Jump to content

php unknown file upload error


Nuker_Viper
 Share

Recommended Posts

Can anyone tell me what is wrong with this file that keeps saying that this file is invalid. it seems certain jpg files are invalid while others are not. yet they all meet the guidelines establish. ERROR:Upload: americanrobinbird.jpgType: image/pjpegSize: 12.8095703125 KbStored in: /chroot/tmp/phpfryeow Invalid file Invalid file Upload.php file

<?php$query = "SELECT * FROM {$dbprefix}pages ORDER BY hn ASC";$result = mysql_query($query)	 or die(mysql_error());while($row = mysql_fetch_array($result)){extract($row);$options .= "<option value='$pn'>$hn</option>";}$query = "SELECT * FROM {$dbprefix}leftnav ORDER BY name ASC";$result = mysql_query($query)	 or die(mysql_error());while($row = mysql_fetch_array($result)){extract($row);$folderoptions .= "<option value='$link'>$name</option>";}echo "<form action='upload_file.php' method='post' enctype='multipart/form-data'> <label for='file'>Filename:</label> <input type='file' name='file' id='file' /><br /> <label for='file'>File Belonges To:</label> <select name='powner' class='form' />$options</select><br /> <label for='file'>File Folder:</label> <select name='folder' class='form' />$folderoptions</select><br /> <input type='submit' name='submit' value='Submit' /> </form>";?> 

Upload php file:

<?php include("config.php");include("themes/$theme/header.php");?><?php if ($_FILES["file"]["error"] > 0)   {   echo "Error: " . $_FILES["file"]["error"] . "<br />";   } else   {   echo "Upload: " . $_FILES["file"]["name"] . "<br />";   echo "Type: " . $_FILES["file"]["type"] . "<br />";   echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";   echo "Stored in: " . $_FILES["file"]["tmp_name"];   } ?> <?php $allowedExts = array("jpg", "jpeg", "gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/jpg")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts))   {   if ($_FILES["file"]["error"] > 0)	 {	 echo "Error: " . $_FILES["file"]["error"] . "<br />";	 }   else	 {	 echo "Upload: " . $_FILES["file"]["name"] . "<br />";	 echo "Type: " . $_FILES["file"]["type"] . "<br />";	 echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";	 echo "Stored in: " . $_FILES["file"]["tmp_name"];	 }   } else   {   echo "Invalid file";   } ?> <?php $allowedExts = array("jpg", "jpeg", "gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/jpg")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts))   {   if ($_FILES["file"]["error"] > 0)	 {	 echo "Return Code: " . $_FILES["file"]["error"] . "<br />";	 }   else	 {	 echo "Upload: " . $_FILES["file"]["name"] . "<br />";	 echo "Type: " . $_FILES["file"]["type"] . "<br />";	 echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";	 echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";    if (file_exists("$folder/" . $_FILES["file"]["name"]))	   {	   echo $_FILES["file"]["name"] . " already exists. ";	   }	 else	   {   $name = $_FILES["file"]["name"];   $newname = "$folder/$name";    $query = "INSERT INTO {$dbprefix}pictures (plocation, powner) VALUES ('$newname', '$powner')";  $result = mysql_query($query)  or die(mysql_error());  	   move_uploaded_file($_FILES["file"]["tmp_name"],	   "$folder/" . $_FILES["file"]["name"]);	   echo "Stored in: " . "$folder/" . $_FILES["file"]["name"];       echo "<script language=\"Javascript\">alert(\"Success!\");window.location.href = 'index.php?p=Upload';</script>";	   }	 }   } else   {   echo "Invalid file";   } ?>  <?php include("themes/$theme/footer.php");?>

post-103699-0-31498400-1350232293_thumb.jpg

Link to comment
Share on other sites

Try adding to the allowed extensions array "pjpg" or/and "pjpeg" as well as adding to the if statements: $_FILES["file"]["type"] == "image/pjpeg".Just wondering, are you using internet explorer to run the above? If so, what version?

Link to comment
Share on other sites

try to var_dump() the $_FILES array it will let you know which file type are you getting. as the conditions are not met so that the error is showing, first step would be to analyze the variable which are being checking in condition.

Link to comment
Share on other sites

Try adding to the allowed extensions array "pjpg" or/and "pjpeg" as well as adding to the if statements: $_FILES["file"]["type"] == "image/pjpeg". Just wondering, are you using internet explorer to run the above? If so, what version?
IE9. also tried it in firefox. going to add the above corrections and let you know. Update: It works one of those two must of been it. i think it was the "pjpg". i added the other one already. Thanks. Edited by Nuker_Viper
Link to comment
Share on other sites

<form name="upload file" method="post"  enctype="multipart/form-data" action=""><br/>File: <input type="file" name="file1"><br/><input type="submit" value="Start Upload" name="submit"></form><?PHP$allowfiletype='tif,gif,png,jpg,jpeg,doc,docx,xls,xlsx,ppt,pptx,jpg,pdf,zip,rar,txt';$allowedExts=explode(",",$allowfiletype);if (isset($_POST['submit'])){$filetype = explode('.', $_FILES['file1']['name']);$filetype = end($filetype);if (in_array($filetype, $allowedExts)){echo 'Good';}else{echo 'BAD';}}?>

Link to comment
Share on other sites

you didn't have to guess, the information was right here

ERROR:Upload: americanrobinbird.jpgType: image/pjpegSize: 12.8095703125 KbStored in: /chroot/tmp/phpfryeow Invalid file Invalid file
Edited by thescientist
Link to comment
Share on other sites

you didn't have to guess, the information was right here
sometimes you need someone on the outside to see the Obvious because you look too long at it.PLUS i had added the "pjpeg" after i posted this and it was the "pjpg" that i was missing. Edited by Nuker_Viper
Link to comment
Share on other sites

yeah, I had the same problem too, with IE "changing" the type. Took me a little while to figure out why it didn't work only in IE, and then had to back through and debug/log everything in $_FILES

Edited by thescientist
Link to comment
Share on other sites

For reasons like that, I usually only check the extension instead of the mime type. I don't want a future browser with weird mime types to break my upload things, and if someone wants to rename a .exe as a .jpg and upload it I don't really care, they'll just get a broken link in the browser. They can rename a .php file to a .jpg and wouldn't be able to execute it on the server. Besides, you can spoof a mime type as easily as anything else.

Link to comment
Share on other sites

JSG, So you're saying when checks are done like the following, it really isn't good practice because of being able to spoof the mime type?

if($_FILES["file"]["type"] == 'image/jpeg' || $_FILES["file"]["type"] == 'image/pjpeg' || $_FILES["file"]["type"] == 'image/gif' || $_FILES["file"]["type"] == 'image/png' ) {	....}

And instead you only check the extension as it's done like so for example?:

$allowedExts = array("jpg", "jpeg", "gif", "png");$extension = end(explode(".", $_FILES["file"]["name"]));if( in_array($extension, $allowedExts) ){	...}

Thanks.

Edited by Don E
Link to comment
Share on other sites

Not that it isn't good practice, just that it doesn't offer any additional protection and introduces problems caused by browsers sending different mime types for the same types of files. If you're only checking mime type and not extension though, that is definitely bad practice because I can upload a PHP file and tell your server it's an image. In conclusion, always check extensions, and check mime type also if you want to. If you're checking mime types though, be prepared to add to that list if browsers start doing things differently with other files.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...