Okay this has baffled me. My script works in Mozilla but not IE. I get this error in IE:
Warning: move_uploaded_file(uploads/properties/yh96gapdna8amyhhmgcniskcvk9p0u37/) [function.move-uploaded-file]: failed to open stream: Is a directory in /homepages/19/d375499187/htdocs/sitename/include/session.php on line 602
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpJkiaF3' to 'uploads/properties/yh96gapdna8amyhhmgcniskcvk9p0u37/' in /homepages/19/d375499187/htdocs/sitename/include/session.php on line 602
my code at Session.php is:
function addPhoto($subphotoSize,$subphotoType,$subphotoTmpname,$subphotoDesc,$subfieldID,$subsessionid){
global $database, $form;
/* Get random string for directory name */
$randNum = $this->generateRandStr(10);
$maxFileSize = 2500000; // bytes (2 MB)
$filerootpath = PHOTOS_DIR.$subsessionid."/";
if($subphotoType == "image/png"){
$filename = $randNum.".png";
} else if ($subphotoType == "image/jpeg"){
$filename = $randNum.".jpg";
}
$fullURL = $filerootpath.$filename;
/* Image error checking */
$field = "photo";
if(!$subphotoTmpname){
$form->setError($field, "* No file selected");
} else {
if($subphotoSize > $maxFileSize) {
$form->setError($field, "* Your photo is above the maximum of ".$maxFileSize."Kb");
} else if (!is_dir($filerootpath)){
mkdir($filerootpath,0777);
chmod($filerootpath,0777);
}
move_uploaded_file($subphotoTmpname, "$fullURL");
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
} else {
if($subfieldID == "1"){ // If the first field...
$is_main_photo = 1;
} else {
$is_main_photo = 0;
}
if(!$database->addNewPhoto($ownerID,$subphotoDesc,$fullURL,$userSession,$is_main_photo, $subsessionid)){
return 2; // Failed to add to database
}
}
return 0; // Success
}
It creates the folder no problem but doesnt do anything else.
Add a log message to see what's the value of $subphotoType. My guess is that when you upload the file from Internet Explorer it's neither image/png nor image/jpeg, in which case $filename will be empty because you don't have an else clause.
if($subphotoType == "image/png"){
$filename = $randNum.".png";
} else if ($subphotoType == "image/jpeg"){
$filename = $randNum.".jpg";
} else {
// No else! $filename will be empty.
}
If you tune your error reporting settings properly you should see a notice saying you are trying to use an undefined variable.
Related
I have a multi file upload script that works fine, but I would like to prevent any file from uploading at all if any of the files attached has an error.
I use $error variable to hold the erros, and after checking each file in a for() I tried if($error == 0) {// Upload files}, the file without errors uploads, I don't want that. If there's a file with error, then don't upload any file at all.
for ($image=0; $image < $countFiles ; $image++) {
if($checkFile == false) {
$error = 1;
$errorMSG = "— Invalid file attached";
} else { $error = 0; }
if(file_exists($FileToUpload)) {
$error = 1;
$errorMSG = "— Sorry file exists";
} else { $error = 0; }
// NOW AFTER CHECKING FILES AND THERE'S NO ERROR UPLOAD
if($error == 0) {
move_uploaded_file();
// files without errors uploads and ones with error doesn't. I don't want to upload any attached files at all if one or more files has an error.
}
}
OK, so
remove the move_uploaded_file() from the validation loop.
Set $error to 0 before starting the loop
Once you find an error terminate the loop, there is no point continuing
Do the move after the validation loop only if $error remains at zero, in its own loop.
Here is a sample piece of pseudo code
$error = 0;
for ($image=0; $image < $countFiles ; $image++) {
if($checkFile == false) {
$error = 1;
$errorMSG = "— Invalid file attached";
break; // stop the loop there is no point continuing
}
if(file_exists($FileToUpload)) {
$error = 1;
$errorMSG = "— Sorry file exists";
break; // stop the loop there is no point continuing
}
}
// if $error remains at 0, we had no errors so do the move
if ( $error == 0 ) {
for ($image=0; $image < $countFiles ; $image++) {
move_uploaded_file();
}
} else {
// here you would send the error messages if they exist
}
php file upload returning error 6 even though tmpdir is set in php.ini and all paths are correct. My code is too long to be posted but here's the part where it handles the file
$uploaddir = __DIR__ . '/img/';
echo $_FILES['navpic']['error'];
if($_FILES['navpic']['size'] != 0) {
$navpic = $uploaddir . "navpic.png";
if($_FILES['navpic']['size'] < 1000000) {
if (move_uploaded_file($_FILES['navpic']['tmp_name'], $navpic)) {
$navpicupload = 0;
} else
$navpicupload = 1;
} else {
$navpicupload = 2;
}
} else {
$navpicupload = 1;
}
//edit I also have permission to write in both directories so thats neither the problem
:/
I have a secure file upload function that's part of my website
and I'm using an antivirus to help me checking the file a user trying to upload.
This is my uploadprocess.php file
$target_tmp = "D:\avscan\u\\";
$file = basename( $_FILES['uploaded_file']['name']) ;
if($file != "")
$_SESSION['file'] = $file;
$target = 'C:\xampp\htdocs\ssd\Uploads\\';
$file_path = $target_tmp.$file;
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $file_path))
{
$safe_path = escapeshellarg($file_path);
$command = 'scancl'. $safe_path. ' --stdout';
$out = '';
$int = -1;
$output = exec($command, $out, $int);
echo "The output is" .$output;
echo $int;
exit(0);
//Checking for Virus.
if ($int == 0) {
$target = $target.$file;
//echo $target; exit(0);
copy($file_path, $target);
$uploaded = "The file ". $_SESSION['file']. "has been uploaded";
$clean = 'File is Clean.';
$_SESSION['status'] = $clean;
$_SESSION['upload'] = $uploaded;
header("location: ../upload.php");
exit(0);
}
// File is a virus.
else {
$mal = 'Contains Malware';
$deny_up = "Unable to Upload Your File!";
$_SESSION['status'] = $mal;
$_SESSION['upload'] = $deny_up;
header("location: ../upload.php");
exit(0);
}
}
else
{
echo "SORRY, There was a Problem Uploading Your File."; exit(0);
$err_upload = "SORRY, There was a Problem Uploading Your File.";
$_SESSION['err'] = err_upload;
header("location: ../upload.php");
exit(0);
}
It prints me value of 1 for the $int for all files (malicious and non ones) This is my second try with a different AV now I'm using Avira and before I was using clamscan
can someone share me some hints, and tell me what's going on
PS the system is installed on XAMPP if that makes any difference
Can you be more specific about what's not working here? In theory what you doing seems fine at least for ClamAV since it has these return codes (from man clamscan):
RETURN CODES
0 : No virus found.
1 : Virus(es) found.
2 : Some error(s) occured.
Maybe it want to log the output of the exec call, if you are not getting the exit code you expect the reason should be in the output (like missing a command line flag).
I am having issues with my file uploads script this is the function(jp_upload_pic()) the are i am having issues specifically is the move_uploaded() function, The second parameter "destination" this is my value ("../usr/ceo/JPCEO_20") but this error it is telling me.
Warning: move_uploaded_file(../usr/ceo/JPCEO_20): failed to open stream: No such file or directory in /var/www/jobinpal/includes/func.php on line 1115 Warning: move_uploaded_file(): Unable to move '/tmp/phpgf1k7y' to '../usr/ceo/JPCEO_20' in /var/www/jobinpal/includes/func.php on line 1115
function jp_upload_pic()
{
if (isset($_GET['upload'])) {
$jp_img=$_FILES['file_to_be_uploaded'];
// file uploader for jobinpal...
$jp_img_name=$jp_img['name'];// name of the file
$jp_img_type=$jp_img['type'];
$jp_img_size=$jp_img['size'];
$jp_img_tmp_name=$jp_img['tmp_name'];//$_FILES['userfile']['tmp_name']
$jp_img_err=$jp_img['error'];// the error of the file...
// check if the image post isset before working...
if (isset($jp_img)) {
//do the string of the file name to get the .xxx extension
$jp_img_name_len=strlen($jp_img_name);
$jp_img_ext=substr($jp_img_name ,-4, $jp_img_name_len );
//check the image type of the image
$jp_img_size;
if (
/* file must be any of this format else bounce */
(
($jp_img_ext == '.jpg') ||
($jp_img_ext == '.png') ||
($jp_img_ext == '.gif')
) && ($jp_img_size < 10240)
)
{
//call the session file to get the current user
include("jobinpal_session.php");
$jp_usr_verified_ses=$_SESSION['jp_new_usr'];
//use the user session to create a folder in the 'usr/ceo' folder
//*** pattern for the foldername ***//
//------>>> JPCEO_ID_FILEID
//write a function to ouput from the database if...
//the user is a ceo,staff,student account
//function jp_check_usr_acc()
//{
$jp_usr_verified_ses=$_SESSION['jp_new_usr'];
//*****-----------------------------******//
//----------------------------------------//
//*****-----------------------------******//
include('jobinpal_db_config.php');
$jp_run=$jobinpal_db_lite->query("SELECT account_type,id FROM `jp_user` WHERE email='$jp_usr_verified_ses'");
//$jp_aff_rows=$jobinpal_db_lite->affected_rows;
while ($jp_result=$jp_run->fetch_array(MYSQLI_BOTH)) {
$jp_results[] = $jp_result;
}
foreach ($jp_results as $jp_result) {
$jp_res=$jp_result['account_type'];
$jp_res=strtoupper($jp_res);
$jp_res2=$jp_result['id'];
}
rmdir('../usr/ceo/JPCEO_20');
if (!is_dir("../usr/ceo/"."JP".$jp_res."_".$jp_res2))
{
mkdir("../usr/ceo/"."JP".$jp_res."_".$jp_res2, 0700);
$JP_new_usr_dir="../usr/ceo/"."JP".$jp_res."_".$jp_res2;
$JP_new_usr_dir="JP".$jp_res."_".$jp_res2;
//please i am having issues with the file uploads please put it stackoverflow
//for help...(?)
move_uploaded_file($jp_img_tmp_name,"`../usr/ceo/".$JP_new_usr_dir);
}
//$path=/*"http://".$domain.*/".."."/"."jobinpal"."/"."usr"."/"."ceo"."/".$JP_new_usr_dir;
//move_uploaded_file($jp_img_tmp_name,'../usr/ceo');
//}
//jp_check_usr_acc();
// move the uploaded file to the directory created for the user...
//move_uploaded_file($jp_img_tmp_name,$JP_new_usr_dir);
}
else
{
if (
/* file must be any of this format else bounce */
!
($jp_img_ext == '.jpg') ||
($jp_img_ext == '.png') ||
($jp_img_ext == '.gif')
)
{
echo "<h6 id='img_upload_err'>image must be this extensions (.jpg), (.png), (.gif)<h6>";
return false;
}
}
}
}
}
It looks like a typo:
move_uploaded_file($jp_img_tmp_name,"`../usr/ceo/".$JP_new_usr_dir);
^ is this supposed to be here?
You see the backtick in your error message as well but not in the directory you create and check for.
I wonder whether someone could please help me.
I'm trying to incorporate an 'filesize' error message into a script, shown below, which is used to upload BLOB files to a mySQL server.
if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Can't connect to database");
if (!mysql_select_db($database))
die("Can't select database");
// This function makes usage of
// $_GET, $_POST, etc... variables
// completly safe in SQL queries
function sql_safe($s)
{
if (get_magic_quotes_gpc())
$s = stripslashes($s);
return mysql_real_escape_string($s);
}
// If user pressed submit in one of the forms
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (!isset($_POST["action"]))
{
// cleaning title field
$title = trim(sql_safe($_POST['title']));
if ($title == '') // if title is not set
$title = 'No title provided';// use (empty title) string
#list(, , $imtype, ) = getimagesize($_FILES['photo']['tmp_name']);
// Get image type.
// We use # to omit errors
if ($imtype == 3) // cheking image type
$ext="png"; // to use it later in HTTP headers
elseif ($imtype == 2)
$ext="jpeg";
elseif ($imtype == 1)
$ext="gif";
else
$msg = 'Error: unknown file format';
if($_FILES["fileupload"]["size"]/1024000 >= 10)
{
$fileErrMsg = "<br />Your uploaded file size:<strong>[ ". $_FILES["fileupload"]["size"]/1024000 . " MB]</strong> is more than allowed Size.<br />";
}
if (isset($_FILES['photo']))
{
if (!isset($msg)) // If there was no error
{
$data = file_get_contents($_FILES['photo']['tmp_name']);
$data = mysql_real_escape_string($data);
// Preparing data to be used in MySQL query
mysql_query("INSERT INTO {$table}
SET ext='$ext', title='$title: ',
data='$data'");
$msg = 'Success: Image Uploaded';
}
}
elseif (isset($_GET['title'])) // isset(..title) needed
$msg = 'Error: file not loaded';// to make sure we've using
// upload form, not form
// for deletion
if (isset($_POST['del'])) // If used selected some photo to delete
{ // in 'uploaded images form';
$imageid = intval($_POST['del']);
mysql_query("DELETE FROM {$table} WHERE imageid=$imageid");
$msg = 'Image deleted';
}
if (isset($_POST['view'])) // If used selected some photo to delete
{ // in 'uploaded images form';
$imageid = intval($_POST['view']);
mysql_query("SELECT ext, data FROM {$table} WHERE imageid=$imageid");
if(mysql_num_rows($result) == 1)
{
$image = $row['myimage'];
header("Content-type: image/gif"); // or whatever
print $image;
exit;
}
}
}
else
{
$imageid = intval($_POST['del']);
if ($_POST["action"] == "view")
{
$result = mysql_query("SELECT ext, UNIX_TIMESTAMP(imagetime), data
FROM {$table}
WHERE imageid=$imageid LIMIT 1");
if (mysql_num_rows($result) == 0)
die('no image');
list($ext, $imagetime, $data) = mysql_fetch_row($result);
$send_304 = false;
if (php_sapi_name() == 'apache') {
// if our web server is apache
// we get check HTTP
// If-Modified-Since header
// and do not send image
// if there is a cached version
$ar = apache_request_headers();
if (isset($ar['If-Modified-Since']) && // If-Modified-Since should exists
($ar['If-Modified-Since'] != '') && // not empty
(strtotime($ar['If-Modified-Since']) >= $imagetime)) // and grater than
$send_304 = true; // imagetime
}
if ($send_304)
{
// Sending 304 response to browser
// "Browser, your cached version of image is OK
// we're not sending anything new to you"
header('Last-Modified: '.gmdate('D, d M Y', $ts).' GMT', true, 304);
exit(); // bye-bye
}
// outputing HTTP headers
header('Content-Length: '.strlen($data));
header("Content-type: image/{$ext}");
// outputing image
echo $data;
exit();
}
else if ($_POST["action"] == "delete")
{
$imageid = intval($_POST['del']);
mysql_query("DELETE FROM {$table} WHERE imageid=$imageid");
$msg = 'Image deleted';
}
}
}
?>
Through some guidance I received on this site I've been able to come up with the way to check the filesize, which starts at this line:
if($_FILES["fileupload"]["size"]/1024000 >= 10)
but I cannot get the error message to work.
The specific message needs to be activated if the file size is over 1MB. When I try to upload a file greater than this, the file is correctly rejected, but I receive the incorrect error message, 'Error: unknown file format'.
I've tried all number of ways to try to get this to work, but I just get the same incorrect error message.
I would be so grateful if someone could take a look at this and let me know where I'm going wrong.
Many thanks
SOLUTION
if (isset($_FILES['photo']))
{
list($width, $height, $imtype, $attr) = getimagesize($_FILES['photo']['tmp_name']);
// Get image type.
if ($imtype == 3)
$ext="png"; //
elseif ($imtype == 2)
$ext="jpeg";
elseif ($imtype == 1)
$ext="gif";
else
$msg = 'Error: unknown file format';
if($_FILES["photo"]["size"]/102400 >= 1) {
$msg = "he file you wish to upload is:<strong>[ ". $_FILES["photo"]["size"]/1024000 . " MB]</strong> is more than allowed Size.";
}
I'm new to php but i searched for that and found this in manual
http://php.net/manual/en/function.set-error-handler.php
I posted as an answer because i cant comment. i hope it helps.
Looks like all of your other error messages go into a variable called $msg. I updated your calculation to be a bit easier:
if($_FILES["fileupload"]["size"]/102400 >= 1)
{
$msg = "<br />Your uploaded file size:<strong>[ ". $_FILES["fileupload"]["size"]/1024000 . " MB]</strong> is more than allowed Size.<br />";
}