[php]uploadingscript

[Jack McKalling]

Hi, this is the first time I start making scripts to upload files. I'm not a php newbee but no expert either. And I work in Xhtml instead of html.This is my code, which is an html test for what will be later an Xhtml page:

<?phpif (empty($_FILES['Movie']) == true) {echo "\r\n<form enctype=\"multipart/form-data\" action=\"{$_SERVER['PHP_SELF']}\" method=\"post\">",  "\r\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"3000\" />",  "\r\nUpload: <input type=\"file\" name=\"Movie\" /><br />",  "\r\n<button type=\"submit\">Upload!</button>\r\n</form>"; }else {  if (is_uploaded_file($_FILES['Movie']['tmp_name'])) {      copy($_FILES['Movie']['tmp_name'], "/profmemberone/Art/{$_FILES['Movie']['name']}");  } else {      echo "Mogelijke aanval gespot: " . $_FILES['Movie']['name'];  }  echo "Uploaden gelukt! klik hier: <a href=\"/profmemberone/Art/{$_FILES['Movie']['name']}\">Film</a>"; }?>

It seems to be working partly, what have I done wrong?There appears to be no error, while ['error'] returns UPLOAD_ERR_OK.But still the file does not appear in the directory, and if I change the copy() instruction into copy() or die($message); it would show the message :)Can somebody help me?

[skym]

Is /profmemberone/Art/ set to 777 ?

[Jack McKalling]

No it isn't, while in that directory are more files which are secret. I used it for testing this thing.I created a new folder inside it, changed the urls inside the code into /profmemberone/Art/movies and chmodded that one into 777, but still doesn't work

[skym]

Instead of an absolute path, use relative path, like ./profmemberone/Art/movies/Also check if the MAX_FILE_SIZE is not too small.

[Jack McKalling]

Thats what I have already as you can see :)But might there be difference between /profmemberone/.. which is my user root directory, and /usr/htdocs/.. something that is the root of the server? (both begin with a slash and point to 'root')[*Edit:] No maxfile size is 3000, and my file is 2000 something (I checked with $_FILES['Movie']['size'])

Edited May 21, 2006 by Dan The Prof

[skym]

Yes, sorry, this is what I meant, a path relative to the script, and not relative to the root.

[Jack McKalling]

So a path like this: Art/movies instead of my user root /profmemberone/Art/movies? (this file is in the root)

[skym]

I mean if the script would be at www.site.com/script/myscript.phpand the target folder would be www.site.com/profmemberone/Art/movies/then use ../profmemberone/Art/movies/

[Jack McKalling]

I don't understand that one.My host is http://dhost.info/ and my root directory is http://dhost.info/profmemberone.The uploading file is located in that root, and Art/movies also is. So the uploading file is this:http://dhost.info/profmemberone/file.phpAnd the target of the uploaded file is this:http://dhost.info/profmemberone/Art/moviesSo, do you mean my relative url in this case would be Art/movies?

[skym]

Then try with ./Art/movies/

[Jack McKalling]

Should there be a dot infront? What does a single dot mean? It didn't work with that relative url, and now I have tried using errors like this:

<?phpif (empty($_FILES['userfile']) == true) {echo "\r\n<form enctype=\"multipart/form-data\" action=\"{$_SERVER['PHP_SELF']}\" method=\"post\">",  "\r\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\" />",  "\r\nUpload: <input type=\"file\" name=\"userfile\" /><br />",  "\r\n<button type=\"submit\">Upload!</button>\r\n</form>"; }else {  if (move_uploaded_file($_FILES['userfile']['tmp_name'], "./Art/movies/{$_FILES['userfile']['name']}"))  { echo "Uploaden gelukt! klik hier: <a href=\"/profmemberone/Art/movies/{$_FILES['userfile']['name']}\">Film</a>";  } else  { echo "Uploaden mislukt: " . $_FILES['userfile']['name'] ."<br />\r\n";    if ($_FILES['userfile']['size'] > 3000) echo "File too big!";    elseif ($_FILES['userfile']['type'] != "text/plain") echo "No correct filetype!";    elseif ($_FILES['userfile']['error'] != 0) echo "error: ".$_FILES['userfile']['error'];    elseif (file_exists("{$_FILES['userfile']['tmp_name']}") == false) echo "File not received!";    elseif (file_exists("/profmemberone/Art/movies/{$_FILES['userfile']['name']}") == false) echo "Moving file failed!";    else print_r($_FILES);  }}?>

(the red coloured text appeared after trying) Edited May 21, 2006 by Dan The Prof

[skym]

./ means current directory. If there wouldn't be the dot, then the / will take you the the server root (that /usr/htdocs/...).

[Jack McKalling]

But removing both the dot and the slash would mean the same right?See the new code above what happened now

[skym]

<?phpif (empty($_FILES['userfile']) == true) {echo "\r\n<form enctype=\"multipart/form-data\" action=\"{$_SERVER['PHP_SELF']}\" method=\"post\">",  "\r\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\" />",  "\r\nUpload: <input type=\"file\" name=\"userfile\" /><br />",  "\r\n<button type=\"submit\">Upload!</button>\r\n</form>"; }else {  if (move_uploaded_file($_FILES['userfile']['tmp_name'], "./Art/{$_FILES['userfile']['name']}"))  { echo "Uploaden gelukt! klik hier: <a href=\"/sabin/Art/{$_FILES['userfile']['name']}\">Film</a>";  } else  { echo "Uploaden mislukt: " . $_FILES['userfile']['name'] ."<br />\r\n";    if ($_FILES['userfile']['size'] > 30000) echo "File too big!";    elseif ($_FILES['userfile']['type'] != "text/plain") echo "No correct filetype!";    elseif ($_FILES['userfile']['error'] != 0) echo "error: ".$_FILES['userfile']['error'];    elseif (file_exists("{$_FILES['userfile']['tmp_name']}") == false) echo "File not received!";    elseif (file_exists("/sabin/Art/{$_FILES['userfile']['name']}") == false) echo "Moving file failed!";    else print_r($_FILES);  }}?>

This code just worked for me.I have the script at www.site.com/sabin/file.phpthe target folder at www.site.com/sabin/Art/ and set to 777.(also increased to 30000 because I couldn't find fast a <3000 bytes txt )

[Jack McKalling]

Didn't work It still says "Moving File Failed!"I'd like to give the actual link to this file, but someoneelse might use it to corrupt my directory (in the link I gave earlier it had a different name)

[justsomeguy]

As far as I know you have to specify the absolute path, which is the server path, not the http or virtual directory path. It has to be the true path. Print the value of the constant __FILE__ to see where your script is located. If you are creating error logs, you can use the constants __FILE__ and __LINE__ to say which file and line the error happened on.

[Jack McKalling]

The uploading part of the script works for me now, but I notice the file has not standard permissions 644, so I want to CHMOD it to 644.So I edit the code with a little help of someone at the forums of my host, it worked, but the next day it didn't :)Whats wrong with this code:

<?phpif (empty($_FILES['userfile']) == true) {  echo "\r\n<form enctype=\"multipart/form-data\" action=\"{$_SERVER['PHP_SELF']}\" method=\"post\">",    "\r\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\" />",    "\r\n<input type=\"file\" class=\"text\" name=\"userfile\" /> ",    "\r\n<button type=\"submit\" class=\"button\">Upload!</button>\r\n</form>";}elseif (is_uploaded_file($_FILES['userfile']['tmp_name']) == false) echo("File not received!");elseif (!ereg("^(video/x-msvideo|video/x-ms-wmv|image/gif)$",$_FILES['userfile']['type'])) echo("No correct filetype!");elseif ($_FILES['userfile']['size'] > 30000) echo("File too big!");elseif ($_FILES['userfile']['error'] != 0) echo("Error: ".$_FILES['userfile']['error']);else{ if (move_uploaded_file($_FILES['userfile']['tmp_name'], "../Art/movies/{$_FILES['userfile']['name']}"))  { if (!chmod("Art/movies/{$_FILES['userfile']['name']}",0644)) echo("Permissioning file failed!");    else echo("Uploaden gelukt! klik hier: <a href=\"/profmemberone/Art/movies/{$_FILES['userfile']['name']}\">Film</a>");  } else {    echo "Uploaden mislukt: " . $_FILES['userfile']['name'] ."<br />\r\n";    if (file_exists("/profmemberone/Art/movies/{$_FILES['userfile']['name']}") == false)      echo("Moving file failed!");    else print_r($_FILES);  }}?>

(the red will show up on trial)

[justsomeguy]

../Art/movies/{$_FILES['userfile']['name']}Art/movies/{$_FILES['userfile']['name']}When in doubt, print out the name of the file and make sure it's actually what you're trying to do.

[Jack McKalling]

Thank you very much!! :)It was just all confusing, all those links and changes that were made, its just a simple parentdirectory sign.. lol, thanks again This topic may be closed (all works now, completely and entirely)