LucaCrippa Posted March 4, 2013 Share Posted March 4, 2013 Hi there, I'm a novice on php programmin', and I just have a question 'bout a script for uploadin' pdf files on my website. I would like to allow administrator to upload pdf files in the restricted area of the site, then I would like to implement a script that generates automatically the links for the download of the uploaded pdf files. This is the code: The form for the upload: <form action="upload3.php" method="post" enctype="multipart/form-data"> <input type="file" name="filepdf" /><br /> <input type="submit" value="Upload menu pdf" name="upload_pdf" /></form> The upload3.php file included in the form: <?php $pdfPath = "http://www.coroconcorezzo.it/Spartiti/"; $maxSize = 102400000000; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['upload_pdf'])) { if (is_uploaded_file($_FILES['filepdf']['tmp_name'])) { if ($_FILES['filepdf']['type'] != "application/pdf") { echo '<p>Il file non è un PDF</p>'; } else if ($_FILES['filepdf']['size'] > $maxSize) { echo '<p class="error">File troppo grande. Dimensione massima: ' . $maxSize . 'KB</p>'; } else { $menuName = 'file.pdf'; $result = move_uploaded_file($_FILES['filepdf']['tmp_name'], $pdfPath . $menuName); if ($result == 1) { echo '<p class="error">Menu caricato</p>'; } else { echo '<p class="error">Si è verficato un errore</p>'; } } } }?> But when I try to upload a pdf file I receive this error message: Warning: move_uploaded_file(http://www.coroconcorezzo.it/Spartiti/file.pdf) [function.move-uploaded-file]: failed to open stream: HTTP wrapper does not support writeable connections inD:\Inetpub\webs\coroconcorezzoit\upload3.php on line 14Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move 'C:\PHP\upload\phpF162.tmp' to 'http://www.coroconcorezzo.it/Spartiti/file.pdf' in D:\Inetpub\webs\coroconcorezzoit\upload3.php on line14Si è verficato un errore The website is www.coroconcorezzo.itHow can I fix it? Thank you! ps: the files attribution is 777 for every file and folder in my website. Link to comment Share on other sites More sharing options...
birbal Posted March 4, 2013 Share Posted March 4, 2013 use local path of server instead of web path using http Link to comment Share on other sites More sharing options...
LucaCrippa Posted March 4, 2013 Author Share Posted March 4, 2013 Something like..? Link to comment Share on other sites More sharing options...
birbal Posted March 5, 2013 Share Posted March 5, 2013 absolute pathC:/user/some/file/path/in/windows/user/some/file/path/in linux or relative path calling from user directoryfile/pathwill get you C:/user/some/file/pathetc Link to comment Share on other sites More sharing options...
Nico Posted March 11, 2013 Share Posted March 11, 2013 On an unrelated, but more important note, don't ever validate uploaded files by the "type" in the $_FILES array. The reason for this is, that the "type" in the $_FILES array comes from the same source as the file itself... the user. And not only can the type vary depending on the browser you're using, it can also be faked. In other words, I can upload a .php file with an application/pdf content type, and your site would think it's safe. Always validate the file extension, and make sure that PHP doesn't parse it. Link to comment Share on other sites More sharing options...
LucaCrippa Posted March 11, 2013 Author Share Posted March 11, 2013 absolute pathC:/user/some/file/path/in/windows/user/some/file/path/in linux or relative path calling from user directoryfile/pathwill get you C:/user/some/file/pathetc Ok... but, what is my server path? How can I find it? D:\Inetpub\webs\coroconcorezzoit\upload4.php ? Link to comment Share on other sites More sharing options...
Nico Posted March 11, 2013 Share Posted March 11, 2013 $pdfPath = __DIR__ . '/Spartiti/'; Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now