I'm making a image uploader but I have come across 2 errors. Which are:
Warning: move_uploaded_file(upload/Corgi 007.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/stationr/public_html/admin/doupload.php on line 12
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/chroot/tmp/phpMvRSbS' to 'upload/Corgi 007.jpg' in /home/stationr/public_html/admin/doupload.php on line 12
The errors are occuring when I call the move_uploaded_file() method. Here is my code (note this has no error checking what so ever it is just bare ones uploading).
<?php
error_reporting(E_ALL);
error_reporting(-1);
ini_set('error_reporting', E_ALL);
$filename = $_FILES["file"]["name"];
$filesize = $_FILES["file"]["size"];
move_uploaded_file($_FILES["file"]["tmp_name"],"upload/$filename");
?>
You've failed to check if the upload succeeded at all:
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) {
move file ...
} else {
die("Upload failed with error code " . $_FILES['file']['error']);
}
The error codes are documented here: http://www.php.net/manual/en/features.file-upload.errors.php
As well, is there a "upload" subdirectory in whatever your script's current working directory is? Does the web server process have write permissions on that directory?
And as a MAJOR security hole, blindlly using the ['name'] parameter of the upload as your target filename allows a malicious user to scribble on ANY file on your server. Never ever blindly use that filename. If the upload filename is provided as (say) ../../../../../../etc/passwd, you've now allowed someone to replace your system password file.
Related
I have the following code if the file exists copy the file but I keep getting an error log sent to my server.
if ( file_exists("../Secondary Images Temp/".$rand2.$secondaryimg[0]) ) {
copy("../Secondary Images Temp/".$rand2.$secondaryimg[0],"../Secondary
Images/".$rand2.$secondaryimg[0]);
} else {
echo "no secondary images";
}
The error log file on the server prints out the following:
[17-Mar-2018 14:09:57 Africa/Johannesburg] PHP Warning: copy(): The first argument to copy() function cannot be a directory in /home/ggekozcf/public_html/Php/post_to_database_freeads.php on line 327
The code above is what is on line 327 but I have an if statement saying if the file exists.
The file_exists() functions checks if the path is pointing to an existing file or directory:
Checks whether a file or directory exists.
You have to use is_dir() and/or is_file() to check the type of the path.
I am relatively new to web development and currently ran into an error I can't solve.
I use IIS to test my php after typing in "http://localhost/index.html" and select the example file to upload, it generates the following warnings:
Warning: move_uploaded_file(upload/Angela_Nie_resume_technical - EditedMW.doc): failed to open stream: Permission denied in C:\inetpub\wwwroot\test.php on line 26
Warning: move_uploaded_file(): Unable to move 'C:\Windows\Temp\php74F2.tmp' to 'upload/Angela_Nie_resume_technical - EditedMW.doc' in C:\inetpub\wwwroot\test.php on line 26
Below is the code that is related with moving my files.
$target_dir = "upload/";
$target_file = $target_dir . basename( $_FILES["uploaded"]["name"]) ;
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target_file)) {
echo "The file has been uploaded";
}
else {
echo "Sorry, there was a problem uploading file.";
}
I am using Windows 8.1 and using IIS to run localhost. Thank you in advance for helping me out!!
In my situations, the IUSR account needed permissions in the destination directory. Not the ISS_IUSR account, just the IUSR account.
That means that user who is running the apache server does't have write permissions for upload/ directory. You can right click the folder and set permission for writing to everyone.
Update
It might be because your PHP is in safe mode and doesn't execute commands like move one file to another. Check your php.ini for safe_mode and safe_mode_exec_dir and experiment with them.
I have a form and with input type file....what I am trying to do is save that file to the server (in this case, localhost)
move_uploaded_file($_FILES["image"]["tmp_name"], "/admin-uploads/" . $_FILES["image"]["name"]);
and this is the error I get:
Warning: move_uploaded_file(/admin-uploads/home.jpg): failed to open stream: No such file or directory in /Applications/XAMPP/xamppfiles/htdocs/Site/admin/Insert.php on line 30
Warning: move_uploaded_file(): Unable to move '/Applications/XAMPP/xamppfiles/temp/phpsoF2wg' to '/admin-uploads/home.jpg' in /Applications/XAMPP/xamppfiles/htdocs/Site/admin/Insert.php on line 30
Am I missing code?
Assuming "/admin-uploads/" directory is a subdirectory of where this script is run. You need the full path to the destination directory.
as:
move_uploaded_file($_FILES["image"]["tmp_name"], __DIR__."/admin-uploads/" . $_FILES["image"]["name"]);
fyi: please be aware that the 'user supplied' [image][name] may not be a valid filename. it may be worthwhile 'sanitizing' it.
I have come across as problem that has me scratching my head since a couple of days now. I am using jQuery Uploadify to upload files to a web server. I am using a slightly amended uploadify.php script that handles the file upload:
if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetPath = $_SERVER['DOCUMENT_ROOT'] . "/file-repository/" . $_REQUEST['folder'] . '/';
$targetFilename = str_replace(" ","-",$_FILES['Filedata']['name']);
$targetFilename = preg_replace('/[^a-zA-Z0-9-_.]/', '', $targetFilename);
$targetFile = str_replace('//','/',$targetPath) . $targetFilename;
move_uploaded_file($tempFile,$targetFile);
echo str_replace($_SERVER['DOCUMENT_ROOT'],'',$targetFile);
}
?>
This script was working fine until yesterday. Now it throws the following error:
Warning:
move_uploaded_file(/home/server/public_html/devhealth-safety/administration/group/image.jpg)
[function.move-uploaded-file]:
failed to open stream: No such file or directory in
/home/tdserver/public_html/sb3/lib/js/uploadify/uploadify.php
on line 46 Warning: move_uploaded_file()
[function.move-uploaded-file]:
Unable to move \'/tmp/phpYH8nfH\' to
\'/home/server/public_html/devhealth-safety/administration/group/image.jpg\'
in
/home/server/public_html/dev/lib/js/uploadify/uploadify.php
on line 46
For some reason the . "/file-repository/" . portion in uploadify.php is dropped, which means that the script tries to move the file to a bogus path on the server.
Now, as I said, the script has worked and I haven't modified it. I have fiddled with the folder structures, but the file path is correct, the file-repository folder has all read/write/execute permissions and belongs to the PHP owner and owner groups (which in this case is nobody:nobody). So I would not think that my tinkering with the folders has anything to do with this problem (but who knows?)
Oddly enough, if I replace . "/file-repository/" . with . "/filerepository/" . the script throws the error I would expect:
Warning:
move_uploaded_file(/home/server/public_html/dev/filerepository/health-safety/administration/group/image.jpg)
[function.move-uploaded-file]:
failed to open stream: No such file or directory in
/home/tdserver/public_html/sb3/lib/js/uploadify/uploadify.php
on line 46
So the question is... why does PHP drop the string portion that contains the hyphen? Any ideas?
in your regular expression , the hyphen should be placed at last !!
'/[^a-zA-Z0-9-_.]/' should be '/[^a-zA-Z0-9_.-]/'
I'm getting the following error while uploading a zip archive.
Warning: ZipArchive::extractTo(C:\xampplite\htdocs\testsite/wp-content/themes/mytheme//styles\mytheme/Thumbs.db) [ziparchive.extractto]: failed to open stream: Permission denied in C:\xampplite\htdocs\testsite\wp-content\themes\mythem\uploader.php on line 17
The thing I can't quite figure is that I don't see a thumbs.db file in either the zip archive or the destination folder that was created (the upload still processes, I just get these errors).
The function is below, line 17 is commented...
function openZip($file_to_open) {
global $target;
$zip = new ZipArchive();
$x = $zip->open($file_to_open);
if($x === true) {
$zip->extractTo($target); //this is line 17
$zip->close();
unlink($file_to_open);
} else {
die("There was a problem. Please try again!");
}
}
Looks like just a warning. I would ignore it. I'm betting the error happens when it tried to overwrite the thumbs.db file in the extraction directory.
Alternatively, use getNameIndex to get a list of files, filter thumbs.db and use the second parameter of extractTo to filter the files.
http://www.php.net/manual/en/function.ziparchive-getnameindex.php
http://www.php.net/manual/en/function.ziparchive-extractto.php
This path is all messed up
C:\xampplite\htdocs\testsite/wp-content/themes/mytheme//styles\mytheme/Thumbs.db
I guess this might be windows issue.
can you add a line above line 17 saying
echo $file_to_open; exit;
and tell us what it says when you try to upload file?
Assuming that the mangled path works, then there is a thumbs.db in the destination directory (by default a hidden file), and/or your script does not have permission to write to that file/directory. Windows is very big on spitting out "permission denied" when a file is in use by another process, rather than saying "In use by process XXX".