Strange PHP error.

[Barrucadu]

<?php
 // Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";
$oldfile =  basename($_FILES['uploadedfile']['name']);

// getting the extention
$pos = strpos($oldfile,".",0);
$ext = trim(substr($oldfile,$pos+1,strlen($oldfile))," ");

if(!$ext = "gif") {
	if(!$ext = "jpg") {
		if(!$ext = "png") {
			if(!$ext = "bmp") {
				echo "Dissallowed File Extension!";
				echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>";
				echo "<p><a href=\"Home.php\">Try Again</a></p>";
				die();
			}
		}
	}
}

//Check the size
if(!filesize($_FILES['uploadedfile']['name']) <= 1048576){
    echo "File too large!";
    echo "<p>Maximum size is 1MB</p>";
    die();
}
//new file name exmaple for a profile image of a user
$newfile = Date("d:S:w:z:W:B:s:i") . "." . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
	 echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
	 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
	 echo "<p>We reserve the right to delete any file on our server.</p>"; 
	 echo "<p><a href=\"Home.php\">Upload Another</a></p>";
} else{
     echo "There was an error uploading the file, please try again!";
	 echo "<p><a href=\"Home.php\">Try Again</a></p>";
}
?>

EDIT: I just checked again and the whole page dosnt work so I edited it in.

 

[Barrucadu]

still saying invalid file extension for nomatter what file i try

 

[user-7256]

... use MIME detection! It's more secure!!

 

[Barrucadu]

ok, ive fixed everything except the uploading, heres the script:

<?php
 // Where the file is going to be placed temporarly
$target_path = "/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

$_FILES['uploadedfile']['tmp_name']; // temp file

$target_path = "/uploads/";
$oldfile =  basename($_FILES['uploadedfile']['name']);

// checking the extention
$ext = strrchr($_FILES['uploadedfile']['name'], '.');

if((!$ext==".gif")&&(!$ext==".jpg")&&(!$ext==".png")&&(!$ext==".bmp")&&(!$ext==".GIF")&&(!$ext==".JPG")&&(!$ext==".PNG")&&(!$ext==".BMP")&&(!$ext==".jpx")&&(!$ext==".jpe")&&(!$ext==".JPX")&&(!$ext==".JPE")){

   echo "Dissallowed File Extension!";
   echo "<p>Allowed extensions are .gif, .jpg, .png, .bmp, .jpx, .jpe, .GIF, .JPG, .PNG, .BMP, .JPX and .JPE</p>";
   die( "<p><a href=\"Home.php\">Try Again</a></p>");

} 

//Check the size
if($_FILES['uploadedfile']['size'] >= 1048576){
    die( "File too large!");
}
//new file name exmaple for a profile image of a user
$newfile = Rand(1,9999999999) . $ext;

// move the file to the final destination
$target_path = $target_path . basename($newfile);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
	 echo "<p>The URL is <b>http://www.ISC.tk/uploads/". $newfile . "</b></p>";
	 echo "<p>To view your file visit <b>http://www.ISC.tk/uploads/browseupload.php?file=". $newfile . "</b></p>";
	 echo "<p>We reserve the right to delete any file on our server.</p>"; 
	 die( "<p><a href=\"Home.php\">Upload Another</a></p>");
} else{
     echo "There was an error uploading the file, please try again!";
	 die( "<p><a href=\"Home.php\">Try Again</a></p>");
}
?>

now it returns the error:

Warning: move_uploaded_file(/uploads/1353736806.bmp) [function.move-uploaded-file]: failed to open stream: No such file or directory in C:\ISC\upload.php on line 33

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\DOCUME~1\Boys\LOCALS~1\Temp\php86.tmp' to '/uploads/1353736806.bmp' in C:\ISC\upload.php on line 33

if you want to test the script (on my pc) goto http://83.100.182.192 I should be hosting the script for the next few hours.

 

[RJ]

Try a different $target_path setting, such as
$target_path = "C:\\ISC\\";

See if it works.

 

[Barrucadu]

yay! all working! but how would i replace the C:\ISC\Uploads\ to a relative directory e.g. \Uploads\ ?

EDIT:

ive changed the naming to

$newfile = Rand(1,9999999999) . reverse_strrchr($_FILES['uploadedfile']['name'],".") . $ext;

and the reverse_strrchr function mentioned is here

function reverse_strrchr($haystack, $needle)
{
   $pos = strrpos($haystack, $needle);
   if($pos === false) {
       return $haystack;
   }
   return substr($haystack, 0, $pos + 1);
}

how would i make that reverse_strrchr function not include the character searched for? e.g. i uploaded a test file land.bmp, the filename it gave it was http://www.ISC.tk/uploads/browseupload.php?file=1001091359land..bmp i want to get rid of one of the .s there are 2, one from the extension and one from the reverse_strrchr.


also the search page dosnt work, heres the php:

<?php

$form = "<form method=\"POST\" action=\"search.php\">";
$form .= "Search for: <input type=\"text\" name=\"criteria\">
             <input type=\"Submit\" name=\"Submit\" value=\"Submit\">";
$form .= "</form>";

// check is user submitted, if not, show the form
if ($_POST['Search'] != "Search")
{
    echo $form;
}
else
{

$directory = "/uploads/";

if (is_dir($directory))
{
   $open_dir = opendir($directory);
    while (($file = readdir($open_dir)) !== false)
    {
        // Place filenames into an array
        $files[] = $file;
    }
    closedir($open_dir);

    // files are in an array, check if search criteria meets any names in array
    if (in_array($_POST['criteria'], $files))
    {
        foreach ($files AS $file_result)
        {
            if (stristr($file_result, $_POST['criteria']))
            {
				echo "File Found : <a href = \"/uploads/browseupload.php?file=".$file_result.">View Result</a>";
            }
        }
    }
    else
    {
        echo "Search Criteria not found<br /> Please try again<br /><br />";
        echo $form;
    }
}

}

?>

can someone fix that?

 

[Amnezia]

does "uploads\\" not work?

 

[Barrucadu]

also, if i post a link related to www.ISC.tk dont click it, i havent got the domain set up yet.

someone help me with the search page please here it is:

<?php

$form = "<form method=\"POST\" action=\"search.php\">";
$form .= "Search for: <input type=\"text\" name=\"criteria\">
             <input type=\"Submit\" name=\"Submit\" value=\"Submit\">";
$form .= "</form>";

// check is user submitted, if not, show the form
if ($_POST['Search'] != "Search")
{
    echo $form;
}
else
{

$directory = "/uploads/";

if (is_dir($directory))
{
   $open_dir = opendir($directory);
    while (($file = readdir($open_dir)) !== false)
    {
        // Place filenames into an array
        $files[] = $file;
    }
    closedir($open_dir);

    // files are in an array, check if search criteria meets any names in array
    if (in_array($_POST['criteria'], $files))
    {
        foreach ($files AS $file_result)
        {
            if (stristr($file_result, $_POST['criteria']))
            {
                echo "File Found : <a href = \"/uploads/browseupload.php?file=".$file_result.">View Result</a>";
            }
        }
    }
    else
    {
        echo "Search Criteria not found<br /> Please try again<br /><br />";
        echo $form;
    }
}

}

?>

its supposed to serach the uploads folder for a file, but it dosnt work

 

[user-7256]

Correct me if I'm wrong, but that !== you want maybe should be a != operator?

Otherwise I'm not too familiar with directory functions...

 

[Amnezia]

you dont need the !==false at all

if (is_dir($directory))
{
   $open_dir = opendir($directory);
    while ($file = readdir($open_dir))
    {
        // Place filenames into an array
        $files[] = $file;
    }
    closedir($open_dir);

is correct

where did you get this script from it is possibly the messiest coding i've ever seen, lol. no offenece intended

 

[Outer]

http://us3.php.net/opendir



BTW Amnezia, your file extension check wont work for ALL files. Some files contain periods before the file extension, therefore, it will check everything AFTER that...

Try this code. It reverses the string and takes everything before the first period, then reverses it back to give you the correct file extension

<?php
function find_extension($file) {
   $revfile = strrev($file);
   $ext = strtolower( strrev(substr($revfile,0,strpos($revfile,"."))) );

   return $ext;
}

$allowed_extensions = array("gif", "jpg", "jpeg", "png", "bmp");
$extension = find_extension($_FILES['uploadedfile']['name']);

if (in_array($extension, $allowed_extensions))
{
    // The extension is valid
}
else
{
    // Extension is not valid
    echo "Dissallowed File Extension!"; 
    echo "<p>Allowed extensions are .gif, .jpg, .png and .bmp</p>"; 
    echo "<p><a href=\"Home.php\">Try Again</a></p>"; 
    die();
}
?>

 

[Amnezia]

http://us3.php.net/opendir

BTW Amnezia, your file extension check wont work for ALL files. Some files contain periods before the file extension, therefore, it will check everything AFTER that...

yah im aware of that i just cleaned up the code previously used

the best way to do it is to check the mime types of the files

 

[Outer]

I actually use both...

Check file extension and MIME type.

This script works (probably not best methods on some parts, but still works nonetheless :P)

<?php

$form = "<form method=\"POST\" action=\"image_find.php\">";
$form .= "Search for: <input type=\"text\" name=\"criteria\">
             <input type=\"Submit\" name=\"Search\" value=\"Search\">";
$form .= "</form>";

// check is user submitted, if not, show the form
if ($_POST['Search'] != "Search")
{
    echo $form;
}
else
{

$directory = "images/";

if (is_dir($directory))
{
   $open_dir = opendir($directory);
    while ($file = readdir($open_dir))
    {
        // Place filenames into an array
        $files[] = $file;
    }
    closedir($open_dir);

 

    // files are in an array, check if search criteria meets any names in array
    $i = 0;
        foreach ($files AS $file_result)
        {
            if (eregi($_POST['criteria'], $file_result))
            {
               $echo .= "<a href=\"uploads/browseupload.php?file=".$file_result."\">".$file_result."</a><br />";
               $i++;
            }
        }

        if ($i == "0")
        {
            echo "Search Criteria not met.<br /><br />";
            echo $form;
        }
        else
        {
            echo $echo."<br />";
            echo $form;
        }
}
else
{
    echo "Not a Directory!";
}

}

?>

 

[Barrucadu]

thanks for all the help everyone, ive just got one more problem:

if(!"browseupload.php" == $entry && !"filemanager.php" == $entry) {
	echo "<p><b><u>File</u></b>";
	echo "<br><b>|----Name: </b>".$entry;
	echo "<br><b>|----Link: </b><a href = \"/Uploads/browseupload.php?file=".$entry."&admin=yes\">View Image</a>";
	echo "<br><b>|----Size: </b>".filesize($path."/".$entry)." bytes";
	echo "<br><b>|----<u>Actions</u></b>";
	echo "<br><b>|.....|----Delete: </b><a href = \"/Uploads/filemanager.php?file=".$entry."&action=880952delfile\">Go</a>";
	echo "<br><b>|.....|----Rename: </b><a href = \"/Uploads/filemanager.php?file=".$entry."&action=482975renfile\">Go</a>";
}

now, before i added in that if statement this code listed every file in the directory /Uploads/ i added in the if statement to remove two files from the list: browseupload.php and filemanager.php, now it doesnt work at all.

 

[RJ]

Try

if ($entry != "browseupload.php" && $entry != "filemanager.php") {

or to make one that will ignore any php files.

list($filenm, $fileext) = split("\.",$entry, 2);
if (strtolower($fileext) != "php") {

Now stop spamming nationstates :p

 

[iNod]

The code I gave you nees to be edited to fit your script. Since the form field name is file insted of the regular userfile you will have the change $_FILES['userfile'].... to $_FILES['file']...

Other than that I can't see a problem why the code I didn't give you won't work.. It worked for me.