Strange PHP error.

[Barrucadu]

<?php
 // Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";
$oldfile =  basename($_FILES['uploadedfile']['name']);

// getting the extention
$pos = strpos($oldfile,".",0);
$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," ");

if(!$ext = "gif") {
	if(!$ext = "jpg") {
		if(!$ext = "png") {
			if(!$ext = "bmp") {
				echo "Dissallowed File Extension!";
				echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
				echo "<p><a href=\"Home.php\">Try Again</a></p>";
				die();
			}
		}
	}
}

//Check the size
if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}
//new file name exmaple for a profile image of a user
$newfile = Date("d:S:w:z:W:B:s:i") . "." . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
	 echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
	 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
	 echo "<p>We reserve the right to delete any file on our server.</p>"; 
	 echo "<p><a href=\"Home.php\">Upload Another</a></p>";
} else{
     echo "There was an error uploading the file, please try again!";
	 echo "<p><a href=\"Home.php\">Try Again</a></p>";
}
?>

EDIT: I just checked again and the whole page dosnt work so I edited it in.

 

[user-7256]

...what's your error?

 

[Barrucadu]

sorry, should have metioned that.

1) it says all files i try to upload are over 1MB even when they're not.
2) it says the file upload failed if i disable the size checker.

i havent found any more errors yet.

incase you need it heres the HTML of the form on Home.php thats sending the file:

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

 

[user-7256]

Okay, so really what you want to do is fix the first error which will also fix the second one.

Got it - you have <= in the size checker. You want >=

*lol* right now it won't let files UNDER 1 MB in :D Yeah, change that

 

[Barrucadu]

1) ok, i tried what you said and it didnt work.
2) the size checker IF statement is

if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){

so if it was >= it would be "if filesize is not greater-than or equal to 1MB disallow it". (! does mean not dosnt it?)

 

[Amnezia]

Its because the code you have is comparing the file name and not the file size

try this:

//Check the size
if(!filesize($_FILES['uploadedfile']['size']) <= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}

 

[Barrucadu]

ahhhh, i knew it would be some stupid mistake (like all my mistakes in php)

ok, I messed arround with the syntax and I got

if(filesize($_FILES['uploadedfile']['size']) >= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}

which now works. but it still says there was an error uploading this file, also can someone tell me if me if the extension checker (in my first post, but i'll repost it now) would work?

// getting the extention
$pos = strpos($oldfile,".",0);
$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," "); 
if(!$ext = "gif") {
	if(!$ext = "jpg") {
		if(!$ext = "png") {
			if(!$ext = "bmp") {
				echo "Dissallowed File Extension!";
				echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
				echo "<p><a href=\"Home.php\">Try Again</a></p>";
				die();
			}
		}
	}
}

ATM whats its supposed to do is check if its not a gif, jpg, png or bmp it shows the error message. Im new to PHP so i just guessed at the code, hopefully I got it right.

 

[Amnezia]

actaully i just realised my code is wrong it should be

//Check the size
if($_FILES['uploadedfile']['size'] >= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}

have you check that you have permission to write to the upload directory

 

[user-7256]

That's still checking to see if it's SMALLER than 1 MB.

You need to reverse the <= to be >=.

 

[Barrucadu]

have you check that you have permission to write to the upload directory

should have, its on my pc.

 

[Amnezia]

heres how i would test for the correct extension

$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

}

 

[Barrucadu]

heres how i would test for the correct extension

$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext=="gif")&&(!$ext=="jpg")&&(!$ext=="png")&&(!$ext=="bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

}

hmmm... when i run it it seams to skip the extension checking... it just says "File Upload Failed"

 

[user-7256]

Just check the MIME type... it's more secure

 

[iNod]

if(!$ext = "gif") {
    if(!$ext = "jpg") {
        if(!$ext = "png") {
            if(!$ext = "bmp") {
                echo "Dissallowed File Extension!";
                echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
                echo "<p><a href=\"Home.php\">Try Again</a></p>";
                die();
            }
        }
    }
}

That is abit to much eh? I would suggest using something like..

$FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp'); 
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png','application/msword');

$file_type = $_FILES['userfile']['type']; 
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_type, $FILE_MIMES) 
          && !in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file type.");
}

The above basically sets an array which allows certain ext& MIME types in_array(); function basically checks to see if the file ext/MIME is there. In this case if it isn't there it reports an error (which is !'s fault)

Regards,

 

[Barrucadu]

ok

// checking the extention
$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file extension.");
}

dosnt work, now i'll try

 $FILE_EXTS  = array('.zip','.jpg','.png','.gif','.bmp');
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png','application/msword');

$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_type, $FILE_MIMES)
          && !in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file type.");
}

EDIT:

ok, neither work, is it something wrong with my form?

<form action="upload.php" method="post" enctype="multipart/form-data" name="form1">
    <table width="414" border="0">
      <tr>
        <td width="158">File Location: </td>
        <td width="246"><input name="file" type="file" id="file"></td>
      </tr>
    </table>
    <p>* The file cannot exceed 1 mb.<br>
      ** Allowed file extensions are .gif, .jpg, .png and .bmp      <br>
    </p>
    <p>
      <input type="submit" name="Submit" value="Upload File">
</p>
  </form>

 

[Amnezia]

I think it could be because your trying to create a file with a : in the name

 

[Barrucadu]

wheres that?

 

[user-7256]

Possible - : is an invalid character in filenames.

When you go to rename the file to the date...

 

[Barrucadu]

ok, i messed around with it (file extension still not working, so its disabled for now) heres teh current code

<?php
 // Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";
$oldfile =  basename($_FILES['uploadedfile']['name']);

/*// checking the extention
$FILE_EXTS  = array('.jpg','.png','.gif','.bmp','.jpx','.jpe', '.GIF','.JPG','.JPX','.JPE','.PNG','.BMP');
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if(!in_array($file_ext, $FILE_EXTS)) {
   Die( "Disallowed file extension.");
}*/

//Check the size
if(filesize($_FILES['uploadedfile']['size']) >= 1048576){
    die( "File too large!");
}
//new file name exmaple for a profile image of a user
$newfile = Rand(1,9999999999) . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
	 echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
	 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
	 echo "<p>We reserve the right to delete any file on our server.</p>"; 
	 die( "<p><a href=\"Home.php\">Upload Another</a></p>");
} else{
     echo "There was an error uploading the file, please try again!";
	 die( "<p><a href=\"Home.php\">Try Again</a></p>");
}
?>

and it still dosnt work.

 

[Amnezia]

ok this will work to check the extension

 $ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

}

i missed the dots in the if statement

full code

<?php
// Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";

$oldfile =  basename($_FILES['uploadedfile']['name']);
 
$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
   echo "<p><a href=\"Home.php\">Try Again</a></p>";
   die();

} 
//Check the size
if($_FILES['uploadedfile']['size']) >= 1048576){
    die( "File too large!");
}
//new file name exmaple for a profile image of a user
$newfile = Rand(1,9999999999) . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
     echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
     echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
     echo "<p>We reserve the right to delete any file on our server.</p>";
     die( "<p><a href=\"Home.php\">Upload Another</a></p>");
} else{
     echo "There was an error uploading the file, please try again!";
     die( "<p><a href=\"Home.php\">Try Again</a></p>");
}
?>