{
echo "sql_error";
}
} else {
echo "Error Found";
}
Use exit after echo if you don't want the query to run
e.g
$dir = './uploads/images/';
if ($_FILES['thumbnail']['size'] == 0 && $_FILES['thumbnail']['error'] > 0){
$new_path = $dir;
$new_file = $new_path . $exist_tn;
$move = rename($cur_file,$new_file);
if ($move) {
$thumbnail = $exist_tn;
} else {
echo "Error Moving File.";
exit();
}
}else{
$thumbnail = $thumb;
$deletefile = unlink($cur_file);
if($deletefile){
$targetPath = $dir.$thumbnail;
$sourcePath = $_FILES['thumbnail']['tmp_name'];
$movefile = move_uploaded_file($sourcePath,$targetPath);
if ($movefile) {
echo "File upload successfully.";
}else{
echo "Upload File Failed.";
exit();
}
}else{
echo "Delete File failed.";
exit();
}
}
$query = '
UPDATE
`mytbl`
SET
`title` = "'.$title.'",
`thumbnail` ="'.$thumbnail.'",
`date` = "'.$date.'",
`part` = "'.$part.'",
`tags`= "'.$tags.'"
WHERE
`id` = "'.$id.'"
';
$update = mysqli_query(db(),$query);
//Check if there's an error first then run query
if (checkCondition) {
if($update === TRUE){
echo "sql_update";
}else{
echo "sql_error";
}
} else {
echo "Error Found";
}
i m try to use uniqid() to genrate the uniqname of the file and send it to the sql db by spliting seprate comma like('pic.jpg','pic1.jpg','pic2.jpg')
in place of pic i need a uniq name each and every time at the time of uploading of the file,i store all uploaded file into a folder and send the path of the image to the sql
<?php
if (isset($_POST['btnSubmit'])) {
$rep=$_FILES['files']['name'];
for ($i = 0; $i < count($rep); $i++) {
if ($_FILES["files"]["size"][$i] < 1000000) { // Check File size (Allow 1MB)
$nam=$_FILES["files"]["name"][$i];
// $nm = $_FILES["files"]["name"];
$album_cat = "";
$l = 0;
foreach ($rep as $album_cat1) {
$album_cat .= $album_cat1 . ",";
$l++;
}
$_POST['$album_cat'] = $album_cat;
$_POST['$album_cat_count'] = $l;
$temp = $_FILES["files"]["tmp_name"][$i];
$name = pathinfo($nam);
$profile = "group_images/" . uniqid() . '.' . $name['extension'];
if (empty($temp)) {
break;
}
if ($i == 0) {
$err = "File uploaded successfully";
$cls = "success";
}
$groupalbum = "UPDATE group_master SET group_photo='".$_POST['$album_cat']."' WHERE group_id='4'";
//$groupalbum = "UPDATE group_master SET group_photo='$profile' WHERE group_id='4'";
if ($conn->query($groupalbum) === TRUE) {
} else
echo "Error updating record: " . $conn->error;
move_uploaded_file($temp, $profile);
}
else {
$err = "File size is more than 1MB";
$cls = "danger";
}
}
}
?>
When I need an uniqid for a set of elements, I usually call uniqid() only once and after that I use an index (just for optimizing the speed of the script). So, you can call uniqid() before the for declaration:
$rep=$_FILES['files']['name'];
$uniqid = uniqid();
for ($i = 0; $i < count($rep); $i++) {
and then use $i as a suffix for your files
$profile = "group_images/".$uniqid.'-'.$i.'.'.$name['extension'];
On the other hand, you are calling move_uploaded_file($temp, $profile); only if your sql fails.
if ($conn->query($groupalbum) === TRUE) {
} else
echo "Error updating record: " . $conn->error;
move_uploaded_file($temp, $profile);
}
Are you sure that the logic is correct? Don't you need something like:
if ($conn->query($groupalbum) === TRUE) {
if (move_uploaded_file($temp, $profile)) {
// file has been uploaded successfully
} else {
// error in file upload process
}
} else
echo "Error updating record: " . $conn->error;
}
And the final point, your code is open for sql injection
$groupalbum = "UPDATE group_master SET group_photo='".$_POST['$album_cat']."' WHERE group_id='4'";
You should not use $_POST values directly into sql statements.
How can I import 200k data faster?
And when I importing csv (delimited by comma) file using online, I got 403 error, and it inserted 200-400 data only. Also when I try to import it using localhost (xampp) i got
"Exception EAccessViolation in module xampp-control.exe at 001AA712.
Access violation at address 005AA712 in module 'xampp-control.exe'.
Read of address 00000042"
And the SQL Database connection is gone.
This is the code I used.
set_time_limit(0);
ignore_user_abort(true);
$file = $_FILES['file']['name'];
$type = $_FILES['file']['type'];
$size = $_FILES['file']['size'];
$temp = $_FILES['file']['tmp_name'];
$error = $_FILES['file']['error'];
if( ! $file)
{
$data['error'] = "Please select a file!";
}
else if($type != "application/vnd.ms-excel" && $type != "application/octet-stream")
{
$data['error'] = "Invalid file type!";
}
else
{
$newname = $file." - ".date("Ymd His");
move_uploaded_file($temp, "uploads/".$newname);
$fieldseparator = ",";
$lineseparator = "\n";
$csvfile = "uploads/".$newname;
if( ! file_exists($csvfile))
{
echo "File not found. Make sure you specified the correct path.\n";
exit;
}
$file = fopen($csvfile,"r");
if( ! $file)
{
echo "Error opening data file.";
exit;
}
$size = filesize($csvfile);
if(!$size)
{
echo "File is empty.";
exit;
}
$csvcontent = fread($file,$size);
fclose($file);
$row = 1;
$data_imported = 0;
$file3 = fopen($csvfile,"r");
$total_file_count = (count(file(FCPATH."/".$csvfile)) - 2);
$i = 0;
$insert = "INSERT IGNORE INTO `invoice`
(`row1`,
.
.
to
.
.
`row33`
) VALUES ";
while($datas = fgetcsv($file3, 10000, ","))
{
$i++;
ob_implicit_flush(true);
if($row == 1)
{
// Ignore 1st line
}
else
{
$row1 = isset($datas[0]) ? $datas[0] : "";
.
.
to
.
.
$row33 = isset($datas[32]) ? $datas[32] : "";
if($i == 200 OR $total_file_count == $data_imported)
{
$insert .= "(
'".mysqli_real_escape_string($this->db->conn_id(),$row1)."',
.
.
to
.
.
'".mysqli_real_escape_string($this->db->conn_id(),$row33)."'
);";
}
else
{
$insert .= "(
'".mysqli_real_escape_string($this->db->conn_id(),$row1)."',
.
.
to
.
.
'".mysqli_real_escape_string($this->db->conn_id(),$row33)."'
),";
}
if($i == 200 OR $total_file_count == $data_imported)
{
$this->QModel->query($insert);
$i=0;
$insert = "INSERT IGNORE INTO `invoice`
(`row1`,
.
.
to
.
.
`row33`
) VALUES ";
}
$data_imported++;
}
$row++;
}
fclose($file3);
echo "Success imported ".number_format($data_imported)." data.";
Any ideas?
Thank you.
I have created a MySQL database along with a front-end to manipulate it using PHP. However, while I can add content to the database manually, I cannot utilize my front-end. When I try to submit the data in my front-end's form fields, I receive the prompt "Duplicate Candidate Name."
The following PHP file is my general script for displaying the front-end:
<?php
if(isset($_POST['sbmtbtn']) && ($_POST['sbmtbtn'] != ""))
{
$desc = strip_tags($_POST['txtdesc']);
$date = glb_func_chkvl($_POST['txtdate']);
$first = glb_func_chkvl($_POST['txtfirst']);
$last = glb_func_chkvl($_POST['txtlast']);
$skill = glb_func_chkvl($_POST['txtskill']);
$sub1 = glb_func_chkvl($_POST['txtsub1']);
$sub2 = glb_func_chkvl($_POST['txtsub2']);
$person = glb_func_chkvl($_POST['txtperson']);
$company = glb_func_chkvl($_POST['txtcompany']);
$location = glb_func_chkvl($_POST['txtlocation']);
$complex = glb_func_chkvl($_POST['complex']);
$sts = glb_func_chkvl($_POST['lststs']);
$dt = date('Y-m-d');
$emp = $_SESSION['sesadmin'];
$sqryquestion_info
= "SELECT candi_first
FROM question_info
WHERE candi_first='$first'";
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "add"))
{
$srsquestion_info =mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
$gmsg = "<font color=red size=2>Duplicate Candidate Name . Record not saved</font>";
}
else
{
$iqryquestion_info="insert into question_info(
candi_first,candi_last,date,
skill,subtype_1,
subtype_2,person_int,
comp_name,loc_int,complex_lvl,
type_int,question_candi,q_crton,
q_crtby)
values('$first','$last','$date','$skill','$sub1','$sub2','$person','$company',
'$location','$complex','$sts','$desc','$dt','$emp')";
$irsquestion_info = mysql_query($iqryquestion_info);
if($irsquestion_info==true)
{
$gmsg = "<font color=green size=2>Record saved successfully</font>";
}
else
{
$gmsg = "<font color=red size=2>Record not saved</font>";
}
}
}
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "edit"))
{
$id = $_REQUEST['hdnedit'];
$pg = $_REQUEST['hdnpg'];
$countstart = $_REQUEST['hdncntstrt'];
$sqryquestion_info .=" and ques_id !=$id";
$srsquestion_info = mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
?>
<script>location.href="view_all_questions.php?sts=d&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";</script>
<?php
}
else
{
$uqryquestion_info="update question_info set
date ='$date',
candi_first ='$first',
candi_last ='$last',
skill ='$skill',
subtype_1 ='$sub1',
subtype_2 ='$sub2',
person_int ='$person',
comp_name ='$company',
loc_int ='$location',
complex_lel ='$complex',
type_int ='$company',
question_candi ='$desc',
q_mdfdon ='$dt',
q_mdfdby ='$emp' ";
$uqryquestion_info .= " where ques_id=$id";
$ursquestion_info = mysql_query($uqryquestion_info);
if($ursquestion_info==true)
{
?>
<script>location.href="view_all_questions.php?sts=y&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
else
{
?>
<script>location.href="view_all_questions.php?sts=n&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
}
}
/*********************************** End Editing ******************************************************/
}
?>
Here begins my "main file" for editing:
<?php
if(isset($_POST['sbmtbtn']) && ($_POST['sbmtbtn'] != ""))
{
$desc = strip_tags($_POST['txtdesc']);
$date = glb_func_chkvl($_POST['txtdate']);
$first = glb_func_chkvl($_POST['txtfirst']);
$last = glb_func_chkvl($_POST['txtlast']);
$skill = glb_func_chkvl($_POST['txtskill']);
$sub1 = glb_func_chkvl($_POST['txtsub1']);
$sub2 = glb_func_chkvl($_POST['txtsub2']);
$person = glb_func_chkvl($_POST['txtperson']);
$company = glb_func_chkvl($_POST['txtcompany']);
$location = glb_func_chkvl($_POST['txtlocation']);
$complex = glb_func_chkvl($_POST['complex']);
$sts = glb_func_chkvl($_POST['lststs']);
$dt = date('Y-m-d');
$emp = $_SESSION['sesadmin'];
$sqryquestion_info="select candi_first
from question_info
where candi_first='$first'";
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "add"))
{
$srsquestion_info =mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
$gmsg = "<font color=red size=2>Duplicate Candidate Name . Record not saved</font>";
}
else
{
$iqryquestion_info="insert into question_info(
candi_first,candi_last,date,
skill,subtype_1,
subtype_2,person_int,
comp_name,loc_int,complex_lvl,
type_int,question_candi,q_crton,
q_crtby)
values('$first','$last','$date','$skill','$sub1','$sub2','$person','$company',
'$location','$complex','$sts','$desc','$dt','$emp')";
$irsquestion_info = mysql_query($iqryquestion_info);
if($irsquestion_info==true)
{
$gmsg = "<font color=green size=2>Record saved successfully</font>";
}
else
{
$gmsg = "<font color=red size=2>Record not saved</font>";
}
}
}
if(isset($_POST['frmtyp']) && ($_POST['frmtyp'] == "edit"))
{
$id = $_REQUEST['hdnedit'];
$pg = $_REQUEST['hdnpg'];
$countstart = $_REQUEST['hdncntstrt'];
$sqryquestion_info .=" and ques_id !=$id";
$srsquestion_info = mysql_query($sqryquestion_info);
$rows = mysql_num_rows($srsquestion_info);
if($rows > 0)
{
?>
<script>location.href="view_all_questions.php?sts=d&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";</script>
<?php
}
else
{
$uqryquestion_info="update question_info set
date ='$date',
candi_first ='$first',
candi_last ='$last',
skill ='$skill',
subtype_1 ='$sub1',
subtype_2 ='$sub2',
person_int ='$person',
comp_name ='$company',
loc_int ='$location',
complex_lel ='$complex',
type_int ='$company',
question_candi ='$desc',
q_mdfdon ='$dt',
q_mdfdby ='$emp' ";
$uqryquestion_info .= " where ques_id=$id";
$ursquestion_info = mysql_query($uqryquestion_info);
if($ursquestion_info==true)
{
?>
<script>location.href="view_all_questions.php?sts=y&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
else
{
?>
<script>location.href="view_all_questions.php?sts=n&pg=<?php echo $pg;?>&countstart=<?php echo $countstart;?><?php echo $srchval;?>";
</script>
<?php
}
}
}
/*********************************** End Editing ******************************************************/
}
?>
Using this upload script and it was working ok a week ago but when i checked it today it fails. I have checked writ privileges on the folder and it is set to 777 so don't think that is the problem. Anyone have a idea of what the problem can be?
this is the error
Warning: move_uploaded_file() [function.move-uploaded-file]:
Unable to access replays/1275389246.ruse in
/usr/home/web/wno159003/systemio.net/ruse.systemio.net/scripts/upload.php on line 95
my script is
<?php
require($_SERVER['DOCUMENT_ROOT'].'/xxxx/xxxx');
$connection = #mysql_connect($db_host, $db_user, $db_password) or die("error connecting");
mysql_select_db($db_name, $connection);
$name = basename($_FILES['uploaded']['name']);
$comment = $_POST["comment"];
$len = strlen($comment);
$username = $_POST["username"];
$typekamp = $_POST["typekamp"];
$date = time();
$target = "replays/";
$target .= basename($_FILES['uploaded']['name']);
$maxsize = 20971520; // 20mb Maximum size of the uploaded file in bytes
// File extension control
// Whilelisting takes preference over blacklisting, so if there is anything in the whilelist, the blacklist _will_ be ignored
// Fill either array as you see fit - eg. Array("zip", "exe", "php")
$fileextensionwhitelist = Array("ruse"); // Whilelist (allow only)
$fileextensionblacklist = Array("zip", "exe", "php", "asp", "txt"); // Blacklist (deny)
$ok = 1;
if ($_FILES['uploaded']['error'] == 4)
{
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
die("No file was uploaded");
}
if ($_FILES['uploaded']['error'] !== 0)
{
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
die("An unexpected upload error has occured.");
}
// This is our size condition
if ($_FILES['uploaded']['size'] > $maxsize)
{
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
echo "Your file is too large.<br />\n";
$ok = 0;
}
// This is our limit file type condition
if ((!empty($fileextensionwhitelist) && !in_array(substr(strrchr($_FILES['uploaded']['name'], "."), 1), $fileextensionwhitelist)) || (empty($fileextensionwhitelist) && !empty($fileextensionblacklist) && in_array(substr(strrchr($_FILES['uploaded']['name'], "."), 1), $fileextensionblacklist)))
{
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
echo "This type of file has been disallowed.<br />\n";
$ok = 0;
}
// Here we check that $ok was not set to 0 by an error
if ($ok == 0)
{
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
echo "Sorry, your file was not uploaded. Refer to the errors above.";
}
// If everything is ok we try to upload it
else
{
if($len > 0)
{
$target = "replays/".time().'.'."ruse";
$name = time().'.'."ruse";
$query = "INSERT INTO RR_upload(ID, filename, username, comment, typekamp, date) VALUES (NULL, '$name', '$username','$comment', '$typekamp' ,'$date')";
if (file_exists($target))
{
$target .= "_".time().'.'."ruse";
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
echo "File already exists, will be uploaded as ".$target;
}
mysql_query($query, $connection) or die (mysql_error());
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
echo (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
? "The file ".basename( $_FILES['uploaded']['name'])." has been uploaded. \n"
: "Sorry, there was a problem uploading your file. <br>";
echo "<br>Variable filename: ".$name;
echo "<br>Variable name: ".$username;
echo "<br>Variables comment: ".$comment;
echo "<br>Variables date: ".$date;
echo "<br>Var typekamp; ".$typekamp;
echo "<br>Var target; ".$target;
}
else
{
echo "<html><head><title>php</title></head>";
echo '<body bgcolor="#413839" text="#ffffff">
<p><B>info</b></p>';
echo"you have to put in comment/description";
}
}
?>
Assuming the "replays" directory is in the document root, does the warning persists if you replace this line :
$target = "replays/";
by this one :
$target = $_SERVER['DOCUMENT_ROOT']."replays/";
?