I have written a file upload script for PHP. I'm testing on a Windows Apache server, but it will finaly have to work on a CentOS server with Apache. Because I am still debugging, I haven't tested it on the live linux machine. Have Googled it, but can't find a good solution.
What happens? When I upload a .png or .jp(e)g file, everything is going well. The script moves my file to the right dir, but then output a non readable file. Check the image below. My upload part of the script:
if ($posting_photo === true) {
$uploaded_file = $_FILES['review_photo'];
$uploaded_file['ext'] = explode('.', $uploaded_file['name']);
//Only continue if a file was uploaded with a name and an extension
if ((!empty($uploaded_file['name'])) && (is_array($uploaded_file['ext']))) {
$uploaded_file['ext'] = secure(strtolower(end($uploaded_file['ext'])));
$upload_session = secure($_COOKIE[COOKIE_NAME_POST_REVIEW_SESSION]);
$upload_dir = realpath(getcwd() . DIR_REVIEW_IMAGES) . DIRECTORY_SEPARATOR . $upload_session . DIRECTORY_SEPARATOR;
$upload_ext = array('jpg', 'jpeg', 'png');
//Only continue if a file was uploaded in a right way
if (($uploaded_file['error'] == 0) && ($uploaded_file['size'] > 0) && ($uploaded_file['size'] <= MAX_FILESIZE_REVIEW_PHOTO_BYTES) && (in_array($uploaded_file['ext'], $upload_ext))) {
//Check if upload dir already exists. If so, there will be probably files in it. So we check for that too. If not, we can start with the first file.
if (is_dir($upload_dir)) {
//
//
//Part where a new file name gets generated. Not very interesting and it works well, so I left it out on Stack Overflow
//
//
} else {
mkdir($upload_dir, 0777, true);
$upload_name = $upload_session . '-1.' . $uploaded_file['ext'];
}
//Check if new upload name was generated. If not, something is wrong and we will not continue
if (!empty($upload_name)) {
chmod($upload_dir, 0777);
if (move_uploaded_file($uploaded_file['tmp_name'], $upload_dir . $upload_name)) {
$files = array_diff(#scandir($upload_dir), array('.', '..'));
//Change slashes on Windows machines for showing the image later
$upload_dir = str_replace('\\', '/', $upload_dir);
}
}
}
}
}
All variables not initialized here are initialized earlier. The cookie is set and checked before, and is used for unique directory and file names. Check this image for the output file. The x leftunder is from Dropbox (Dropbox says: Can't sync ... access denied). The Photo Viewer window says: Cannot open this picture becasue you have no access to the file location. Viewing the file in the browser results in a permission denied.
Link to image
Who is familiar with this problem and/or knows a solution? Hope you can help me out here!
Had this once too. It's a bug in PHP 5.3.x. After upgrading from 5.3.3 to 5.6 the problems were gone!
Okay, here's an update about the problem... The issue described above was caused by my local server at my office. On my local server at home, the images were fine after moving. So it's not my script, but the server. I guess PHP handles something different.
PHP version at my office is version 5.4.9, PHP at home is version 5.3.3. Maybe this info can help?
Related
My aim is to download multiple files into the folder on my localhost. I am uploading them using the HTML form.
Here is the code (really sorry that I can't give a link to the executable version of the code because it relies on too many other files and database if anyone knows the way then please let me know)
foreach ($_FILES as $value) {
$dir = '/';
$filename = $dir.basename($value['name']);
if (move_uploaded_file($value['tmp_name'],$filename)) {
echo "File was uploaded";
echo '<br>';
}
else {
echo "Upload failed";
echo '<br>';
}
}
So this little piece of code give me an error:
And here are the lines of code:
The problem is that the adress is correct, I tried enterring it into my file directory and it worked fine, I have seen some adviced on other people's related questions that // or \ should be used instead, but my version works just fine! Also I have checked what's inside the $_FILES and here it is if that's required for someone trying to help:
Thank you very much if anyone could help!!
You are trying to move the file to an invalid (or non-existent) path.
For the test you will write
$dir = 'c:/existing_dir/';
$filename = $dir.basename($value['name']);
If you want to move the file to a folder that is relative to the running file try
$dir = '../../directory/';// '../' -> one directory back
$filename = $dir.basename($value['name']);
By starting your file path with $dir = '/'; you are saying store the file on the root folder, I assume of C:
Apache if correctly configures should not allow you access to C:\
So either do
$dir = '../';
$filename = $dir.basename($value['name']);
to make it a relative path or leave the $dir = '/'; out completely
EDIT: I'm pretty sure the issue has to do with the firewall, which I can't access. Marking Canis' answer as correct and I will figure something else out, possibly wget or just manually scraping the files and hoping no major updates are needed.
EDIT: Here's the latest version of the builder and here's the output. The build directory has the proper structure and most of the files, but only their name and extension - no data inside them.
I am coding a php script that searches the local directory for files, then scrapes my localhost (xampp) for the same files to copy into a build folder (the goal is to build php on the localhost and then put it on a server as html).
Unfortunately I am getting the error: Warning: copy(https:\\localhost\intranet\builder.php): failed to open stream: No such file or directory in C:\xampp\htdocs\intranet\builder.php on line 73.
That's one example - every file in the local directory is spitting the same error back. The source addresses are correct (I can get to the file on localhost from the address in the error log) and the local directory is properly constructed - just moving the files into it doesn't work. The full code is here, the most relevant section is:
// output build files
foreach($paths as $path)
{
echo "<br>";
$path = str_replace($localroot, "", $path);
$source = $hosted . $path;
$dest = $localbuild . $path;
if (is_dir_path($dest))
{
mkdir($dest, 0755, true);
echo "Make folder $source at $dest. <br>";
}
else
{
copy($source, $dest);
echo "Copy $source to $dest. <br>";
}
}
You are trying to use URLs to travers local filesystem directories. URLs are only for webserver to understand web requests.
You will have more luck if you change this:
copy(https:\\localhost\intranet\builder.php)
to this:
copy(C:\xampp\htdocs\intranet\builder.php)
EDIT
Based on your additional info in the comments I understand that you need to generate static HTML-files for hosting on a static only webserver. This is not an issue of copying files really. It's accessing the HMTL that the script generates when run through a webserver.
You can do this in a few different ways actually. I'm not sure exactly how the generator script works, but it seems like that script is trying to copy the supposed output from loads of PHP-files.
To get the generated content from a PHP-file you can either use the command line php command to execute the script like so c:\some\path>php some_php_file.php > my_html_file.html, or use the power of the webserver to do it for you:
<?php
$hosted = "https://localhost/intranet/"; <--- UPDATED
foreach($paths as $path)
{
echo "<br>";
$path = str_replace($localroot, "", $path);
$path = str_replace("\\","/",$path); <--- ADDED
$source = $hosted . $path;
$dest = $localbuild . $path;
if (is_dir_path($dest))
{
mkdir($dest, 0755, true);
echo "Make folder $source at $dest. <br>";
}
else
{
$content = file_get_contents(urlencode($source));
file_put_contents(str_replace(".php", ".html", $dest), $content);
echo "Copy $source to $dest. <br>";
}
}
In the code above I use file_get_contents() to read the html from the URL you are using https://..., which in this case, unlike with copy(), will call up the webserver, triggering the PHP engine to produce the output.
Then I write the pure HTML to a file in the $dest folder, replacing the .php with .htmlin the filename.
EDIT
Added and revised the code a bit above.
I am having a problem with move_uploaded_file().
I am trying to upload a image path to a database, which is working perfectly and everything is being uploaded and stored into the database correctly.
However, for some reason the move_uploaded_file is not working at all, it does not produce the file in the directory where I want it to, in fact it doesn't produce any file at all.
The file uploaded in the form has a name of leftfileToUpload and this is the current code I am using.
$filetemp = $_FILES['leftfileToUpload']['tmp_name'];
$filename = $_FILES['leftfileToUpload']['name'];
$filetype = $_FILES['leftfileToUpload']['type'];
$filepath = "business-ads/".$filename;
This is the code for moving the uploaded file.
move_uploaded_file($filetemp, $filepath);
Thanks in advance
Try this
$target_dir = "business-ads/";
$filepath = $target_dir . basename($_FILES["leftfileToUpload"]["name"]);
move_uploaded_file($_FILES["leftfileToUpload"]["tmp_name"], $filepath)
Reference - click here
Try using the real path to the directory you wish to upload to.
For instance "/var/www/html/website/business-ads/".$filename
Also make sure the web server has write access to the folder.
You need to check following details :
1) Check your directory "business-ads" exist or not.
2) Check your directory "business-ads" has permission to write files.
You need to give permission to write in that folder.
make sure that your given path is correct in respect to your current file path.
you may use.
if (is_dir("business-ads"))
{
move_uploaded_file($filetemp, $filepath);
} else {
die('directory not found.');
}
I have a very basic, very straightforward function that takes a file (after checking it to make sure its a zip among other things) and uploads it, unpacks it and such:
public function theme(array $file){
global $wp_filesystem;
if(is_dir($wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/")){
$target_path = $wp_filesystem->wp_content_dir() . "/themes/Aisis-Framework/custom/theme/";
if(move_uploaded_file($file['tmp_name'], $target_path . '/' . $file['name'])) {
$zip = new ZipArchive();
$x = $zip->open($target_path);
if ($x === true) {
$zip->extractTo($target_path); // change this to the correct site path
$zip->close();
//unlink($target_path);
}
$this->success('We have uplaoded your new theme! Activate it bellow!');
} else {
$this->error('Oops!', 'Either your zip is corrupted, could not be unpacked or failed to be uploaded.
Please try again.');
}
}else{
$this->error('Missing Directory', 'The Directory theme under custom in Aisis Theme does not exist.');
}
if(count(self::$_errors) > 0){
update_option('show_errors', 'true');
}
if(count(self::$_messages) > 0){
update_option('show_success', 'true');
}
}
Extremely basic, yes I have used my target path as both the path to upload too and unpack (should I use a different path, by default it seems to use /tmp/tmp_name)
Note: $file is the array of $_FILES['some_file'];
My question is I get:
Warning: move_uploaded_file(/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip): failed to open stream: Permission denied in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82
Warning: move_uploaded_file(): Unable to move '/tmp/phpfwechz' to '/var/www/wordpress/wp-content//themes/Aisis-Framework/custom/theme//newtheme.zip' in /var/www/wordpress/wp-content/themes/Aisis-Framework/CoreTheme/FileHandling/Upload/Upload.php on line 82
Which basically means that "oh the folder your trying to move from is owned by root, no you cannot do that." the folder I am moving too is owned by apache, www-data. - I have full read/write/execute (it's localhost).
So question time:
Should my upload to and move to folder be different?
How, in a live environment, because this is a WordPress theme, will users who have the ability to upload files be able to get around this "you dont have permission"?
You should try to do it the wordpress way. Uploading all user content to wp-content/uploads, and doing it with the native functions.
As you mention, uploading to a custom directory, may be an issue to non tech savvy users. /uploads already have the special permissions.
Check out wp_handle_upload. You just have to limit the mime type of the file.
The path you are trying to upload is some where wrong here
wp-content//themes
try removing one slash
I recently moved a website that was written for a LAMP environment to Windows Server 2008. I've managed to get just about everything working now, but I've got one last problem that I can't seem to solve.
I am letting the admin user upload a photo that will get resized to a large file and small file by the PHP script. Both files are getting uploaded perfectly but the large file won't display and will result in a "500 internal server error" when viewed?
I can log onto the server and open both the small and large file, but only the small file is showing on the website? I've copied the PHP script below but the permissions on both files seem to be the same.
I'm using PHP, IIS7 and Windows Server 2008. Hope someone can help,
Steven.
// only process if the first image has been found
if(isset($image_file)) {
// get photo attributes
$image_filename = $image_file['name'];
$image_temp = $image_file['tmp_name'];
$image_ext = substr($image_filename,strpos($image_filename,'.'),strlen($image_filename)-1);
// validate photo attributes
if(strtolower($image_ext) == '.jpg' && filesize($image_temp) <= 4194304) {
// create custom timestamp
$image_timestamp = date('dmYHis');
// clean up filename
$image_filename = trim(str_replace('\'','',$image_filename));
$image_filename = str_replace('\\','',$image_filename);
$image_filename = str_replace('&','',$image_filename);
$image_filename = str_replace(' ','-',$image_filename);
// set file names
$image_large_file = strtolower($image_timestamp . '-large-1-' . $image_filename);
$image_small_file = strtolower($image_timestamp . '-thumb-1-' . $image_filename);
// image url source
$image_source = $_SERVER['DOCUMENT_ROOT'] . '/images/';
// upload image file
if(move_uploaded_file($image_temp,$image_source . $image_large_file)) {
// resize, save & destroy LARGE image
list($image_width,$image_height) = getimagesize($image_source . $image_large_file);
$image_container = imagecreatetruecolor(420,315);
$image_temp = imagecreatefromjpeg($image_source . $image_large_file);
imagecopyresampled($image_container,$image_temp,0,0,0,0,420,315,$image_width,$image_height);
imagejpeg($image_container,$image_source . $image_large_file,75);
imagedestroy($image_container);
// resize, save & destroy SMALL image
list($image_width,$image_height) = getimagesize($image_source . $image_large_file);
$image_container = imagecreatetruecolor(90,68);
$image_temp = imagecreatefromjpeg($image_source . $image_large_file);
imagecopyresampled($image_container,$image_temp,0,0,0,0,90,68,$image_width,$image_height);
imagejpeg($image_container,$image_source . $image_small_file,100);
imagedestroy($image_container);
}
else
$status = '<h3 class="red">Sorry, but there was a problem uploading one of the images to the server</h3>';
}
else
$status = '<h3 class="red">Please check that all the image size\'s are less than 4MB and they\'re all in JPG format</h3>';
}
I know this questions was asked 4 years ago, but I just ran into this same problem, and thought I'd leave an answer for anyone who may come here later.
I found an answer here, but the basic premise is to modify the permissions of the temp folder that PHP initially uploads into. Allowing the IUSR account read access to the temp folder will allow them to view the file when it hits its final destination. Supposedly IIS7 will grant the permissions from the temp folder to the temporary upload file, which, when moved to your website directory, will keep those temp folder permissions.
Security-wise, you are allowing read access to your temp folder; so if you have sensitive information that ends up there at any point, you may have to find another solution.
A little more information can be found here
I got stuck into the same problem and i think this will help somebody
Right-Click uploads directory / folder and select ‘Properties’
Go to ‘Security’ tab
Click Edit
Select ‘IUSR’ under group or user names
Select ‘Read & Execute’ under permissions for IUSR
Click ‘Apply’ and ‘Ok’
Found this on http://wingedpost.org/2016/07/preventing-500-internal-server-error-uploaded-files-iis-php-sites/