Strange PHP error.

Barrucadu · 08-09-2005, 09:03 AM

PHP Code:

  <?php

 // Where the file is going to be placed temporarly

$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

????: NamePros.com http://www.namepros.com/programming/114050-strange-php-error.html
 
$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);

 
// getting the extention

$pos = strpos($oldfile,".",0);

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," ");

 
if(!$ext = "gif") {

    if(!$ext = "jpg") {

        if(!$ext = "png") {

            if(!$ext = "bmp") {

                echo "Dissallowed File Extension!";

                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

                echo "<p><a href=\"Home.php\">Try Again</a></p>";

                die();

            }

        }

    }

}

 
//Check the size

if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){

    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

//new file name exmaple for a profile image of a user

$newfile = Date("d:S:w:z:W:B:s:i") . "." . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

     echo "<p>We reserve the right to delete any file on our server.</p>"; 

     echo "<p><a href=\"Home.php\">Upload Another</a></p>";

} else{

     echo "There was an error uploading the file, please try again!";

     echo "<p><a href=\"Home.php\">Try Again</a></p>";

}

?>

EDIT: I just checked again and the whole page dosnt work so I edited it in.

mholt · 08-09-2005, 09:08 AM

...what's your error?

Barrucadu · 08-09-2005, 09:10 AM

sorry, should have metioned that.

1) it says all files i try to upload are over 1MB even when they're not.
2) it says the file upload failed if i disable the size checker.

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
i havent found any more errors yet.

incase you need it heres the HTML of the form on Home.php thats sending the file:

Code:

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

mholt · 08-09-2005, 09:13 AM

Okay, so really what you want to do is fix the first error which will also fix the second one.

Got it - you have <= in the size checker. You want >=

*lol* right now it won't let files UNDER 1 MB in

Yeah, change that

Barrucadu · 08-09-2005, 09:19 AM

1) ok, i tried what you said and it didnt work.
2) the size checker IF statement is

PHP Code:

  if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){ 

????: NamePros.com http://www.namepros.com/showthread.php?t=114050

so if it was >= it would be "if filesize is not greater-than or equal to 1MB disallow it". (! does mean not dosnt it?)

Amnezia · 08-09-2005, 09:20 AM

Its because the code you have is comparing the file name and not the file size

try this:

PHP Code:

  //Check the size

if(!filesize($_FILES['uploadedfile']['size']) <= 1048576){

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

Barrucadu · 08-09-2005, 09:20 AM

ahhhh, i knew it would be some stupid mistake (like all my mistakes in php)

ok, I messed arround with the syntax and I got

PHP Code:

  if(filesize($_FILES['uploadedfile']['size']) >= 1048576){

    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

which now works. but it still says there was an error uploading this file, also can someone tell me if me if the extension checker (in my first post, but i'll repost it now) would work?
????: NamePros.com http://www.namepros.com/showthread.php?t=114050

PHP Code:

  // getting the extention

$pos = strpos($oldfile,".",0);

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); 

if(!$ext = "gif") {

    if(!$ext = "jpg") {

        if(!$ext = "png") {

            if(!$ext = "bmp") {

                echo "Dissallowed File Extension!";

                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

                echo "<p><a href=\"Home.php\">Try Again</a></p>";

                die();

            }

        }

    }

}

ATM whats its supposed to do is check if its not a gif, jpg, png or bmp it shows the error message. Im new to PHP so i just guessed at the code, hopefully I got it right.

Amnezia · 08-09-2005, 09:26 AM

actaully i just realised my code is wrong it should be

PHP Code:

  //Check the size

if($_FILES['uploadedfile']['size'] >= 1048576){

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

have you check that you have permission to write to the upload directory

mholt · 08-09-2005, 09:28 AM

That's still checking to see if it's SMALLER than 1 MB.

You need to reverse the <= to be >=.

Barrucadu · 08-09-2005, 09:30 AM

Originally Posted by Amnezia

have you check that you have permission to write to the upload directory

should have, its on my pc.

Amnezia · 08-09-2005, 09:37 AM

heres how i would test for the correct extension

PHP Code:

  $ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
}

Barrucadu · 08-09-2005, 09:42 AM

Originally Posted by Amnezia

heres how i would test for the correct extension

PHP Code:

  $ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
}

hmmm... when i run it it seams to skip the extension checking... it just says "File Upload Failed"

mholt · 08-09-2005, 09:43 AM

Just check the MIME type... it's more secure

iNod · 08-09-2005, 09:44 AM

PHP Code:

  if(!$ext = "gif") {

    if(!$ext = "jpg") {

        if(!$ext = "png") {

            if(!$ext = "bmp") {

                echo "Dissallowed File Extension!";

                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

                echo "<p><a href=\"Home.php\">Try Again</a></p>";

                die();

            }

        }

    }

}

That is abit to much eh? I would suggest using something like..

PHP Code:

  $FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp'); 

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'

                   ,'image/png','application/msword');

 
$file_type = $_FILES['userfile']['type']; 

$file_name = $_FILES['userfile']['name'];

$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
 
if(!in_array($file_type, $FILE_MIMES) 

          && !in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file type.");

}

The above basically sets an array which allows certain ext& MIME types in_array(); function basically checks to see if the file ext/MIME is there. In this case if it isn't there it reports an error (which is !'s fault)

Regards,

Barrucadu · 08-09-2005, 09:53 AM

ok

PHP Code:

  // checking the extention

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');

$file_name = $_FILES['userfile']['name'];

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

 
if(!in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file extension.");

}

dosnt work, now i'll try

PHP Code:

   $FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp');

$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'

                   ,'image/png','application/msword');

 
$file_type = $_FILES['userfile']['type'];

$file_name = $_FILES['userfile']['name'];

$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

 
if(!in_array($file_type, $FILE_MIMES)

          && !in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file type.");

}

EDIT:

ok, neither work, is it something wrong with my form?

Code:

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

Amnezia · 08-09-2005, 09:54 AM

I think it could be because your trying to create a file with a : in the name

Barrucadu · 08-09-2005, 09:57 AM

wheres that?

mholt · 08-09-2005, 09:57 AM

Possible - : is an invalid character in filenames.

When you go to rename the file to the date...

Barrucadu · 08-09-2005, 10:01 AM

ok, i messed around with it (file extension still not working, so its disabled for now) heres teh current code

PHP Code:

  <?php

 // Where the file is going to be placed temporarly

$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
 
$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);

 
/*// checking the extention

$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');

$file_name = $_FILES['userfile']['name'];

$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

 
if(!in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file extension.");

}*/

 
//Check the size

if(filesize($_FILES['uploadedfile']['size']) >= 1048576){

    die( "File too large!");

}

//new file name exmaple for a profile image of a user

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
$newfile = Rand(1,9999999999) . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

     echo "<p>We reserve the right to delete any file on our server.</p>"; 

     die( "<p><a href=\"Home.php\">Upload Another</a></p>");

} else{

     echo "There was an error uploading the file, please try again!";

     die( "<p><a href=\"Home.php\">Try Again</a></p>");

}

?>

and it still dosnt work.

Amnezia · 08-09-2005, 10:05 AM

ok this will work to check the extension

PHP Code:

   
 $ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
}

i missed the dots in the if statement

full code

PHP Code:

  
<?php

// Where the file is going to be placed temporarly

$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

 
$target_path = "/uploads/";

 
$oldfile =  basename($_FILES['uploadedfile']['name']);

 

$ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
} 

//Check the size

if($_FILES['uploadedfile']['size']) >= 1048576){

    die( "File too large!");

}

//new file name exmaple for a profile image of a user

$newfile = Rand(1,9999999999) . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
     echo "<p>We reserve the right to delete any file on our server.</p>";

     die( "<p><a href=\"Home.php\">Upload Another</a></p>");

} else{

     echo "There was an error uploading the file, please try again!";

     die( "<p><a href=\"Home.php\">Try Again</a></p>");

}

?>

Barrucadu · 08-09-2005, 10:13 AM

still saying invalid file extension for nomatter what file i try

mholt · 08-09-2005, 10:53 AM

... use MIME detection! It's more secure!!

Barrucadu · 08-09-2005, 11:04 AM

ok, ive fixed everything except the uploading, heres the script:

PHP Code:

  <?php

 // Where the file is going to be placed temporarly

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

 
$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);

 
// checking the extention

$ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".GIF")&&(!$ext==".JPG")&&(!$ext==".PNG")&&(!$ext==".BMP")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".JPX")&&(!$ext==".JPE")){

 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png, .bmp, .jpx, .jpe, .GIF, .JPG, .PNG, .BMP, .JPX and .JPE</p>";

   die( "<p><a href=\"Home.php\">Try Again</a></p>");

 
} 

 
//Check the size

if($_FILES['uploadedfile']['size'] >= 1048576){

    die( "File too large!");

}

//new file name exmaple for a profile image of a user

$newfile = Rand(1,9999999999) . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

     echo "<p>We reserve the right to delete any file on our server.</p>"; 

     die( "<p><a href=\"Home.php\">Upload Another</a></p>");

} else{

     echo "There was an error uploading the file, please try again!";

     die( "<p><a href=\"Home.php\">Try Again</a></p>");

}

?>

now it returns the error:

Code:

Warning: move_uploaded_file(/uploads/1353736806.bmp) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\ISC\upload.php on line 33

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\DOCUME~1\Boys\LOCALS~1\Temp\php86.tmp' to '/uploads/1353736806.bmp' in C:\ISC\upload.php on line 33

if you want to test the script (on my pc) goto http://83.100.182.192 I should be hosting the script for the next few hours.

RJ · 08-09-2005, 11:13 AM

Try a different $target_path setting, such as
$target_path = "C:\\ISC\\";

See if it works.

Barrucadu · 08-09-2005, 11:15 AM

yay! all working! but how would i replace the C:\ISC\Uploads\ to a relative directory e.g. \Uploads\ ?

EDIT:

ive changed the naming to

PHP Code:

  $newfile = Rand(1,9999999999) . reverse_strrchr($_FILES['uploadedfile']['name'],".") . $ext;

and the reverse_strrchr function mentioned is here

PHP Code:

  function reverse_strrchr($haystack, $needle)

{

   $pos = strrpos($haystack, $needle);

   if($pos === false) {

       return $haystack;

   }

   return substr($haystack, 0, $pos + 1);

}

how would i make that reverse_strrchr function not include the character searched for? e.g. i uploaded a test file land.bmp, the filename it gave it was http://www.ISC.tk/uploads/browseuplo...91359land..bmp i want to get rid of one of the .s there are 2, one from the extension and one from the reverse_strrchr.

also the search page dosnt work, heres the php:

PHP Code:

  <?php

 
$form = "<form method=\"POST\" action=\"search.php\">";

$form .= "Search for: <input type=\"text\" name=\"criteria\">

             <input type=\"Submit\" name=\"Submit\" value=\"Submit\">";

$form .= "</form>";

 
// check is user submitted, if not, show the form

if ($_POST['Search'] != "Search")

{

    echo $form;

}

else

{

 
$directory = "/uploads/";

 
if (is_dir($directory))

{

   $open_dir = opendir($directory);

    while (($file = readdir($open_dir)) !== false)

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
    {

        // Place filenames into an array

        $files[] = $file;

    }

    closedir($open_dir);

 
    // files are in an array, check if search criteria meets any names in array

    if (in_array($_POST['criteria'], $files))

    {

        foreach ($files AS $file_result)

????: NamePros.com http://www.namepros.com/showthread.php?t=114050
        {

            if (stristr($file_result, $_POST['criteria']))

            {

                echo "File Found : <a href = \"/uploads/browseupload.php?file=".$file_result.">View Result</a>";

            }

        }

    }

    else

    {

        echo "Search Criteria not found<br /> Please try again<br /><br />";

        echo $form;

    }

}

 
}

 
?>

can someone fix that?

08-09-2005, 09:03 AM	THREAD STARTER #1 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	Strange PHP error. PHP Code: <?php // Where the file is going to be placed temporarly $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file ????: NamePros.com http://www.namepros.com/programming/114050-strange-php-error.html $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); // getting the extention $pos = strpos($oldfile,".",0); ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); if(!$ext = "gif") { if(!$ext = "jpg") { if(!$ext = "png") { if(!$ext = "bmp") { echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } } } } //Check the size if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){ echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); } //new file name exmaple for a profile image of a user $newfile = Date("d:S:w:z:W:B:s:i") . "." . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; echo "<p>We reserve the right to delete any file on our server.</p>"; echo "<p><a href=\"Home.php\">Upload Another</a></p>"; } else{ echo "There was an error uploading the file, please try again!"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; } ?> EDIT: I just checked again and the whole page dosnt work so I edited it in. __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

08-09-2005, 09:10 AM	THREAD STARTER #3 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	sorry, should have metioned that. 1) it says all files i try to upload are over 1MB even when they're not. 2) it says the file upload failed if i disable the size checker. ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 i havent found any more errors yet. incase you need it heres the HTML of the form on Home.php thats sending the file: Code: <form action="upload.php" method="post" enctype="multipart/form-data" name="form1"> <table width="414" border="0"> <tr> <td width="158">File Location: </td> <td width="246"><input name="file" type="file" id="file"></td> </tr> </table> <p>* The file cannot exceed 1 mb.<br> Allowed file extensions are .gif, .jpg, .png and .bmp <br> </p> <p> <input type="submit" name="Submit" value="Upload File"> </p> </form> __________________ Website \| Blog** Arch Hurd developer; GNU Webmaster; FSF member #8385 Last edited by Mikor; 08-09-2005 at 09:13 AM.

08-09-2005, 09:19 AM	THREAD STARTER #5 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	1) ok, i tried what you said and it didnt work. 2) the size checker IF statement is PHP Code: `if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){ ????: NamePros.com http://www.namepros.com/showthread.php?t=114050` so if it was >= it would be "if filesize is not greater-than or equal to 1MB disallow it". (! does mean not dosnt it?) __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

08-09-2005, 09:20 AM	#6 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 907	Its because the code you have is comparing the file name and not the file size try this: PHP Code: `//Check the size if(!filesize($_FILES['uploadedfile']['size']) <= 1048576){ ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); }` __________________ Webmaster Words

08-09-2005, 09:20 AM	THREAD STARTER #7 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	ahhhh, i knew it would be some stupid mistake (like all my mistakes in php) ok, I messed arround with the syntax and I got PHP Code: `if(filesize($_FILES['uploadedfile']['size']) >= 1048576){ echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); }` which now works. but it still says there was an error uploading this file, also can someone tell me if me if the extension checker (in my first post, but i'll repost it now) would work? ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 PHP Code: // getting the extention $pos = strpos($oldfile,".",0); ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); if(!$ext = "gif") { if(!$ext = "jpg") { if(!$ext = "png") { if(!$ext = "bmp") { echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } } } } ATM whats its supposed to do is check if its not a gif, jpg, png or bmp it shows the error message. Im new to PHP so i just guessed at the code, hopefully I got it right. __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385 Last edited by Mikor; 08-09-2005 at 09:27 AM.

08-09-2005, 09:08 AM	#2 (permalink)
mholt DNOA Member Join Date: May 2004 Posts: 5,040	...what's your error?

08-09-2005, 09:13 AM	#4 (permalink)
mholt DNOA Member Join Date: May 2004 Posts: 5,040	Okay, so really what you want to do is fix the first error which will also fix the second one. Got it - you have <= in the size checker. You want >= lol right now it won't let files UNDER 1 MB in Yeah, change that

08-09-2005, 09:26 AM	#8 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 907	actaully i just realised my code is wrong it should be PHP Code: `//Check the size if($_FILES['uploadedfile']['size'] >= 1048576){ ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); }` have you check that you have permission to write to the upload directory __________________ Webmaster Words Last edited by Amnezia; 08-09-2005 at 09:30 AM.

08-09-2005, 09:28 AM	#9 (permalink)
mholt DNOA Member Join Date: May 2004 Posts: 5,040	That's still checking to see if it's SMALLER than 1 MB. You need to reverse the <= to be >=.

08-09-2005, 09:37 AM	#11 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 907	heres how i would test for the correct extension PHP Code: `$ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){ ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); }` __________________ Webmaster Words

08-09-2005, 09:43 AM	#13 (permalink)
mholt DNOA Member Join Date: May 2004 Posts: 5,040	Just check the MIME type... it's more secure

08-09-2005, 09:44 AM	#14 (permalink)
iNod Eating Pie Join Date: Nov 2004 Location: Canada Posts: 2,272	PHP Code: `if(!$ext = "gif") { if(!$ext = "jpg") { if(!$ext = "png") { if(!$ext = "bmp") { echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } } } }` That is abit to much eh? I would suggest using something like.. PHP Code: $FILE_EXTS = array('.zip','.jpg','.png','.gif','.bmp'); ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $FILE_MIMES = array('image/jpeg','image/jpg','image/gif' ,'image/png','application/msword'); $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 if(!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file type."); } The above basically sets an array which allows certain ext& MIME types in_array(); function basically checks to see if the file ext/MIME is there. In this case if it isn't there it reports an error (which is !'s fault) Regards, __________________ I feel old.

08-09-2005, 09:53 AM	THREAD STARTER #15 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	ok PHP Code: `// checking the extention ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $FILE_EXTS = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP'); $file_name = $_FILES['userfile']['name']; ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if(!in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file extension."); }` dosnt work, now i'll try PHP Code: `$FILE_EXTS = array('.zip','.jpg','.png','.gif','.bmp'); $FILE_MIMES = array('image/jpeg','image/jpg','image/gif' ,'image/png','application/msword'); $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if(!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file type."); }` EDIT: ok, neither work, is it something wrong with my form? Code: <form action="upload.php" method="post" enctype="multipart/form-data" name="form1"> <table width="414" border="0"> <tr> <td width="158">File Location: </td> <td width="246"><input name="file" type="file" id="file"></td> </tr> </table> <p>* The file cannot exceed 1 mb.<br> Allowed file extensions are .gif, .jpg, .png and .bmp <br> </p> <p> <input type="submit" name="Submit" value="Upload File"> </p> </form> __________________ Website \| Blog** Arch Hurd developer; GNU Webmaster; FSF member #8385

08-09-2005, 09:54 AM	#16 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 907	I think it could be because your trying to create a file with a : in the name __________________ Webmaster Words

08-09-2005, 09:57 AM	THREAD STARTER #17 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	wheres that? __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

08-09-2005, 09:57 AM	#18 (permalink)
mholt DNOA Member Join Date: May 2004 Posts: 5,040	Possible - : is an invalid character in filenames. When you go to rename the file to the date...

08-09-2005, 10:01 AM	THREAD STARTER #19 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	ok, i messed around with it (file extension still not working, so its disabled for now) heres teh current code PHP Code: <?php // Where the file is going to be placed temporarly $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); /// checking the extention $FILE_EXTS = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP'); $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if(!in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file extension."); }/ //Check the size if(filesize($_FILES['uploadedfile']['size']) >= 1048576){ die( "File too large!"); } //new file name exmaple for a profile image of a user ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $newfile = Rand(1,9999999999) . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; echo "<p>We reserve the right to delete any file on our server.</p>"; die( "<p><a href=\"Home.php\">Upload Another</a></p>"); } else{ echo "There was an error uploading the file, please try again!"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } ?> and it still dosnt work. __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385 Last edited by Mikor; 08-09-2005 at 10:05 AM.

08-09-2005, 10:05 AM	#20 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 907	ok this will work to check the extension PHP Code: `$ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){ ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); }` i missed the dots in the if statement full code PHP Code: <?php // Where the file is going to be placed temporarly $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); $ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){ echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } //Check the size if($_FILES['uploadedfile']['size']) >= 1048576){ die( "File too large!"); } //new file name exmaple for a profile image of a user $newfile = Rand(1,9999999999) . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 echo "<p>We reserve the right to delete any file on our server.</p>"; die( "<p><a href=\"Home.php\">Upload Another</a></p>"); } else{ echo "There was an error uploading the file, please try again!"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } ?> __________________ Webmaster Words Last edited by Amnezia; 08-09-2005 at 10:09 AM.

08-09-2005, 10:13 AM	THREAD STARTER #21 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	still saying invalid file extension for nomatter what file i try __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

08-09-2005, 10:53 AM	#22 (permalink)
mholt DNOA Member Join Date: May 2004 Posts: 5,040	... use MIME detection! It's more secure!!

08-09-2005, 11:04 AM	THREAD STARTER #23 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	ok, ive fixed everything except the uploading, heres the script: PHP Code: <?php // Where the file is going to be placed temporarly ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); // checking the extention $ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".GIF")&&(!$ext==".JPG")&&(!$ext==".PNG")&&(!$ext==".BMP")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".JPX")&&(!$ext==".JPE")){ echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png, .bmp, .jpx, .jpe, .GIF, .JPG, .PNG, .BMP, .JPX and .JPE</p>"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } //Check the size if($_FILES['uploadedfile']['size'] >= 1048576){ die( "File too large!"); } //new file name exmaple for a profile image of a user $newfile = Rand(1,9999999999) . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; echo "<p>We reserve the right to delete any file on our server.</p>"; die( "<p><a href=\"Home.php\">Upload Another</a></p>"); } else{ echo "There was an error uploading the file, please try again!"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } ?> now it returns the error: Code: Warning: move_uploaded_file(/uploads/1353736806.bmp) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\ISC\upload.php on line 33 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\DOCUME~1\Boys\LOCALS~1\Temp\php86.tmp' to '/uploads/1353736806.bmp' in C:\ISC\upload.php on line 33 if you want to test the script (on my pc) goto http://83.100.182.192 I should be hosting the script for the next few hours. __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385

08-09-2005, 11:13 AM	#24 (permalink)
RJ NamePros Webmaster Join Date: Feb 2003 Posts: 12,930 Follow @DomainBuyer	Try a different $target_path setting, such as $target_path = "C:\\ISC\\"; See if it works. __________________ @DomainBuyer facebook

08-09-2005, 11:15 AM	THREAD STARTER #25 (permalink)
Barrucadu Senior Member Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,689 Follow @barrucadu	yay! all working! but how would i replace the C:\ISC\Uploads\ to a relative directory e.g. \Uploads\ ? EDIT: ive changed the naming to PHP Code: `$newfile = Rand(1,9999999999) . reverse_strrchr($_FILES['uploadedfile']['name'],".") . $ext;` and the reverse_strrchr function mentioned is here PHP Code: `function reverse_strrchr($haystack, $needle) { $pos = strrpos($haystack, $needle); if($pos === false) { return $haystack; } return substr($haystack, 0, $pos + 1); }` how would i make that reverse_strrchr function not include the character searched for? e.g. i uploaded a test file land.bmp, the filename it gave it was http://www.ISC.tk/uploads/browseuplo...91359land..bmp i want to get rid of one of the .s there are 2, one from the extension and one from the reverse_strrchr. also the search page dosnt work, heres the php: PHP Code: <?php $form = "<form method=\"POST\" action=\"search.php\">"; $form .= "Search for: <input type=\"text\" name=\"criteria\"> <input type=\"Submit\" name=\"Submit\" value=\"Submit\">"; $form .= "</form>"; // check is user submitted, if not, show the form if ($_POST['Search'] != "Search") { echo $form; } else { $directory = "/uploads/"; if (is_dir($directory)) { $open_dir = opendir($directory); while (($file = readdir($open_dir)) !== false) ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 { // Place filenames into an array $files[] = $file; } closedir($open_dir); // files are in an array, check if search criteria meets any names in array if (in_array($_POST['criteria'], $files)) { foreach ($files AS $file_result) ????: NamePros.com http://www.namepros.com/showthread.php?t=114050 { if (stristr($file_result, $_POST['criteria'])) { echo "File Found : <a href = \"/uploads/browseupload.php?file=".$file_result.">View Result</a>"; } } } else { echo "Search Criteria not found<br /> Please try again<br /><br />"; echo $form; } } } ?> can someone fix that? __________________ Website \| Blog Arch Hurd developer; GNU Webmaster; FSF member #8385 Last edited by Mikor; 08-09-2005 at 11:26 AM.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Tutorial: Getting started with PHP (The Basics)	deadserious	Webmaster Tutorials	60	11-17-2007 12:35 PM
Googlism - What does google think of you?	deadserious	The Break Room	55	12-15-2005 10:09 AM
PHP Error	Unknown	Programming	3	01-25-2005 10:06 PM