Closed Thread Icon

Topic awaiting preservation: PHP file uploads issue... (Page 1 of 1) Pages that link to <a href="https://ozoneasylum.com/backlink?for=12700" title="Pages that link to Topic awaiting preservation: PHP file uploads issue... (Page 1 of 1)" rel="nofollow" >Topic awaiting preservation: PHP file uploads issue... <span class="small">(Page 1 of 1)</span>\

 
Thumper
Paranoid (IV) Inmate

From: Deeetroit, MI. USA
Insane since: Mar 2002

posted posted 04-22-2003 17:44

Ok, I have a simple little upload script I wanted to use. Unfortunately, the files are uploading themselves into my C:\WINDOWS directory. I am wondering if this has something to do with how I configured php.ini, but it seems everything is in place. My temp upload dir is NOT C:\WINDOWS, and even then, the script should be putting it somewhere else anyway. Is there something that I am missing here? I am running Apache, PHP 4.2.2, MySQL on WinXP.

When viewing phpinfo(), under "Apache Environment", the system root is set at C:\WINDOWS ... Do I have to change this, or is this unchangeable?

DmS
Paranoid (IV) Inmate

From: Sthlm, Sweden
Insane since: Oct 2000

posted posted 04-22-2003 20:51

What I usually do is let the file land wherever the setup takes it, then I use "copy ( string source, string dest)" or "move_uploaded_file ( string filename, string destination)" to wherever I want it to be placed. This has worked just fine and dandy on both win & linux installations.

The only thing that differs is the path to the directory that the file should be saved in, on my win installs (currently the same as you) I start from the folder the script resides in, on linux I start at the system root (usually /users/bleh...)

/Dan

{cell 260}
-{ a vibration is a movement that doesn't know which way to go }-

Thumper
Paranoid (IV) Inmate

From: Deeetroit, MI. USA
Insane since: Mar 2002

posted posted 04-22-2003 23:10

That's a good idear DmS. Thanks! I take it there is no workaround in configuring PHP or Apache then?

WarMage
Maniac (V) Mad Scientist

From: Rochester, New York, USA
Insane since: May 2000

posted posted 04-22-2003 23:56

I think you should show us your script. I would definately not want anything having the ability to upload into my windows directory. That is a sure fire way to make sure your system gets hacked to bloody hell and back.

Please show us your script and even your php.ini configuration. Maybe we can figure out what is going wrong, and help you to fix it so you are not running with some really unstable scripts.


Me

DmS
Paranoid (IV) Inmate

From: Sthlm, Sweden
Insane since: Oct 2000

posted posted 04-23-2003 10:02

Perhaps I should have added that my windows install is strictly development only, no outside access... And Yes! In a production/live enviroment the paths MUST be set correctly.

On my real host this is already taken care of in their setup, that's why I can do it this way.

/Dan

{cell 260}
-{ a vibration is a movement that doesn't know which way to go }-

Thumper
Paranoid (IV) Inmate

From: Deeetroit, MI. USA
Insane since: Mar 2002

posted posted 04-23-2003 18:34

Silly me...I was not using an absolute path. Everything seems to work now...I think it will take some time to get used to working with a server. Thank you for the help guys.


Thumper
Paranoid (IV) Inmate

From: Deeetroit, MI. USA
Insane since: Mar 2002

posted posted 04-23-2003 18:37

Here is the code anyways:

code:
<FORM ENCTYPE="multipart/form-data" ACTION="imageupload.php" METHOD="POST">
The file: <INPUT TYPE="file" NAME="userfile">
<INPUT TYPE="submit" VALUE="Upload">
</FORM>

<?php

$path = "C:\path\to\upload\dir\\";
$max_size = 200000;

if (!isset($HTTP_POST_FILES['userfile'])) exit;

if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {

if ($HTTP_POST_FILES['userfile']['size']>$max_size) { echo "The file is too big<br>\n"; exit; }
if (($HTTP_POST_FILES['userfile']['type']=="image/gif") &#0124; &#0124; ($HTTP_POST_FILES['userfile']['type']=="image/pjpeg") &#0124; &#0124; ($HTTP_POST_FILES['userfile']['type']=="image/jpeg")) {

if (file_exists($path . $HTTP_POST_FILES['userfile']['name'])) { echo "The file already exists<br>\n"; exit; }

$res = copy($HTTP_POST_FILES['userfile']['tmp_name'], $path .
$HTTP_POST_FILES['userfile']['name']);
if (!$res) { echo "upload failed!<br>\n"; exit; } else { echo "upload sucessful<br>\n"; }

echo "File Name: ".$HTTP_POST_FILES['userfile']['name']."<br>\n";
echo "File Size: ".$HTTP_POST_FILES['userfile']['size']." bytes<br>\n";
echo "File Type: ".$HTTP_POST_FILES['userfile']['type']."<br>\n";
} else { echo "Wrong file type<br>\n"; exit; }

}

?>



« BackwardsOnwards »

Show Forum Drop Down Menu