Strange PHP error.

Barrucadu · 08-09-2005, 08:03 AM

PHP Code:

  <?php

 // Where the file is going to be placed temporarly

$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

 
$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);

 
// getting the extention

$pos = strpos($oldfile,".",0);

$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," ");

 
if(!$ext = "gif") {

    if(!$ext = "jpg") {

        if(!$ext = "png") {

            if(!$ext = "bmp") {

                echo "Dissallowed File Extension!";

                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

                echo "<p><a href=\"Home.php\">Try Again</a></p>";

                die();

            }

        }

    }

}

 
//Check the size

if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){

    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

//new file name exmaple for a profile image of a user

$newfile = Date("d:S:w:z:W:B:s:i") . "." . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

     echo "<p>We reserve the right to delete any file on our server.</p>"; 

     echo "<p><a href=\"Home.php\">Upload Another</a></p>";

} else{

     echo "There was an error uploading the file, please try again!";

     echo "<p><a href=\"Home.php\">Try Again</a></p>";

}

?>

EDIT: I just checked again and the whole page dosnt work so I edited it in.

mholt · 08-09-2005, 08:08 AM

...what's your error?

Barrucadu · 08-09-2005, 08:10 AM

sorry, should have metioned that.

1) it says all files i try to upload are over 1MB even when they're not.
2) it says the file upload failed if i disable the size checker.

i havent found any more errors yet.

incase you need it heres the HTML of the form on Home.php thats sending the file:

Code:

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

mholt · 08-09-2005, 08:13 AM

Okay, so really what you want to do is fix the first error which will also fix the second one.

Got it - you have <= in the size checker. You want >=

*lol* right now it won't let files UNDER 1 MB in

Yeah, change that

Barrucadu · 08-09-2005, 08:19 AM

1) ok, i tried what you said and it didnt work.
2) the size checker IF statement is

PHP Code:

  if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){

so if it was >= it would be "if filesize is not greater-than or equal to 1MB disallow it". (! does mean not dosnt it?)

Amnezia · 08-09-2005, 08:20 AM

Its because the code you have is comparing the file name and not the file size

try this:

PHP Code:

  //Check the size

if(!filesize($_FILES['uploadedfile']['size']) <= 1048576){

    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

Barrucadu · 08-09-2005, 08:20 AM

ahhhh, i knew it would be some stupid mistake (like all my mistakes in php)

ok, I messed arround with the syntax and I got

PHP Code:

  if(filesize($_FILES['uploadedfile']['size']) >= 1048576){

    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

which now works. but it still says there was an error uploading this file, also can someone tell me if me if the extension checker (in my first post, but i'll repost it now) would work?

PHP Code:

  // getting the extention

$pos = strpos($oldfile,".",0);

$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); 

if(!$ext = "gif") {

    if(!$ext = "jpg") {

        if(!$ext = "png") {

            if(!$ext = "bmp") {

                echo "Dissallowed File Extension!";

                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

                echo "<p><a href=\"Home.php\">Try Again</a></p>";

                die();

            }

        }

    }

}

ATM whats its supposed to do is check if its not a gif, jpg, png or bmp it shows the error message. Im new to PHP so i just guessed at the code, hopefully I got it right.

Amnezia · 08-09-2005, 08:26 AM

actaully i just realised my code is wrong it should be

PHP Code:

  //Check the size

if($_FILES['uploadedfile']['size'] >= 1048576){

    echo "File too large!";

    echo "<p>Maximum size is 1MB</p>";

    die();

}

have you check that you have permission to write to the upload directory

mholt · 08-09-2005, 08:28 AM

That's still checking to see if it's SMALLER than 1 MB.

You need to reverse the <= to be >=.

Barrucadu · 08-09-2005, 08:30 AM

Quote:

Originally Posted by Amnezia

have you check that you have permission to write to the upload directory

should have, its on my pc.

Amnezia · 08-09-2005, 08:37 AM

heres how i would test for the correct extension

PHP Code:

  $ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
}

Barrucadu · 08-09-2005, 08:42 AM

Quote:

Originally Posted by Amnezia

heres how i would test for the correct extension

PHP Code:

  $ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
}

hmmm... when i run it it seams to skip the extension checking... it just says "File Upload Failed"

mholt · 08-09-2005, 08:43 AM

Just check the MIME type... it's more secure

iNod · 08-09-2005, 08:44 AM

PHP Code:

  if(!$ext = "gif") {

    if(!$ext = "jpg") {

        if(!$ext = "png") {

            if(!$ext = "bmp") {

                echo "Dissallowed File Extension!";

                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

                echo "<p><a href=\"Home.php\">Try Again</a></p>";

                die();

            }

        }

    }

}

That is abit to much eh? I would suggest using something like..

PHP Code:

  $FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp'); 

$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'

                   ,'image/png','application/msword');

 
$file_type = $_FILES['userfile']['type']; 

$file_name = $_FILES['userfile']['name'];

$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

 
if(!in_array($file_type, $FILE_MIMES) 

          && !in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file type.");

}

The above basically sets an array which allows certain ext& MIME types in_array(); function basically checks to see if the file ext/MIME is there. In this case if it isn't there it reports an error (which is !'s fault)

Regards,

Barrucadu · 08-09-2005, 08:53 AM

ok

PHP Code:

  // checking the extention

$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');

$file_name = $_FILES['userfile']['name'];

$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

 
if(!in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file extension.");

}

dosnt work, now i'll try

PHP Code:

   $FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp');

$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'

                   ,'image/png','application/msword');

 
$file_type = $_FILES['userfile']['type'];

$file_name = $_FILES['userfile']['name'];

$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

 
if(!in_array($file_type, $FILE_MIMES)

          && !in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file type.");

}

EDIT:

ok, neither work, is it something wrong with my form?

Code:

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

Amnezia · 08-09-2005, 08:54 AM

I think it could be because your trying to create a file with a : in the name

Barrucadu · 08-09-2005, 08:57 AM

wheres that?

mholt · 08-09-2005, 08:57 AM

Possible - : is an invalid character in filenames.

When you go to rename the file to the date...

Barrucadu · 08-09-2005, 09:01 AM

ok, i messed around with it (file extension still not working, so its disabled for now) heres teh current code

PHP Code:

  <?php

 // Where the file is going to be placed temporarly

$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

 
$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);

 
/*// checking the extention

$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');

$file_name = $_FILES['userfile']['name'];

$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

 
if(!in_array($file_ext, $FILE_EXTS)) {

   Die( "Disallowed file extension.");

}*/

 
//Check the size

if(filesize($_FILES['uploadedfile']['size']) >= 1048576){

    die( "File too large!");

}

//new file name exmaple for a profile image of a user

$newfile = Rand(1,9999999999) . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

     echo "<p>We reserve the right to delete any file on our server.</p>"; 

     die( "<p><a href=\"Home.php\">Upload Another</a></p>");

} else{

     echo "There was an error uploading the file, please try again!";

     die( "<p><a href=\"Home.php\">Try Again</a></p>");

}

?>

and it still dosnt work.

Amnezia · 08-09-2005, 09:05 AM

ok this will work to check the extension

PHP Code:

   
 $ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
}

i missed the dots in the if statement

full code

PHP Code:

  
<?php

// Where the file is going to be placed temporarly

$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

 
$target_path = "/uploads/";

 
$oldfile =  basename($_FILES['uploadedfile']['name']);

 
$ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";

   echo "<p><a href=\"Home.php\">Try Again</a></p>";

   die();

 
} 

//Check the size

if($_FILES['uploadedfile']['size']) >= 1048576){

    die( "File too large!");

}

//new file name exmaple for a profile image of a user

$newfile = Rand(1,9999999999) . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

     echo "<p>We reserve the right to delete any file on our server.</p>";

     die( "<p><a href=\"Home.php\">Upload Another</a></p>");

} else{

     echo "There was an error uploading the file, please try again!";

     die( "<p><a href=\"Home.php\">Try Again</a></p>");

}

?>

Barrucadu · 08-09-2005, 09:13 AM

still saying invalid file extension for nomatter what file i try

mholt · 08-09-2005, 09:53 AM

... use MIME detection! It's more secure!!

Barrucadu · 08-09-2005, 10:04 AM

ok, ive fixed everything except the uploading, heres the script:

PHP Code:

  <?php

 // Where the file is going to be placed temporarly

$target_path = "/";

 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

 
$_FILES['uploadedfile']['tmp_name']; // temp file

 
$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);

 
// checking the extention

$ext = strrchr($_FILES['uploadedfile']['name'], '.');

 
if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".GIF")&&(!$ext==".JPG")&&(!$ext==".PNG")&&(!$ext==".BMP")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".JPX")&&(!$ext==".JPE")){

 
   echo "Dissallowed File Extension!";

   echo "<p>Allowed extensions are .gif, .jpg, .png, .bmp, .jpx, .jpe, .GIF, .JPG, .PNG, .BMP, .JPX and .JPE</p>";

   die( "<p><a href=\"Home.php\">Try Again</a></p>");

 
} 

 
//Check the size

if($_FILES['uploadedfile']['size'] >= 1048576){

    die( "File too large!");

}

//new file name exmaple for a profile image of a user

$newfile = Rand(1,9999999999) . $ext;

 
// move the file to the final destination

$target_path = $target_path . basename($newfile);

 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";

     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";

     echo "<p>We reserve the right to delete any file on our server.</p>"; 

     die( "<p><a href=\"Home.php\">Upload Another</a></p>");

} else{

     echo "There was an error uploading the file, please try again!";

     die( "<p><a href=\"Home.php\">Try Again</a></p>");

}

?>

now it returns the error:

Code:

Warning: move_uploaded_file(/uploads/1353736806.bmp) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\ISC\upload.php on line 33

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\DOCUME~1\Boys\LOCALS~1\Temp\php86.tmp' to '/uploads/1353736806.bmp' in C:\ISC\upload.php on line 33

if you want to test the script (on my pc) goto http://83.100.182.192 I should be hosting the script for the next few hours.

RJ · 08-09-2005, 10:13 AM

Try a different $target_path setting, such as
$target_path = "C:\\ISC\\";

See if it works.

Barrucadu · 08-09-2005, 10:15 AM

yay! all working! but how would i replace the C:\ISC\Uploads\ to a relative directory e.g. \Uploads\ ?

EDIT:

ive changed the naming to

PHP Code:

  $newfile = Rand(1,9999999999) . reverse_strrchr($_FILES['uploadedfile']['name'],".") . $ext;

and the reverse_strrchr function mentioned is here

PHP Code:

  function reverse_strrchr($haystack, $needle)

{

   $pos = strrpos($haystack, $needle);

   if($pos === false) {

       return $haystack;

   }

   return substr($haystack, 0, $pos + 1);

}

how would i make that reverse_strrchr function not include the character searched for? e.g. i uploaded a test file land.bmp, the filename it gave it was http://www.ISC.tk/uploads/browseuplo...91359land..bmp i want to get rid of one of the .s there are 2, one from the extension and one from the reverse_strrchr.

also the search page dosnt work, heres the php:

PHP Code:

  <?php

 
$form = "<form method=\"POST\" action=\"search.php\">";

$form .= "Search for: <input type=\"text\" name=\"criteria\">

             <input type=\"Submit\" name=\"Submit\" value=\"Submit\">";

$form .= "</form>";

 
// check is user submitted, if not, show the form

if ($_POST['Search'] != "Search")

{

    echo $form;

}

else

{

 
$directory = "/uploads/";

 
if (is_dir($directory))

{

   $open_dir = opendir($directory);

    while (($file = readdir($open_dir)) !== false)

    {

        // Place filenames into an array

        $files[] = $file;

    }

    closedir($open_dir);

 
    // files are in an array, check if search criteria meets any names in array

    if (in_array($_POST['criteria'], $files))

    {

        foreach ($files AS $file_result)

        {

            if (stristr($file_result, $_POST['criteria']))

            {

                echo "File Found : <a href = \"/uploads/browseupload.php?file=".$file_result.">View Result</a>";

            }

        }

    }

    else

    {

        echo "Search Criteria not found<br /> Please try again<br /><br />";

        echo $form;

    }

}

 
}

 
?>

can someone fix that?

08-09-2005, 08:03 AM	#1 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	Strange PHP error. PHP Code: <?php // Where the file is going to be placed temporarly $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); // getting the extention $pos = strpos($oldfile,".",0); $ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); if(!$ext = "gif") { if(!$ext = "jpg") { if(!$ext = "png") { if(!$ext = "bmp") { echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } } } } //Check the size if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){ echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); } //new file name exmaple for a profile image of a user $newfile = Date("d:S:w:z:W:B:s:i") . "." . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; echo "<p>We reserve the right to delete any file on our server.</p>"; echo "<p><a href=\"Home.php\">Upload Another</a></p>"; } else{ echo "There was an error uploading the file, please try again!"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; } ?> EDIT: I just checked again and the whole page dosnt work so I edited it in. __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com

08-09-2005, 08:08 AM	#2 (permalink)
mholt DNOA Member Join Date: May 2004 Location: Utah Posts: 5,041 18.01 NP$ (Donate)	...what's your error? __________________ codeboards A high-quality community of programmers -- Join today and post! We want new members!

08-09-2005, 08:10 AM	#3 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	sorry, should have metioned that. 1) it says all files i try to upload are over 1MB even when they're not. 2) it says the file upload failed if i disable the size checker. i havent found any more errors yet. incase you need it heres the HTML of the form on Home.php thats sending the file: Code: <form action="upload.php" method="post" enctype="multipart/form-data" name="form1"> <table width="414" border="0"> <tr> <td width="158">File Location: </td> <td width="246"><input name="file" type="file" id="file"></td> </tr> </table> <p>* The file cannot exceed 1 mb.<br> Allowed file extensions are .gif, .jpg, .png and .bmp <br> </p> <p> <input type="submit" name="Submit" value="Upload File"> </p> </form> __________________ Website \| Blog \| Uzbl (my branch)** 9thSeptember2009.com Last edited by Mikor; 08-09-2005 at 08:13 AM.

08-09-2005, 08:13 AM	#4 (permalink)
mholt DNOA Member Join Date: May 2004 Location: Utah Posts: 5,041 18.01 NP$ (Donate)	Okay, so really what you want to do is fix the first error which will also fix the second one. Got it - you have <= in the size checker. You want >= lol right now it won't let files UNDER 1 MB in Yeah, change that __________________ codeboards A high-quality community of programmers -- Join today and post! We want new members!

08-09-2005, 08:19 AM	#5 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	1) ok, i tried what you said and it didnt work. 2) the size checker IF statement is PHP Code: `if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){` so if it was >= it would be "if filesize is not greater-than or equal to 1MB disallow it". (! does mean not dosnt it?) __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com

08-09-2005, 08:20 AM	#6 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 908 13.25 NP$ (Donate)	Its because the code you have is comparing the file name and not the file size try this: PHP Code: `//Check the size if(!filesize($_FILES['uploadedfile']['size']) <= 1048576){ echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); }` __________________ [http://www.webmasterwords.com/python-split-and-join-examples]Python Tutorials[/url]

08-09-2005, 08:20 AM	#7 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	ahhhh, i knew it would be some stupid mistake (like all my mistakes in php) ok, I messed arround with the syntax and I got PHP Code: `if(filesize($_FILES['uploadedfile']['size']) >= 1048576){ echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); }` which now works. but it still says there was an error uploading this file, also can someone tell me if me if the extension checker (in my first post, but i'll repost it now) would work? PHP Code: // getting the extention $pos = strpos($oldfile,".",0); $ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); if(!$ext = "gif") { if(!$ext = "jpg") { if(!$ext = "png") { if(!$ext = "bmp") { echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } } } } ATM whats its supposed to do is check if its not a gif, jpg, png or bmp it shows the error message. Im new to PHP so i just guessed at the code, hopefully I got it right. __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com Last edited by Mikor; 08-09-2005 at 08:27 AM.

08-09-2005, 08:26 AM	#8 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 908 13.25 NP$ (Donate)	actaully i just realised my code is wrong it should be PHP Code: `//Check the size if($_FILES['uploadedfile']['size'] >= 1048576){ echo "File too large!"; echo "<p>Maximum size is 1MB</p>"; die(); }` have you check that you have permission to write to the upload directory __________________ [http://www.webmasterwords.com/python-split-and-join-examples]Python Tutorials[/url] Last edited by Amnezia; 08-09-2005 at 08:30 AM.

08-09-2005, 08:28 AM	#9 (permalink)
mholt DNOA Member Join Date: May 2004 Location: Utah Posts: 5,041 18.01 NP$ (Donate)	That's still checking to see if it's SMALLER than 1 MB. You need to reverse the <= to be >=. __________________ codeboards A high-quality community of programmers -- Join today and post! We want new members!

08-09-2005, 08:37 AM	#11 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 908 13.25 NP$ (Donate)	heres how i would test for the correct extension PHP Code: `$ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){ echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); }` __________________ [http://www.webmasterwords.com/python-split-and-join-examples]Python Tutorials[/url]

08-09-2005, 08:43 AM	#13 (permalink)
mholt DNOA Member Join Date: May 2004 Location: Utah Posts: 5,041 18.01 NP$ (Donate)	Just check the MIME type... it's more secure __________________ codeboards A high-quality community of programmers -- Join today and post! We want new members!

08-09-2005, 08:44 AM	#14 (permalink)
iNod Eating Pie Join Date: Nov 2004 Location: Canada Posts: 2,289 126.05 NP$ (Donate)	PHP Code: `if(!$ext = "gif") { if(!$ext = "jpg") { if(!$ext = "png") { if(!$ext = "bmp") { echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } } } }` That is abit to much eh? I would suggest using something like.. PHP Code: `$FILE_EXTS = array('.zip','.jpg','.png','.gif','.bmp'); $FILE_MIMES = array('image/jpeg','image/jpg','image/gif' ,'image/png','application/msword'); $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if(!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file type."); }` The above basically sets an array which allows certain ext& MIME types in_array(); function basically checks to see if the file ext/MIME is there. In this case if it isn't there it reports an error (which is !'s fault) Regards, __________________ I feel old.

08-09-2005, 08:53 AM	#15 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	ok PHP Code: `// checking the extention $FILE_EXTS = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP'); $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if(!in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file extension."); }` dosnt work, now i'll try PHP Code: `$FILE_EXTS = array('.zip','.jpg','.png','.gif','.bmp'); $FILE_MIMES = array('image/jpeg','image/jpg','image/gif' ,'image/png','application/msword'); $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if(!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file type."); }` EDIT: ok, neither work, is it something wrong with my form? Code: <form action="upload.php" method="post" enctype="multipart/form-data" name="form1"> <table width="414" border="0"> <tr> <td width="158">File Location: </td> <td width="246"><input name="file" type="file" id="file"></td> </tr> </table> <p>* The file cannot exceed 1 mb.<br> Allowed file extensions are .gif, .jpg, .png and .bmp <br> </p> <p> <input type="submit" name="Submit" value="Upload File"> </p> </form> __________________ Website \| Blog \| Uzbl (my branch)** 9thSeptember2009.com

08-09-2005, 08:54 AM	#16 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 908 13.25 NP$ (Donate)	I think it could be because your trying to create a file with a : in the name __________________ [http://www.webmasterwords.com/python-split-and-join-examples]Python Tutorials[/url]

08-09-2005, 08:57 AM	#17 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	wheres that? __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com

08-09-2005, 08:57 AM	#18 (permalink)
mholt DNOA Member Join Date: May 2004 Location: Utah Posts: 5,041 18.01 NP$ (Donate)	Possible - : is an invalid character in filenames. When you go to rename the file to the date... __________________ codeboards A high-quality community of programmers -- Join today and post! We want new members!

08-09-2005, 09:01 AM	#19 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	ok, i messed around with it (file extension still not working, so its disabled for now) heres teh current code PHP Code: <?php // Where the file is going to be placed temporarly $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); /// checking the extention $FILE_EXTS = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP'); $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if(!in_array($file_ext, $FILE_EXTS)) { Die( "Disallowed file extension."); }/ //Check the size if(filesize($_FILES['uploadedfile']['size']) >= 1048576){ die( "File too large!"); } //new file name exmaple for a profile image of a user $newfile = Rand(1,9999999999) . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; echo "<p>We reserve the right to delete any file on our server.</p>"; die( "<p><a href=\"Home.php\">Upload Another</a></p>"); } else{ echo "There was an error uploading the file, please try again!"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } ?> and it still dosnt work. __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com Last edited by Mikor; 08-09-2005 at 09:05 AM.

08-09-2005, 09:05 AM	#20 (permalink)
Amnezia Professional Monkey Join Date: Jul 2005 Location: Escaped from the zoo Posts: 908 13.25 NP$ (Donate)	ok this will work to check the extension PHP Code: `$ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){ echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); }` i missed the dots in the if statement full code PHP Code: <?php // Where the file is going to be placed temporarly $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); $ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){ echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; echo "<p><a href=\"Home.php\">Try Again</a></p>"; die(); } //Check the size if($_FILES['uploadedfile']['size']) >= 1048576){ die( "File too large!"); } //new file name exmaple for a profile image of a user $newfile = Rand(1,9999999999) . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; echo "<p>We reserve the right to delete any file on our server.</p>"; die( "<p><a href=\"Home.php\">Upload Another</a></p>"); } else{ echo "There was an error uploading the file, please try again!"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } ?> __________________ [http://www.webmasterwords.com/python-split-and-join-examples]Python Tutorials[/url] Last edited by Amnezia; 08-09-2005 at 09:09 AM.

08-09-2005, 09:13 AM	#21 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	still saying invalid file extension for nomatter what file i try __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com

08-09-2005, 09:53 AM	#22 (permalink)
mholt DNOA Member Join Date: May 2004 Location: Utah Posts: 5,041 18.01 NP$ (Donate)	... use MIME detection! It's more secure!! __________________ codeboards A high-quality community of programmers -- Join today and post! We want new members!

08-09-2005, 10:04 AM	#23 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	ok, ive fixed everything except the uploading, heres the script: PHP Code: <?php // Where the file is going to be placed temporarly $target_path = "/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; // temp file $target_path = "/uploads/"; $oldfile = basename($_FILES['uploadedfile']['name']); // checking the extention $ext = strrchr($_FILES['uploadedfile']['name'], '.'); if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".GIF")&&(!$ext==".JPG")&&(!$ext==".PNG")&&(!$ext==".BMP")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".JPX")&&(!$ext==".JPE")){ echo "Dissallowed File Extension!"; echo "<p>Allowed extensions are .gif, .jpg, .png, .bmp, .jpx, .jpe, .GIF, .JPG, .PNG, .BMP, .JPX and .JPE</p>"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } //Check the size if($_FILES['uploadedfile']['size'] >= 1048576){ die( "File too large!"); } //new file name exmaple for a profile image of a user $newfile = Rand(1,9999999999) . $ext; // move the file to the final destination $target_path = $target_path . basename($newfile); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>"; echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>"; echo "<p>We reserve the right to delete any file on our server.</p>"; die( "<p><a href=\"Home.php\">Upload Another</a></p>"); } else{ echo "There was an error uploading the file, please try again!"; die( "<p><a href=\"Home.php\">Try Again</a></p>"); } ?> now it returns the error: Code: Warning: move_uploaded_file(/uploads/1353736806.bmp) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\ISC\upload.php on line 33 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\DOCUME~1\Boys\LOCALS~1\Temp\php86.tmp' to '/uploads/1353736806.bmp' in C:\ISC\upload.php on line 33 if you want to test the script (on my pc) goto http://83.100.182.192 I should be hosting the script for the next few hours. __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com

08-09-2005, 10:13 AM	#24 (permalink)
RJ NamePros Founder Administrator Join Date: Feb 2003 Location: Bay Area, CA Posts: 13,173 104,451.68 NP$ (Donate)	Try a different $target_path setting, such as $target_path = "C:\\ISC\\"; See if it works.

08-09-2005, 10:15 AM	#25 (permalink)
Barrucadu Barru. Join Date: Aug 2005 Location: East Yorkshire, England Posts: 2,731 78.50 NP$ (Donate)	yay! all working! but how would i replace the C:\ISC\Uploads\ to a relative directory e.g. \Uploads\ ? EDIT: ive changed the naming to PHP Code: `$newfile = Rand(1,9999999999) . reverse_strrchr($_FILES['uploadedfile']['name'],".") . $ext;` and the reverse_strrchr function mentioned is here PHP Code: `function reverse_strrchr($haystack, $needle) { $pos = strrpos($haystack, $needle); if($pos === false) { return $haystack; } return substr($haystack, 0, $pos + 1); }` how would i make that reverse_strrchr function not include the character searched for? e.g. i uploaded a test file land.bmp, the filename it gave it was http://www.ISC.tk/uploads/browseuplo...91359land..bmp i want to get rid of one of the .s there are 2, one from the extension and one from the reverse_strrchr. also the search page dosnt work, heres the php: PHP Code: <?php $form = "<form method=\"POST\" action=\"search.php\">"; $form .= "Search for: <input type=\"text\" name=\"criteria\"> <input type=\"Submit\" name=\"Submit\" value=\"Submit\">"; $form .= "</form>"; // check is user submitted, if not, show the form if ($_POST['Search'] != "Search") { echo $form; } else { $directory = "/uploads/"; if (is_dir($directory)) { $open_dir = opendir($directory); while (($file = readdir($open_dir)) !== false) { // Place filenames into an array $files[] = $file; } closedir($open_dir); // files are in an array, check if search criteria meets any names in array if (in_array($_POST['criteria'], $files)) { foreach ($files AS $file_result) { if (stristr($file_result, $_POST['criteria'])) { echo "File Found : <a href = \"/uploads/browseupload.php?file=".$file_result.">View Result</a>"; } } } else { echo "Search Criteria not found<br /> Please try again<br /><br />"; echo $form; } } } ?> can someone fix that? __________________ Website \| Blog \| Uzbl (my branch) 9thSeptember2009.com Last edited by Mikor; 08-09-2005 at 10:26 AM.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Tutorial: Getting started with PHP (The Basics)	deadserious	Webmaster Tutorials	60	11-17-2007 11:35 AM
Googlism - What does google think of you?	deadserious	The Break Room	55	12-15-2005 09:09 AM
PHP Error	Unknown	Programming	3	01-25-2005 09:06 PM

Administrator