pdf upload form php

[LucaCrippa]

Hi there, I'm a novice on php programmin', and I just have a question 'bout a script for uploadin' pdf files on my website. I would like to allow administrator to upload pdf files in the restricted area of the site, then I would like to implement a script that generates automatically the links for the download of the uploaded pdf files. This is the code: The form for the upload:

<form action="upload3.php" method="post" enctype="multipart/form-data">	    <input type="file" name="filepdf" /><br />	    <input type="submit" value="Upload menu pdf" name="upload_pdf" /></form>

The upload3.php file included in the form:

<?php    $pdfPath = "http://www.coroconcorezzo.it/Spartiti/";    $maxSize = 102400000000;    if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['upload_pdf'])) {   	    if (is_uploaded_file($_FILES['filepdf']['tmp_name'])) {		    if ($_FILES['filepdf']['type'] != "application/pdf") {			    echo '<p>Il file non è un PDF</p>';		    } else if ($_FILES['filepdf']['size'] > $maxSize) {			    echo '<p class="error">File troppo grande. Dimensione massima: ' . $maxSize . 'KB</p>';		    } else {			    $menuName = 'file.pdf';			    $result = move_uploaded_file($_FILES['filepdf']['tmp_name'], $pdfPath . $menuName);			    if ($result == 1) {				    echo '<p class="error">Menu caricato</p>';			    } else {				    echo '<p class="error">Si è verficato un errore</p>';			    }		    }	    }    }?>

But when I try to upload a pdf file I receive this error message:

Warning: move_uploaded_file(http://www.coroconcorezzo.it/Spartiti/file.pdf) [function.move-uploaded-file]: failed to open stream: HTTP wrapper does not support writeable connections inD:\Inetpub\webs\coroconcorezzoit\upload3.php on line 14Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\PHP\upload\phpF162.tmp' to 'http://www.coroconcorezzo.it/Spartiti/file.pdf' in D:\Inetpub\webs\coroconcorezzoit\upload3.php on line14Si è verficato un errore

The website is www.coroconcorezzo.itHow can I fix it? Thank you! ps: the files attribution is 777 for every file and folder in my website.

[birbal]

use local path of server instead of web path using http

[LucaCrippa]

Something like..?

[birbal]

absolute pathC:/user/some/file/path/in/windows/user/some/file/path/in linux or relative path calling from user directoryfile/pathwill get you C:/user/some/file/pathetc

[Nico]

On an unrelated, but more important note, don't ever validate uploaded files by the "type" in the $_FILES array. The reason for this is, that the "type" in the $_FILES array comes from the same source as the file itself... the user. And not only can the type vary depending on the browser you're using, it can also be faked. In other words, I can upload a .php file with an application/pdf content type, and your site would think it's safe. Always validate the file extension, and make sure that PHP doesn't parse it.

[LucaCrippa]

absolute pathC:/user/some/file/path/in/windows/user/some/file/path/in linux or relative path calling from user directoryfile/pathwill get you C:/user/some/file/pathetc

Ok... but, what is my server path? How can I find it? D:\Inetpub\webs\coroconcorezzoit\upload4.php ?

[Nico]

$pdfPath = __DIR__ . '/Spartiti/';