I am using Cbeyond (www.cbeyond.com, some of you might be familiar with them) as a PHP Enabled webhost, I'm having issues with my PHP Upload functions, when I check as follows:
$error = $_FILES['uploadedfile']['error'];
echo $error;
I get "6", for the error message: "UPLOAD_ERR_NO_TMP_DIR"
I have a /tmp directory at my root, here is the file structure:
/ <--- ftp root (contains a working /tmp)
/www/htdocs/ <-- webroot
I've tried creating:
/www/htdocs/tmp (no luck)
Is there anyway to create a tmp location on the fly, I just need to parse an uploaded .txt file into my MySQL DB.
You probably need to check with CBeyond whether they allow file uploading or not. If so, check with them whether their php.ini File Uploads section has upload_tmp_dir properly defined.
Related
this is my code:
$uploaddir = '/temp/';
$uploadfile = $uploaddir.basename($_FILES['file']['name']);
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile))
send_OK();
else
send_error("ERROR - uploading file");
i have tried to upload with ftp_fput, ftp_put, move_uploaded_file, rename, copy and anything i can put my hands on. nothing seems to work.
i can't understand what is the problem since move_uploaded_file returns only true or false and no error code.
help??
Are you sure that the target directory has write permissions for world?ie,the third number in permission representation?
The files uploaded by php are owned by and comes under the group www-data
You can change the ownership by
[sudo] chown -R www-data folder // change owner
[sudo] chown -R www-data:www-data folder // change group and owner
i don't know why
But you have to.
That's what error messages are for.
Do you see any error message when something goes wrong? If not, then you have to check error logs.
Add this line at the top of your code
error_reporting(E_ALL);
and this one, if it's your local (not live) server
ini_set('display_errors',1);
so you'll be able to see errors onscreen
For the file uploads you have to check $_FILES['file']['error']) first. it it's not 0, refer to the manual page for the actual message.
I experienced a similar problem when using move_uploaded_file which would fail to upload particular files with an $_FILES['filename']['error'] code of 0.
It turns out that the name of the file needs to be unique in relation to the destination directory. move_uploaded_file does not know how to handle identical files names.
Have you check the limit of the file size? One of the reason if crashing could be that you are trying to upload a file bigger than the limit in your configuration. Look at the config var "upload_max_filesize" in your php.ini and check the size of the file.
This caught me out too. Be aware of:
move_uploaded_file() is both safe mode and open_basedir aware. However, restrictions are placed only on the destination path as to allow the moving of uploaded files in which filename may conflict with such restrictions. move_uploaded_file() ensures the safety of this operation by allowing only those files uploaded through PHP to be moved.
These settings can cause the upload to fail if you try to move the file outside of your website base directory for example.
In addition to permissions, be sure to check that there is disk space available on your server. If not, move_uploaded_file() will fail with error 0.
Did you try to activate error_reporting?
You should check your php-config if file uploads are allowed.
I don't know how to fix this but the problem is that it won't upload to the server that I'm using to host the website it creates the folder just fine but won't move it. The coding for the moving is below.
This is the error I get
Warning: move_uploaded_file(./userdata/profile_pics/iOy1pQXTZsLw7VA/) [function.move-uploaded-file]: failed to open stream: Is a directory in /home/a4640336/public_html/account_settings.php on line 103
and as well as this error code
Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpX1zVno' to './userdata/profile_pics/iOy1pQXTZsLw7VA/' in /home/a4640336/public_html/account_settings.php on line 103
move_uploaded_file(#$_FILES["profilepic"]["tmp_name"],"./userdata/profile_pics/$rand_dir_name/".$FILES["profilepic"]["name"]);
echo "Your profile pic has been updated!".#$_FILES ["profilepic"]["name"];
//$profile_pic_name = #$_FILES["profilepic"] ["name"];
//$profile_pic_query= mysql_query("UPDATE users SET profile_pic='$rand_dir_name/$profile_pic_name' WHERE username='$username'");
//header("location: account_settings.php");
Overall I have tried to change where it is located to have it leading directly from the source but it doesn't change. If anyone can help please help me!
PS the commented out parts were done to be able to see the error
For those using PHP on Windows and IIS, you SHOULD set the "upload_tmp_dir" value in php.ini to some directory around where your websites directory is, create that directory, and then set the same permissions on it that you have set for your websites directory. Otherwise, when you upload a file and it goes into C:\WINDOWS\Temp, then you move it to your website directory, its permissions will NOT be set correctly.And If you try to upload a file larger than the post_max_size value (or multi files), the page will only refresh itself and no errors are thrown.
The destination directory must exist; move_uploaded_file() will not automatically create it for you.
You must
make sure that the file is not empty.
make sure the file name in English characters, numbers and (_-.) symbols, For more protection.
make sure that the file name not bigger than 250 characters.
Check File extensions and Mime Types that you want to allow in your
project. You can use : pathinfo(). or you can use regular expression for check File extensions as in example
Check file size and make sure the limit of php.ini to upload files
is what you want, You can start from here.
Check the file content if have a bad codes or something like this
function
move_uploaded_file($_FILES["file"]["tmp_name"], "../uploads/" . $_FILES["file"]["name"]);
Also check dir have writable permission
you need to use server path for file upload
$files = glob($_SERVER["DOCUMENT_ROOT"]."/myFolder/*");
$_SERVER["DOCUMENT_ROOT"] will get server path like var/host/public_html/your_folder
May this help you
I am building a upload feature on my project.I have done other validation on exist,size and type but there were some little more validation needed.I found out mime validation where no matter what file extension a user upload it checks the real file type.Below code did that work for me.Now whenever a user try to upload .php file as a .png/jpg/jpeg or any other fake extension name my code catches as malicious file type.But I have a question that when a user upload a file at first it goes on temporary directory.Is that temporary directory is used from client pc or from our server?If its from our server then will that malicious fake extension file can be dangerous for us or not?
$imageInfo = getimagesize($_FILES['file']['tmp_name']);
if ($imageInfo['mime'] == ("image/png") || $imageInfo['mime'] == ("image/jpeg")
|| $imageInfo['mime'] == ("image/jpg")) {
From the manual:
Files will, by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The server's default directory can be changed by setting the environment variable TMPDIR in the environment in which PHP runs.
The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.
Unless you do something intentionally stupid like run files found within that temporary directory, or cause them to be run, you're fine. It's not dangerous for a file to simply exist for a short period of time only to be deleted.
the temp directory is from your server, and it is possible to execute files in the temp directory, so you can run the sys_get_temp_dir() so you can know the location of the temp directory and change the permission to Read and Write only.
first get extension then use extension in if condition like this :
$extension = image_type_to_extension($imageInfo[2]);
I am using XAMPP on Windows. By printing $_FILES["file"]["tmp_name"], it seems that the temporary file was saved at C:\xampp\tmp\phpABCD.tmp. But I cannot see it on the filesystem of the server. However, the file can be moved or copied via move_uploaded_file(), rename(), or copy(). So where does PHP actually save temporary files during uploading?
It saves it at the path specified in $_FILES["file"]["tmp_name"], but deletes it after the script is done executing. It's up to you to move the file elsewhere if you want to preserve it.
Its specified in upload_tmp_dir in your php.ini file. It is deleted by the system automatically after use.
You can check where php is currently saving your temp files $_FILES["file"]["tmp_name"] by printing
sys_get_temp_dir()
Use move_uploaded_file(file, path), specify the file and the path where you want to store the file.
A copy of that file is created and gets stored.
php stores all temporary files, that includes uploaded files, in the temporary files directory as specified in the php.ini. Note that for uploads, those files might be removed as soon as the script the file was uploaded to was terminated (so unless you delay that script, you probably won't see the uploaded file). Another reason might be that the file is simply hidden on the file system.
So if you want to see the file, you might want to make sure you see all hidden files in the explorer and delay the script as long as you need to find the file.
from http://www.php.net/manual/en/features.file-upload.php#93602, "...the uploaded file will inherit the permissions of the directory specified in the directive upload_tmp_dir of php.ini. If this directive isn't set, the default of C:\Windows\Temp is used..."
Note that the file is saved binary in $_FILES["file"]["tmp_name"], so you may open it maybe with file_get_contents if it is an image or something like this...
IF you are asking the file location then it depend on the setting of server. but if you are asking whether it saved first in local system or in server. then answer is it save in temp folder in server.
I have a few image upload scripts and wordpress blog as well.
I think the client tried to upload a 3mb+ images or so and since then everythings stopped working, to further inspection and adding error handlers i found out that
it was UPLOAD TEMP DIR not FOUND
i cant touch the ini file, its shared hosting but i can create a local ini file
i've been told to add php.ini in the public_html folder
it only works i.e prints out the upload_tmp_dir when its in the same folder as the script anyway
i put this in the ini file
upload_tmp_dir = "/home/USER/tmp"
also tried
upload_tmp_dir = "/home/USER/public_html/tmp"
but the first one is where the tmp folder was but i tried creating it else where with 777 permissions
leave ini in same folder as the script and calling
echo ini_get('upload_tmp_dir');
gives me: [given i set it to that]
/home/USER/tmp
sys_get_temp_dir();
gave me
/tmp
anyway NOW i get no errors, says file is uploaded but its no where to be found.
not sure WTF is going on but clients wrecking my head and so is this.
PHP will delete uploaded files when the script exits, unless you've moved/copied the file somewhere else yourself. The upload process isn't a "do it now and come back later to deal with it" system. It's "deal with it now, or it's gone".
To retrieve the file's temporary storage location/name, you use $_FILES['namegiveninform']['tmp_name'], and generally would use move_uploaded_file() to move the file into its permanent storage location.