$myfilepath = SITEROOT."/uploads/vaibhav_photo/thumbnail/".$user_avatar['thumbnail'];
if(file_exists($myfilepath))
{
echo "file exist";
}
else
{
echo "file does not exist";
}
It always goes to else part even though file is present.
if anybody have an alternate option for this in PHP please reply as fast as possible,
file_exists works on file paths only. http:// URLs are not supported.
$myfilepath = SITEROOT.DS.'uploads'.DS.'vaibhav_photo'.DS.'thumbnail'.DS.$user_avatar['thumbnail'];
NOTE::SITEROOT have actual root path and DS is constant DIRECTORY_SEPARATOR.
Pekka is correct that file_exists does not support http protocol.
You can however use file_get_contents
if(file_get_contents($myfilepath)) {
echo "file exist";
}
By default this pulls back the entire contents of the file. If this is not what you want you can optimise this by adding some flags:
if(file_get_contents($myfilepath, false, null, 0, 1)) {
echo "file exist";
}
This syntax will return the first character if it exists.
Check what your working directory is with getcwd().
Your path
example.com/uploads/etc/etc.jpg
is interpreted relative to the current directory. That's likely to be something like
/var/www/example.com
so you ask file_exists() about a file named
/var/www/example.com/example.com/uploads/etc/etc.jpg
You need to either figure out the correct absolute path (add the path containing all site roots in front of SITEROOT) or the correct relative path (relative to the directory your script is in, without a leading /).
tl;dr: try
$myfilepath = 'uploads/etc/etc.jpg';
Related
In the code below, file_exists() is not working as expected. Even when I'm trying to upload the same file, the else part gets executed. (ie file_exists() returns false in every case.) What is the reason behind this behavior?
if (isset($_FILES['file']['name']) && isset($_FILES['file']['size']) && isset($_FILES['file']['type']) && isset($_FILES['file']['tmp_name']))
{
if (!empty($_FILES['file']['name']) && strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION))=='jpg' || strtolower(pathinfo($_FILES['file']['name'], PATHINFO_EXTENSION))=='jpeg')
{
if(file_exists($_FILES['file']['name']))
{
echo 'file exists';
}
else
{
move_uploaded_file($_FILES['file']['tmp_name'], 'Images/'.$_FILES['file']['name']);
echo $_FILES['file']['name'].' Uploaded'.'<br>';
}
}
}
else{
echo 'select your file';
}
The problem
When you use file_exists, you only use the short name of the file.
if(file_exists($_FILES['file']['name']))
For example, if you upload a file called test.jpg, it checks if ./test.jpg exists.
But, when you actually move the uploaded file, you put it in a directory called Images:
move_uploaded_file($_FILES['file']['tmp_name'], 'Images/'.$_FILES['file']['name']);
Now, if you upload that test.jpg, it's moved to ./Images/test.jpg, which isn't found by your other code.
The solution
You should use the same file name in both cases. So, just change the if with the file_exists call to:
if(file_exists('Images/'.$_FILES['file']['name']))
This code adds the folder name to the file name, so that you check for the correct path; uploading test.jpg leads to checking the file ./Images/test.jpg.
$_FILES['file']['name'] is your INPUT / POST data, not your real file;
You should check $your_dir_path_to_file . '/'.$_FILES['file']['name']
Set up the default file system separator (system dependent):
defined('DS') ? null : define('DS', DIRECTORY_SEPARATOR);
If you can, try using absolute path not a relative one and secure the system from names like "../../file.jpg":
defined('BASE_PATH') ? null : define('BASE_PATH', 'C:'.DS.'www'.DS.'Images'.DS);
I am trying to delete a file from the Server.
The files of my application is in a folder name "/public_html/app/";
All the images associated with the application is located in the following path: "/public_html/app/images/tryimg/"
The file in which I am writing the below code spec is in "/public_html/app/".
Here is my code snipet:
<?php
$m_img = "try.jpg"
$m_img_path = "images/tryimg".$m_img;
if (file_exists($m_img_path))
{
unlink($m_img_path);
}
// See if it exists again to be sure it was removed
if (file_exists($m_img))
{
echo "Problem deleting " . $m_img_path;
}
else
{
echo "Successfully deleted " . $m_img_path;
}
?>
When the above script is executed the message "Successfully deleted try.jpg" is displayed.
But when I navigate to the folder, the file is not deleted.
Apache: 2.2.17
PHP version: 5.3.5
What am I doing wrong?
Do I have to give a relative or absolute path to the image?
you're missing a directory separator:
$m_img = "try.jpg"
$m_img_path = "images/tryimg".$m_img;
// You end up with this..
$m_img_path == 'images/tryimgtry.jpg';
You need to add a slash:
$m_img_path = "images/tryimg". DIRECTORY_SEPARATOR . $m_img;
You also need to change your second file_exists call as you're using the image name and not the path:
if (file_exists($m_img_path))
You check the wrong path:
if (file_exists($m_img))
while you (tried to) delete(d) $m_img_path, so replace your check with
if (file_exists($m_img_path))
unlink() returns a boolean value to indicate whether the deletion succeeded or not, so it is easier/better to use this value:
if (file_exists($m_img_path))
{
if(unlink($m_img_path))
{
echo "Successfully deleted " . $m_img_path;
}
else
{
echo "Problem deleting " . $m_img_path;
}
}
Furthermore, the current directory is at the location where the script is executed, so you need to keep this in mind when using a relative path. In most situations it is probably better/easier to use absolute paths if possible.
If you need paths to a lot of files on your server, you might want to put the absolute path in a variable and use that, so it is easy to change the absolute location if your server configuration changes.
I'm having a very weird issue with file_exists(). I'm using this function to check if 2 different files in the same folders do exist. I've double-checked, they BOTH do exist.
echo $relative . $url['path'] . '/' . $path['filename'] . '.jpg';
Result: ../../images/example/001-001.jpg
echo $relative . $url['path'] . '/' . $path['filename'] . '.' . $path['extension'];
Result: ../../images/example/001-001.PNG
Now let's use file_exists() on these:
var_dump(file_exists($relative . $url['path'] . '/' . $path['filename'] . '.jpg'));
Result: bool(false)
var_dump(file_exists($relative . $url['path'] . '/' . $path['filename'] . '.' . $path['extension']));
Result: bool(true)
I don't get it - both of these files do exist. I'm running Windows, so it's not related to a case-sensitive issue. Safe Mode is off.
What might be worth mentioning though is that the .png one is uploaded by a user via FTP, while the .jpg one is created using a script. But as far as I know, that shouldn't make a difference.
Any tips?
Thanks
file_exists() just doesn't work with HTTP addresses.
It only supports filesystem paths (and FTP, if you're using PHP5.)
Please note:
Works :
if (file_exists($_SERVER['DOCUMENT_ROOT']."/folder/test.txt")
echo "file exists";
Does not work:
if (file_exists("www.mysite.com/folder/test.txt")
echo "file exists";
Results of the file_exists() are cached, so try using clearstatcache(). If that not helped, recheck names - they might be similar, but not same.
I found that what works for me to check if a file exists (relative to the current php file it is being executed from) is this piece of code:
$filename = 'myfile.jpg';
$file_path_and_name = dirname(__FILE__) . DIRECTORY_SEPARATOR . "{$filename}";
if ( file_exists($file_path_and_name) ){
// file exists. Do some magic...
} else {
// file does not exists...
}
Just my $.02: I just had this problem and it was due to a space at the end of the file name. It's not always a path problem - although that is the first thing I check - always. I could cut and paste the file name into a shell window using the ls -l command and of course that locates the file because the command line will ignore the space where as file_exists does not. Very frustrating indeed and nearly impossible to locate were it not for StackOverflow.
HINT: When outputting debug statements enclose values with delimiters () or [] and that will show a space pretty clearly. And always remember to trim your input.
It's because of safe mode. You can turn it off or include the directory in safe_mode_include_dir. Or change file ownership / permissions for those files.
php.net: file_exists()
php.net: safe mode
Try using DIRECTORY_SEPARATOR instead of '/' as separator. Windows uses a different separator for file system paths (backslash) than Linux and Unix systems.
A very simple trick is here that worked for me.
When I write following line, than it returns false.
if(file_exists('/my-dreams-files/'.$_GET['article'].'.html'))
And when I write with removing URL starting slash, then it returns true.
if(file_exists('my-dreams-files/'.$_GET['article'].'.html'))
I have a new reason this happens - I am using PHP inside a Docker container with a mounted volume for the codebase which resides on my local host machine.
I was getting file_exists == FALSE (inside Composer autoload), but if I copied the filepath into terminal - it did exist! I tried the clearstatche(), checked safe-mode was OFF.
Then I remembered the Docker volume mapping: the absolute path on my local host machine certainly doesn't exist inside the Docker container - which is PHP's perspective on the world.
(I keep forgetting I'm using Docker, because I've made shell functions which wrap the docker run commands so nicely...)
It can also be a permission problem on one of the parent folders or the file itself.
Try to open a session as the user running your webserver and cd into it. The folder must be accessible by this user and the file must be readable.
If not, php will return that the file doesn't exist.
have you tried manual entry. also your two extensions seem to be in different case
var_dump(file_exists('../../images/example/001-001.jpg'));
var_dump(file_exists('../../images/example/001-001.PNG'));
A custom_file_exists() function inspired by #Timur, #Brian, #Doug and #Shahar previous answers:
function custom_file_exists($file_path=''){
$file_exists=false;
//clear cached results
//clearstatcache();
//trim path
$file_dir=trim(dirname($file_path));
//normalize path separator
$file_dir=str_replace('/',DIRECTORY_SEPARATOR,$file_dir).DIRECTORY_SEPARATOR;
//trim file name
$file_name=trim(basename($file_path));
//rebuild path
$file_path=$file_dir."{$file_name}";
//If you simply want to check that some file (not directory) exists,
//and concerned about performance, try is_file() instead.
//It seems like is_file() is almost 2x faster when a file exists
//and about the same when it doesn't.
$file_exists=is_file($file_path);
//$file_exists=file_exists($file_path);
return $file_exists;
}
This answer may be a bit hacky, but its been working for me -
$file = 'path/to/file.jpg';
$file = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].'/'.$file;
$file_headers = #get_headers($file);
if($file_headers[0] == 'HTTP/1.1 404 Not Found') {
$exists = false;
}else{
$exists = true;
}
apparently $_SERVER['REQUEST_SCHEME'] is a bit dicey to use with IIS 7.0 + PHP 5.3 so you could probably look for a better way to add in the protocol.
I found this answer here http://php.net/manual/en/function.file-exists.php#75064
I spent the last two hours wondering what was wrong with my if statement: file_exists($file) was returning false, however I could call include($file) with no problem.
It turns out that I didn't realize that the php include_path value I had set in the .htaccess file didn't carry over to file_exists, is_file, etc.
Thus:
<?PHP
// .htaccess php_value include_path '/home/user/public_html/';
// includes lies in /home/user/public_html/includes/
//doesn't work, file_exists returns false
if ( file_exists('includes/config.php') )
{
include('includes/config.php');
}
//does work, file_exists returns true
if ( file_exists('/home/user/public_html/includes/config.php') )
{
include('includes/config.php');
}
?>
Just goes to show that "shortcuts for simplicity" like setting the include_path in .htaccess can just cause more grief in the long run.
In my case, the problem was a misconception of how file_exists() behaves with symbolic links and .. ("dotdot" or double period) parent dir references. In that regard, it differs from functions like require, include or even mkdir().
Given this directory structure:
/home/me/work/example/
www/
/var/www/example.local/
tmp/
public_html -> /home/me/work/example/www/
file_exists('/var/www/example.local/public_html/../tmp/'); would return FALSE even though the subdir exists as we see, because the function traversed up into /home/me/work/example/ which does not have that subdir.
For this reason, I have created this function:
/**
* Resolve any ".." ("dotdots" or double periods) in a given path.
*
* This is especially useful for avoiding the confusing behavior `file_exists()`
* shows with symbolic links.
*
* #param string $path
*
* #return string
*/
function resolve_dotdots( string $path ) {
if (empty($path)) {
return $path;
}
$source = array_reverse(explode(DIRECTORY_SEPARATOR, $path));
$balance = 0;
$parts = array();
// going backwards through the path, keep track of the dotdots and "work
// them off" by skipping a part. Only take over the respective part if the
// balance is at zero.
foreach ($source as $part) {
if ($part === '..') {
$balance++;
} else if ($balance > 0) {
$balance--;
} else {
array_push($parts, $part);
}
}
// special case: path begins with too many dotdots, references "outside
// knowledge".
if ($balance > 0) {
for ($i = 0; $i < $balance; $i++) {
array_push($parts, '..');
}
}
$parts = array_reverse($parts);
return implode(DIRECTORY_SEPARATOR, $parts);
}
I just encountered this same problem and I solved it in a mysterious way. After inserting a a filepath I copied from Windows File explorer. file_exists() keeps returning false continuously, but if I copy same path from VSCode editor it works perfectly.
After dumping variables with var_dump($path); I noticed something mysterious.
For path I copied from file explorer it shows length 94.
For path I copied from VSCode Editor it shows length 88.
Both path look same length on my code Editor.
My suggestion: if string contain hidden characters, it may fail and not work.
I have a simple statement below:
if(file_exists('/images/alum/'.$profile['pic']))
echo '/images/alum/'.$profile['pic'];
else echo '/images/user_default.jpg';
The file is there but it's always going to the default image. What have I got wrong?
You are saying on the server that the file at the root of the file system exists. You will have to probably add some . or ..
Try:
if(file_exists('./images/alum/'.$profile['pic']))
echo '/images/alum/'.$profile['pic'];
else echo '/images/user_default.jpg';
i.e. changing the "/images" to "./images" but only in the file_exists call.
Change it to this.
if(file_exists('./images/alum/'.$profile['pic']))
echo './images/alum/'.$profile['pic'];
else
echo './images/user_default.jpg';
make sure that $profile['pic'] has valid file name, contraction with path is valid, and current directory with parth point to file...
temporary negate condition to see file from profile...
I'm hoping to make my tiny program secure so that potential malicious users cannot view sensitive files on the server.
$path = "/home/gsmcms/public_html/central/app/webroot/{$_GET['file']}";
if(file_exists($path)) {
echo file_get_contents($path);
} else {
header('HTTP/1.1 404 Not Found');
}
Off the top of my head I know that input such as '../../../../../../etc/passwd' would be trouble, but wondering what other malcious inputs I should expect and how to prevent them.
realpath() will let you convert any path that may contain relative information into an absolute path...you can then ensure that path is under a certain subdirectory that you want to allow downloads from.
Use basename rather than trying to anticipate all the insecure paths a user could provide.
Solution by the OP:
$baseDir = "/home/gsmcms/public_html/central/app/webroot/";
$path = realpath($baseDir . $_GET['file']);
// if baseDir isn't at the front 0==strpos, most likely hacking attempt
if(strpos($path, $baseDir) !== 0) {
die('Invalid Path');
} elseif(file_exists($path)) {
echo file_get_contents($path);
} else {
header('HTTP/1.1 404 Not Found');
echo "The requested file could not be found";
}
If you can, use a whitelist like an array of allowed files and check the input against that: if the file asked by the user isn't present in that list, deny the request.
There is an additional and significant security risk here. This script will inject the source of a file into the output stream without any server-side processing. This means that all your source code of any accessible files will be leaked to the internet.
Even if you are using realpath, you should still strip all ".." before using it. Otherwise an attacker can read your servers entire directory structure with brute force, e.g. "valid_folder/../../test_if_this_folder_name_exists/valid_folder" - if the application accepts this path, the attacker knows that the folder exists.
Another approach:
$path = "/app/webroot/{$_GET['file']}";
$realTarget = realpath($path);
if( strtolower($path) !== strtolower($realTarget) ) {
// invalid path!
}
// life goes on
I think this is the best answer for PHP7.
This will only allow people to see files they have the absolute path to.
It won't let people fish for valid filenames outside the specified path by making all failure conditions report the same.
$base_dir = $temp_path;
$path = "";
if(isset($_GET['filename'])) {
$path = realpath($base_dir.$_GET['filename']);
//realpath returns false if the file doesnt exist
if(!$path ||
//dont look outside temp path
substr($path, 0, strlen($base_dir)) != $base_dir){
header('HTTP/1.1 404 Not Found');
echo "The requested file could not be found";
die;
}
}
To strip all /. /.. or \. \.. and convert to all forward slash because the different environments will accept forward slash. This should provide a fairly safe filter for path input. In your code you should be comparing it to parent directories that you do not want access just in case.
$path = realpath(implode('/', array_map(function($value) {return trim($value, '.');}, explode('/', str_replace('\\', '/', $path)))));