php uploads

yes, its me again...

okay, i got me hands on a little bit of code to upload a file ive submitted with a form, which looks somthing like this :

PHP:

if ($img1_name != "") {
        @copy("$img1" , "/home/admin/www/fileupload/$img1_name") 
                or die("Couldn't Upload Your File.");
} else {
       die("No File Specified");
}


I then modified it, with the intention to change the directory i was uploading to, not knowing my whole path intimatley, and also to assign a variable which would point to the image to be put into my database

PHP:

if ($pic_name != "") {
        
        @copy("$pic" , $PHP_SELF."/imgs/") ;
                $pic_url = $PHP_SELF."/imgs/".$pic_name;
                $wasuploaded = "1";
}

the file got there okay (i can get name and size etc.) and APPANRENTLY it was uploaded (the $wasuploaded was true) but the copy command didnt seem to do anything.
What i do wrong?

 

what is $PHP_SELF? I see no description, where does it point too, how is made? Try doing copy($blah, "/imgs/" . $blah) see if that works. (have an or die statement to check it.) Also, do you want to copy it or move it? http://us2.php.net/manual/en/function.move-uploaded-file.php

 

Also you are using if($pic_name blah blah blah) then using just $pic with no _name...

 

i think the problem lies with the move to path.. ive changed it a little:

PHP:

$uploaded = move_uploaded_file ($_FILES['pic']['tmp_name'], $DOCUMENT_ROOT."/hypostasis/imgs/".$_FILES['userfile']['name'])
    or die ("Could not copy ".$_FILES['pic']['error']); 
//bla bla bla


im not sure how to specify the path of where i want it to go. i just log into my folder via ftp, i dont know what the actual path of it is, or how to get it, which might be what i need to do. im not sure

 

if the server is running Apache (too lazy for a banner grab) just specify "/blah/blah2/crap/imgs/" . $img_name

Where / is the root directory of the WEBSERVER...

I also do not see why you are using a 2 deminsonal array when you ould just use...



$uploaded = move_uploaded_file ($picture_name, "/hypostasis/imgs/" . $picture_name)
or die ("Could not copy ".$_FILES['pic']['error']);

When you login in where do you "GET" the file from? How is the directory lay out off the web provider for you?

 

for me :

Code:

/ root
     /cgi-bin
     /hypostasis <-- my website folder

does that mean i should just be able to specify /hypostasis/imgs/?

and yes the server is running Apache, on unix.

 

no, do /imgs/ if $YOURSITE/index.php is /root/hypostatis/index.php then it's /imgs/.

(I'm guessing it's /root/hypostatis since normal Apache/web server design cgi-bin is ../cgi-bin from the $ROOT) so it's just /imgs/

EDIT:


move_uploaded_file ($picture_name, "/imgs/" . $picture_name)
or die ("Could not copy " . $picture_name);

 

hang on i dont think ive made myself too clear on that one.

when i log in via ftp, i get "/" and ive put all my website files in the hypostasis directory. so my url is cgi.nicholaslidster.plus.com/hypostasis/

so does that still apply?

 

no, make it /hypostatis/imgs/ That's really screwed up that the site has cgi-bin in /, it's usually outside and just the httpd.conf determines wether you can access it or not, damn people screwing with standards they should... *shakes head*

SECURITY NOTICE: I would definatly password protect this as this could cause large problems, if you want this accesible to the public DEFINATLY use security methods to prevent parameter tampering... ie. (uploading ../index.php), if this is supposed to be just for you then password protect it. if it's the public then do some security work, or else I may have to prove my point ;P

 

okay.... in that case the following code still doesnt work..

PHP:

if ($pic != "") {
$uploaded = move_uploaded_file($pic_name, "/hypostasis/imgs/".$pic_name)
    or die ("Could not move ".$pic_name); 
//my nice variables bla bla bla...
}

in the php.net example they move somthing about tmp_name, rather than name. that have anything to do with it perhaps?
the form has the method post as well, is that a problem?
and also it dies and tells me it cant upload the file which i specified(the name, that is).

 

Haha, see thats why i made my password protect stuff FIRST

 

I am really paranoid so I just use triple/quadruple md5 hashing (or SHA??? where it's available, md5 has theoretical vulns and it can be cracked quite easily (sure md5(md5(md5('blah'))); couldn't as easily but hey, I'm a freak... ))

EDIT: Is it working?

 

aha..

Maybe my server security locks down on this? If so, how would i go about opening the file, reading it then writing it somewhere else? sounds complicated to me. Ill ask my ISP, maybe they have a solution, if thats the problem...

 

"how would i go about opening the file, reading it then writing it somewhere else?"

php.net/fopen

And I doubt that it will not allow you to move it, that's just ludicrous [sic], if it's UNIX just do a system("mv file blah/file");

 

PHP:

$finam = $_FILES['imagefile']['name'];

//If the Submitbutton was pressed do: 
 MySql_query("INSERT INTO eop (Year,Month,Info,Path,Name) VALUES('$year','$month','$comm','files/$finam','$empn')"); 

 if ($_FILES['imagefile']['type'] == "image/pjpeg" || $_FILES['imagefile']['type'] == "image/jpeg" ){ 

copy ($_FILES['imagefile']['tmp_name'], "files/".$_FILES['imagefile']['name']) 
    or die ("Could not copy<br>"); 
 echo "<br>"; 
        echo "Name: ".$_FILES['imagefile']['name'].""; 
        echo "<br>Size: ".$_FILES['imagefile']['size'].""; 
        echo "<br>Type: ".$_FILES['imagefile']['type'].""; 
        echo "<br>Copy Done...."; 
}
       else { 
 $etyp =  $_FILES['imagefile']['type'];
            echo ""; 
            echo "Could Not Copy, Wrong Filetype (".$_FILES['imagefile']
['name'].")<br>";
            echo "Gold was does this say? $etyp " ;
 
        }


Thats my code to uplaod jpegs
take out the if ($_FILES['imagefile']['type'] == "image/pjpeg" || $_FILES['imagefile']['type'] == "image/jpeg" ){ line to be able to upload whatever

www.fritzsoft.net/php/upload.php

 

ah, very good...
mv: access denied: Numerical result out of range
whats that supposed to mean?

 

Not much, so many things could be the problem, ie. You are chrooted and bad perms, you don't have the right perms (most likely), etc. but try just doing copy(a,b) and see if it moves it in the same directory, try copy perhaps it has a problem with move_uploaded_file()?

 

ah, i fixed it. Turns out i didnt need the tmp_name after all, just $pic did the trick okay, and sepifying the directory reletive to the script worked hooray