Strange PHP error.

[Barrucadu]

<?php
 // Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";
$oldfile =  basename($_FILES['uploadedfile']['name']);

// getting the extention
$pos = strpos($oldfile,".",0);
$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," ");

if(!$ext = "gif") {
	if(!$ext = "jpg") {
		if(!$ext = "png") {
			if(!$ext = "bmp") {
				echo "Dissallowed File Extension!";
				echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
				echo "<p><a href=\"Home.php\">Try Again</a></p>";
				die();
			}
		}
	}
}

//Check the size
if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}
//new file name exmaple for a profile image of a user
$newfile = Date("d:S:w:z:W:B:s:i") . "." . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
	 echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
	 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
	 echo "<p>We reserve the right to delete any file on our server.</p>"; 
	 echo "<p><a href=\"Home.php\">Upload Another</a></p>";
} else{
     echo "There was an error uploading the file, please try again!";
	 echo "<p><a href=\"Home.php\">Try Again</a></p>";
}
?>

EDIT: I just checked again and the whole page dosnt work so I edited it in.

 

[user-7256]

...what's your error?

 

[Barrucadu]

sorry, should have metioned that.

1) it says all files i try to upload are over 1MB even when they're not.
2) it says the file upload failed if i disable the size checker.

i havent found any more errors yet.

incase you need it heres the HTML of the form on Home.php thats sending the file:

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

 

[user-7256]

Okay, so really what you want to do is fix the first error which will also fix the second one.

Got it - you have <= in the size checker. You want >=

*lol* right now it won't let files UNDER 1 MB in :D Yeah, change that

 

[Barrucadu]

1) ok, i tried what you said and it didnt work.
2) the size checker IF statement is

if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){

so if it was >= it would be "if filesize is not greater-than or equal to 1MB disallow it". (! does mean not dosnt it?)

 

[Amnezia]

Its because the code you have is comparing the file name and not the file size

try this:

//Check the size
if(!filesize($_FILES['uploadedfile']['size']) <= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}

 

[Barrucadu]

ahhhh, i knew it would be some stupid mistake (like all my mistakes in php)

ok, I messed arround with the syntax and I got

if(filesize($_FILES['uploadedfile']['size']) >= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}

which now works. but it still says there was an error uploading this file, also can someone tell me if me if the extension checker (in my first post, but i'll repost it now) would work?

// getting the extention
$pos = strpos($oldfile,".",0);
$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); 
if(!$ext = "gif") {
	if(!$ext = "jpg") {
		if(!$ext = "png") {
			if(!$ext = "bmp") {
				echo "Dissallowed File Extension!";
				echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
				echo "<p><a href=\"Home.php\">Try Again</a></p>";
				die();
			}
		}
	}
}

ATM whats its supposed to do is check if its not a gif, jpg, png or bmp it shows the error message. Im new to PHP so i just guessed at the code, hopefully I got it right.

 

[Amnezia]

actaully i just realised my code is wrong it should be

//Check the size
if($_FILES['uploadedfile']['size'] >= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}

have you check that you have permission to write to the upload directory

 

[user-7256]

That's still checking to see if it's SMALLER than 1 MB.

You need to reverse the <= to be >=.

 

[Barrucadu]

have you check that you have permission to write to the upload directory

should have, its on my pc.

 

[Amnezia]

heres how i would test for the correct extension

$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

}

 

[Barrucadu]

heres how i would test for the correct extension

$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

}

hmmm... when i run it it seams to skip the extension checking... it just says "File Upload Failed"

 

[user-7256]

Just check the MIME type... it's more secure

 

[iNod]

if(!$ext = "gif") {
    if(!$ext = "jpg") {
        if(!$ext = "png") {
            if(!$ext = "bmp") {
                echo "Dissallowed File Extension!";
                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
                echo "<p><a href=\"Home.php\">Try Again</a></p>";
                die();
            }
        }
    }
}

That is abit to much eh? I would suggest using something like..

$FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp'); 
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png','application/msword');

$file_type = $_FILES['userfile']['type']; 
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_type, $FILE_MIMES) 
          && !in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file type.");
}

The above basically sets an array which allows certain ext& MIME types in_array(); function basically checks to see if the file ext/MIME is there. In this case if it isn't there it reports an error (which is !'s fault)

Regards,

 

[Barrucadu]

ok

// checking the extention
$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file extension.");
}

dosnt work, now i'll try

 $FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp');
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png','application/msword');

$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_type, $FILE_MIMES)
          && !in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file type.");
}

EDIT:

ok, neither work, is it something wrong with my form?

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

 

[Amnezia]

I think it could be because your trying to create a file with a : in the name

 

[Barrucadu]

wheres that?

 

[user-7256]

Possible - : is an invalid character in filenames.

When you go to rename the file to the date...

 

[Barrucadu]

ok, i messed around with it (file extension still not working, so its disabled for now) heres teh current code

<?php
 // Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";
$oldfile =  basename($_FILES['uploadedfile']['name']);

/*// checking the extention
$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file extension.");
}*/

//Check the size
if(filesize($_FILES['uploadedfile']['size']) >= 1048576){
    die( "File too large!");
}
//new file name exmaple for a profile image of a user
$newfile = Rand(1,9999999999) . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
	 echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
	 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
	 echo "<p>We reserve the right to delete any file on our server.</p>"; 
	 die( "<p><a href=\"Home.php\">Upload Another</a></p>");
} else{
     echo "There was an error uploading the file, please try again!";
	 die( "<p><a href=\"Home.php\">Try Again</a></p>");
}
?>

and it still dosnt work.

 

[Amnezia]

ok this will work to check the extension

 $ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

}

i missed the dots in the if statement

full code

<?php
// Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);
 
$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

} 
//Check the size
if($_FILES['uploadedfile']['size']) >= 1048576){
    die( "File too large!");
}
//new file name exmaple for a profile image of a user
$newfile = Rand(1,9999999999) . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
     echo "<p>We reserve the right to delete any file on our server.</p>";
     die( "<p><a href=\"Home.php\">Upload Another</a></p>");
} else{
     echo "There was an error uploading the file, please try again!";
     die( "<p><a href=\"Home.php\">Try Again</a></p>");
}
?>

 

[Barrucadu]

still saying invalid file extension for nomatter what file i try

 

[user-7256]

... use MIME detection! It's more secure!!

 

[Barrucadu]

ok, ive fixed everything except the uploading, heres the script:

<?php
 // Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";
$oldfile =  basename($_FILES['uploadedfile']['name']);

// checking the extention
$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".GIF")&&(!$ext==".JPG")&&(!$ext==".PNG")&&(!$ext==".BMP")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".JPX")&&(!$ext==".JPE")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png, .bmp, .jpx, .jpe, .GIF, .JPG, .PNG, .BMP, .JPX and .JPE</p>";
   die( "<p><a href=\"Home.php\">Try Again</a></p>");

} 

//Check the size
if($_FILES['uploadedfile']['size'] >= 1048576){
    die( "File too large!");
}
//new file name exmaple for a profile image of a user
$newfile = Rand(1,9999999999) . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
	 echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
	 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
	 echo "<p>We reserve the right to delete any file on our server.</p>"; 
	 die( "<p><a href=\"Home.php\">Upload Another</a></p>");
} else{
     echo "There was an error uploading the file, please try again!";
	 die( "<p><a href=\"Home.php\">Try Again</a></p>");
}
?>

now it returns the error:

Warning: move_uploaded_file(/uploads/1353736806.bmp) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\ISC\upload.php on line 33

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\DOCUME~1\Boys\LOCALS~1\Temp\php86.tmp' to '/uploads/1353736806.bmp' in C:\ISC\upload.php on line 33

if you want to test the script (on my pc) goto http://83.100.182.192 I should be hosting the script for the next few hours.

 

[RJ]

Try a different $target_path setting, such as
$target_path = "C:\\ISC\\";

See if it works.

 

[Barrucadu]

yay! all working! but how would i replace the C:\ISC\Uploads\ to a relative directory e.g. \Uploads\ ?

EDIT:

ive changed the naming to

$newfile = Rand(1,9999999999) . reverse_strrchr($_FILES['uploadedfile']['name'],".") . $ext;

and the reverse_strrchr function mentioned is here

function reverse_strrchr($haystack, $needle)
{
   $pos = strrpos($haystack, $needle);
   if($pos === false) {
       return $haystack;
   }
   return substr($haystack, 0, $pos + 1);
}

how would i make that reverse_strrchr function not include the character searched for? e.g. i uploaded a test file land.bmp, the filename it gave it was http://www.ISC.tk/uploads/browseupload.php?file=1001091359land..bmp i want to get rid of one of the .s there are 2, one from the extension and one from the reverse_strrchr.


also the search page dosnt work, heres the php:

<?php

$form = "<form method=\"POST\" action=\"search.php\">";
$form .= "Search for: <input type=\"text\" name=\"criteria\">
             <input type=\"Submit\" name=\"Submit\" value=\"Submit\">";
$form .= "</form>";

// check is user submitted, if not, show the form
if ($_POST['Search'] != "Search")
{
    echo $form;
}
else
{

$directory = "/uploads/";

if (is_dir($directory))
{
   $open_dir = opendir($directory);
    while (($file = readdir($open_dir)) !== false)
    {
        // Place filenames into an array
        $files[] = $file;
    }
    closedir($open_dir);

    // files are in an array, check if search criteria meets any names in array
    if (in_array($_POST['criteria'], $files))
    {
        foreach ($files AS $file_result)
        {
            if (stristr($file_result, $_POST['criteria']))
            {
				echo "File Found : <a href = \"/uploads/browseupload.php?file=".$file_result.">View Result</a>";
            }
        }
    }
    else
    {
        echo "Search Criteria not found<br /> Please try again<br /><br />";
        echo $form;
    }
}

}

?>

can someone fix that?