PHP File Upload Script

[jayrav13]

I think the title and description explain it all. I have almost the same script as the W3SCHOOLS.com example running on my webpage. When the user submits the file, the information on the PHP page displays the correct size of the file. Even at the very end of the script, i put in echo $_FILES["file"]["size]; , again, as the LAST line on the script, and the file size was displayed as the proper amount. However, regardless of what kind of file it is, the server displays the value as 0 bytes. If it is an image, when I try to open it, it either fails to open it or shows nothing in Paint. Word documents come out blank. What should I do? I looked at another page and saw that someone recommended looking at the phpinfo(); so I took the liberty of doing so and will post it for all to see at the end of this page. Please let me know if the server even supports it because I do not know enough to be able to analyze the phpinfo(); page. Thank you so much!Never mind, I have edited the link out because I just found out that it can have sensitive info on it. What should I be looking for in the phpinfo file?

[justsomeguy]

First, make sure you're seeing any errors that happen:

ini_set('html_errors', 1);ini_set('display_errors', 1);error_reporting(E_ALL);

If there's a permission issue moving or copying the file that will show you. Otherwise, check the error element in the file array to see if the file has an error code or if it was actually uploaded correctly.http://www.php.net/manual/en/features.file-upload.errors.php

[jayrav13]

First, make sure you're seeing any errors that happen:

ini_set('html_errors', 1);ini_set('display_errors', 1);error_reporting(E_ALL);

If there's a permission issue moving or copying the file that will show you. Otherwise, check the error element in the file array to see if the file has an error code or if it was actually uploaded correctly.http://www.php.net/manual/en/features.file-upload.errors.php

I already have a statement in my file which kills the script if there is an error. Here, i'll post the script for you to see:

<?phpsession_start();if(isset($_SESSION['login'])){	if($_SESSION['login']=="0"){		header('Refresh: 0; url=login.php');	}	else{	}}else{	header('Refresh: 0; url=login.php');}?><html><body><?php  if ($_FILES["file"]["error"] > 0)	{	echo "Return Code: " . $_FILES["file"]["error"] . "<br /><br />";	echo "Upload Failed. Webmaster has been notified.<br /><br />";		$to = "email@gmail.com";		$message = "Error Code";		$subject = $_FILES["file"]["error"];		mail($to,$subject,$message);		echo "<a href='filemanager.php'>Click here to return to File Manager.</a>";	}  else	{	echo "Upload: " . $_FILES["file"]["name"] . "<br />";	echo "Type: " . $_FILES["file"]["type"] . "<br />";	echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";	echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";	if (file_exists("upload/" . $_FILES["file"]["name"]))	  {	  echo $_FILES["file"]["name"] . " already exists. <br /><br />";		  $to = "email@gmail.com";		$message = "File Already Exists";		$subject = $_FILES["file"]["name"];		mail($to,$subject,$message);		echo "This file already exists on the server.<br /><br />";		echo "<a href='filemanager.php'>Click here to return to File Manager.</a>";	  }	else	  {	  move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]);	  echo "Stored in: " . "upload/" . $_FILES["file"]["name"] . "<br /><br />";		$to = "email@gmail.com";		$message = "Successful File Upload";		$subject = $_FILES["file"]["name"];		mail($to,$subject,$message);		echo "The Webmaster has been notified of your upload and will post ";		echo "the file shortly.<br /><br />";		echo "<a href='filemanager.php'>Click here to return to File Manager.</a>";		  }	}	?></body></html>

However, for the 3 lines of code that you sent, where should those be placed? Sorry, I'm new to PHP. Please let me know. Thanks!

[justsomeguy]

Ideally they should go before any other code. They turn on all error messages, so you probably want that done as soon as possible. The move_uploaded_file function will also return false if it failed, that may be something else to check for, or use another file_exists after the move to make sure the file does exist now.Just to clarify, when you say this:

When the user submits the file, the information on the PHP page displays the correct size of the file. Even at the very end of the script, i put in echo $_FILES["file"]["size]; , again, as the LAST line on the script, and the file size was displayed as the proper amount. However, regardless of what kind of file it is, the server displays the value as 0 bytes.

You're saying that when you look at the file in the file explorer on the server that the file size is reported at 0 by the OS?

[jayrav13]

Ideally they should go before any other code. They turn on all error messages, so you probably want that done as soon as possible. The move_uploaded_file function will also return false if it failed, that may be something else to check for, or use another file_exists after the move to make sure the file does exist now.Just to clarify, when you say this:You're saying that when you look at the file in the file explorer on the server that the file size is reported at 0 by the OS?

Ok, the lines of code that you gave me, I guess I'll put them before all the conditions in the 2nd <?php ?> tags? And I don't know if it is the OS or the server, but I use a SSH to connect to the server and on that program, the file size is 0 bytes. I hope that helps. And I can also use a file_exists to confirm, I'll let you know what I get.

[jayrav13]

With the code you gave me at the very beginning of the <?php ?> within the <html> brackets, this is the result I get on the page:

Upload: FINAL 101 - ALL NOTES.docType: application/mswordSize: 391.5 KbTemp file: /var/tmp/phpIhaiYZStored in: upload/FINAL 101 - ALL NOTES.docThe Webmaster has been notified of your upload and will post the file shortly.Click here to return to File Manager.File Exists: 1File Size: 391.5

That VERY last "File Exists1" was the test I put in to check if the file is there at the end of the script. The File Size served the same purpose. Both checked out. The file existed and the size was the same at the end of the script. But, my SSH still shows it at 0 bytes when I check.

[justsomeguy]

The file size in the $_FILES array is reported by the browser. Use the filesize function to check the size of the actual file on disk. It may be useful to check the size of both the temporary file and also the final.

[jayrav13]

The file size in the $_FILES array is reported by the browser. Use the filesize function to check the size of the actual file on disk. It may be useful to check the size of both the temporary file and also the final.

Warning: filesize() [function.filesize]: Unable to access MSLC Outline 3; General Biology 101.docx in /public_html/fJay.php on line 67File Size Disc: Warning: filesize() [function.filesize]: SAFE MODE Restriction in effect. The script whose uid is 163385 is not allowed to access /var/tmp owned by uid 0 in /public_html/fJay.php on line 68File Size Temp:

What do you think? I don't know how to interpret it but clearly there's a problem haha.

[Rough Divide]

What do you think? I don't know how to interpret it but clearly there's a problem haha.

I think it's a bit obvious. =p

Warning: filesize() [function.filesize]: SAFE MODE Restriction in effect. The script whose uid is 163385 is not allowed to access /var/tmp owned by uid 0 in /public_html/fJay.php on line 68File Size Temp:

It seems you aren't allowed access to the /var/tmp/ directory.Are you on a shared hosting plan? That could be the issue.

[jayrav13]

I think it's a bit obvious. =p

Warning: filesize() [function.filesize]: SAFE MODE Restriction in effect. The script whose uid is 163385 is not allowed to access /var/tmp owned by uid 0 in /public_html/fJay.php on line 68File Size Temp:

It seems you aren't allowed access to the /var/tmp/ directory.Are you on a shared hosting plan? That could be the issue.

HAHA that makes sense. I'm on a university server. That could be the problem lol. I'll email them asking if there is any way they can grant me access. Does the other warning have anything to do with access and such?