PHP file uploading

[SiKing]

Hey, sorry to bother you guys. I'm trying to use PHP to upload music to my server. (it's currently set to image files because I have no audio files on my laptop and I need to test the script). However, I keep getting the error whenever I submit the form. It stores the data in the database but doesnt store the file on the server. And since adding the enctype to the form, all the $_POST variables are empty. $NP and reputation for anyone who can solve this problem or suggest a script which will enable me to upload a music file with another field for the title of the file.

<?
session_start();
if (!isset($_SESSION['logged_in'])) {
echo '<script>alert("You must be logged in to view this page.");</script>';
				echo '<script>history.back(1);</script>';
				exit;
				}
include("config.php");
include("includes/userinfo.php");
if ($artist == "") {
echo "<p>You must be registered as an artist to view this page.</p> <p><a href='index.php'>Return</a></p>"; }

		
$pagetitle = "Upload a file";

if ($_POST['submit'])
{
$file=addslashes($_POST['userfile']);
$title=addslashes($_POST['title']);

if ( empty($file) || empty($title) )
{

echo '<script>alert("One or more fields were left empty, please try again.");</script>';
echo '<script>history.back(1);</script>';
exit;

}





$query = "INSERT INTO files (id, title, file, artist, submit) VALUES 
('', '$title', '$file', '$artist', '" . $_SESSION['logged_in'] . "')";

$results = mysql_query($query);
echo mysql_error();


################################################

$path = "uploads/";
$max_size = 200000;


if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {}

if ($HTTP_POST_FILES['userfile']['size']>$max_size) { echo "The file is too big<br>\n"; exit; }
if (($HTTP_POST_FILES['userfile']['type']=="image/gif") || ($HTTP_POST_FILES['userfile']['type']=="image/pjpeg") || ($HTTP_POST_FILES['userfile']['type']=="image/jpeg")) {}

if (file_exists($path . $HTTP_POST_FILES['userfile']['name'])) { echo "The file already exists<br>\n"; exit; }

$res = copy($HTTP_POST_FILES['userfile']['tmp_name'], $path .
$HTTP_POST_FILES['userfile']['name']);

################################################




if ($results && $res)
{
include("head.php");
echo "<h1>Success</h1><p>The file was successfully uploaded.</p><p><a href='artistarea.php'>Return</a>";
include("foot.php");
}
else
{
include("head.php");
echo "<h1>Error</h1><p>There was an error uploading the file, please try again or <a href='contact.php'>contact</a> the administrator.</p>";
include("foot.php");
}

mysql_close();
}

else
{
include("head.php");
echo "
<h1>Upload a song/video</h1>
<form  method='post' action='upload.php'>
<table width='447' border='0' cellspacing='0' cellpadding='0'>
  <tr>
    <td height='44'>File</td>
    <td><input type='file' name='userfile' class='inputbox'></td>
  </tr>
  <tr>
    <td height='48'>Title of song/video </td>
    <td><input type='text' name='title' class='inputbox'></td>
  </tr>
  <tr>
    <td> </td>
    <td><input type='submit' name='submit' value='Submit'></td>
  </tr>
  <tr>
    <td> </td>
    <td> </td>
  </tr>
</table>


</form>

";
include("foot.php");
}
?>

Is the script at the moment

Thanks in advance.

 

[Peter]

what version of php are you using?
what error message do you get?
what is the chmod value of the folder in which you are moving the files too?
Have you ensured the tmp folder has the correct permissions ans is setup correctly in php?

 

[SiKing]

what version of php are you using?
what error message do you get?
what is the chmod value of the folder in which you are moving the files too?
Have you ensured the tmp folder has the correct permissions ans is setup correctly in php?

PHP Version 4.3.11

Error is the one in the PHP script - "There was an error uploading the file, please try again or contact the administrator."

CHMOD - 0777

how do I check the temp folder?



Thanks filth.

 

[Peter]

in versions above 4.1 you should be using $_FILES instead of $HTTP_POST_FILES

try making path an absolute path on your server instead of relative to the script.

Also in the query:-

$query = "INSERT INTO files (id, title, file, artist, submit) VALUES
('', '$title', '$file', '$artist', '" . $_SESSION['logged_in'] . "')";

what are you trying to do? Are you actually trying to upload the file into the database or the name because that is not how you would go about inserting the name.

It would also be a better idea to insert the details into the database after the file has been moved, there is more potential to go wrong with copying the file than there is uploading data to the database.

Another note, have you checked the value of register globals as I have noticed you are using addslashes(). If register globals is turned on you could be causing problems with the script you should check the value of register globals THEn decide on how to treat the data.

 

[SiKing]

in versions above 4.1 you should be using $_FILES instead of $HTTP_POST_FILES

try making path an absolute path on your server instead of relative to the script.

Also in the query:-

$query = "INSERT INTO files (id, title, file, artist, submit) VALUES
('', '$title', '$file', '$artist', '" . $_SESSION['logged_in'] . "')";

what are you trying to do? Are you actually trying to upload the file into the database or the name because that is not how you would go about inserting the name.

Well I've only just learnt PHP so I probably seem very stupid towards all this. The 'INSERT' statement just basically stores the details of the file and this works exactly how I want it to. The $_SESSION['logged_in'] is the username which the user logged in with so that i know who submitted the file.

I'll try using $_FILES like you said.

Thanks

EDIT: Actually on second thoughts - my max upload limit is 2mb so that's kinda destroyed my idea of music downloads. Thanks anyway filth

 

[Peter]

Depending on your host you may be able to increase that using htaccess

 

[Eric]

Depending on your host you may be able to increase that using htaccess

Or...

<?php

ini_set('upload_max_filesize', '2M');

?>

2M(megabytes) is the default. Just change to whatever you need it to be. After script execution, it will be restored to the default value.

 

[Peter]

will setting it in the script have any affect??

Although some directives like this can be set per script they do not work. For example register_globals, changing this in the script has no affect as what the server does has already taken place by the time the script has run, I beleive it may be the same for upload_max_filesize.

 

[Eric]

Also, you may have to change the post_max_size and/or memory_limit. They default to 8M.

<?php

ini_set('memory_limi', '8M');
ini_set('post_max_size', '8M');

?>

Plus....lol....max_execution_time which defaults to 30 seconds

<?php

ini_set('max_execution_time', '30');

?>

Most can be set at runtime..

 

[Peter]

just had a look at http://uk.php.net/manual/en/ini.php#ini.list and upload_max_filesize can only be changed in php.ini, .htaccess or httpd.conf.

The same goes for post_max_size