Jump to content

PHP Upload image to server

tpstudent

By tpstudent
in PHP Coding Help

Recommended Posts

tpstudent Newbie

tpstudent

Posted
Posted

Hi, I had create a upload picture into the server.It is able to work on the WAMP server and upload successfully. However, I faced some error when I upload into the server.

 

Warning: copy(): open_basedir restriction in effect. File(/images/uploaded/1221651842.jpg) is not within the allowed path(s): (/var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs:/tmp) in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 138

 

Warning: copy(/images/uploaded/1221651842.jpg): failed to open stream: Operation not permitted in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 138

 

 

I believe is the php path of the folder i want to import to.

 

  <?php
				$submitted = isset($_POST['formSubmitted']);
				$success = FALSE;	

$staffid=$_SESSION['staffid'];
/////////////////////////////////////SQL///////////////////////////////////

				require_once('staffSql.php');

				mysql_select_db($dbname);

				$_SESSION['staffid'] = $staffid;

				//Query the database to see if the given username/password combination is valid.
				$query = "SELECT photo FROM staff WHERE staffid='$staffid'";

				//$result = mysql_query($query);	 	
				$result = mysql_fetch_array(mysql_query($query));
			//$password=$row['password'];	
			$photo= $result['photo'];


				//define a maxim size for the uploaded images in Kb 
	define ("MAX_SIZE","81920"); 
//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension. 
	function getExtension($str) {
         $i = strrpos($str,".");         
	 if (!$i) { 
	 	return ""; 
	 }         
	 $l = strlen($str) - $i;         
	 $ext = substr($str,$i+1,$l);         
	 return $ext; 
	 }
	 //This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
	 //and it will be changed to 1 if an errro occures.  
	 //If the error occures the file will not be uploaded. 
	 $errors=0;
	 //checks if the form has been submitted
	  if(isset($_POST['Submit']))  { 
	  		
	  //reads the name of the file the user submitted for uploading 	
		  $image=$_FILES['image']['name']; 	
		  
		 if (empty($image))  {

			 echo '<span class= "contentText"><font color="red"><center><b>You forgot to browse a image.</b></center></font><br><span>';

			 $errors=1;
		 }



		  //if it is not empty 	
		  if ($image)  	{ 	
		  		$errors=0;
			  //get the original name of the file from the clients machine 		
				$filename = stripslashes($_FILES['image']['name']); 	
			  //get the extension of the file in a lower case format  		
				 $extension = getExtension($filename); 		
				 $extension = strtolower($extension); 	
			  //if it is not a known extension, we will suppose it is an error and will not  upload the file,  	
			  //otherwise we will do more tests 
				if (($extension != "jpg") && ($extension != "jpeg")){	
				$errors=1;	
			  //print error message 			
					echo '<span class= "contentText"><font color="red"><center><b>Unknown file type!</b></center></font><br><span>'; 			

				}//if(ext)

				else{
				  //get the size of the image in bytes 
				  //$_FILES['image']['tmp_name'] is the temporary filename of the file 
				  //in which the uploaded file was stored on the server 
					$size=filesize($_FILES['image']['tmp_name']);
				  //compare the size with the maxim size we defined and print error if bigger

					if ($size > MAX_SIZE*1024){	
						echo '<span class = "contentText"><font color="red"><center><b>You have exceeded the size limit!</b></center></font></span>';	
						$errors=1;
					}//if ($size > MAX_SIZE*1024)


					  //we will give an unique name, for example the time in unix time format
								 $image_name=time().'.'.$extension;;
					  //the new name will be containing the full path where will be stored (images folder)
								 $newname="/images/uploaded/".$image_name;
					  //we verify if the image has been uploaded, and print error instead
						 $copied = copy($_FILES['image']['tmp_name'], $newname);

						 if (!$copied) {	
								echo '<span class = "contentText"><font color="red"><center><b>Upload unsuccessful!<b></center></font></span>';	
								$errors=1;
						}//close of if copied


					}//close of else

			} //if ($image) 

		}//close of if



	 if(isset($_POST['Submit']) && !$errors)  { 	


		  list($width, $height) = getimagesize($newname) ; 
                                                         
              $modwidth = 180; 
                                                         
              $diff = $width / $modwidth;
                                                        
              $modheight = $height / $diff; 
              $tn = imagecreatetruecolor($modwidth, $modheight) ; 
              $image = imagecreatefromjpeg($newname);
		  
		   
		  //$image1 = imagecreatefrompng($newname);
              imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
                                                        
              imagejpeg($tn, $newname, 100) ; 	

				/////////////////////////////////////SQL///////////////////////////////////
				$image = mysql_real_escape_string($_POST["newname"]);
				require_once('staffSql.php');

				mysql_select_db($dbname);

				$_SESSION['staffid'] = $staffid;

				//Query the database to see if the given username/password combination is valid.
				$query = "UPDATE staff SET photo='$newname' WHERE staffid='$staffid'";

				$result = mysql_query($query);	 	


				$success = TRUE;
				echo "<center><span class = 'headerText'>File Uploaded Successfully!</span><BR>
					<span class = 'text'>Click <a href=editImage.php>here</a> to view the photo you had updated.</span></center>"; 

			} 



?>
                <?php 

			if (isset($_SESSION['staffid'])==TRUE) {


				if($success==FALSE) { 

							if($photo == NULL) {

				?>
                <center>
                 <span class="headerText"> Upload your own photo and this will be displayed on the touch screen application.</span>
                    <form name="newad" method="post" enctype="multipart/form-data"  action="">
        <table>
          <tr>
            <td width="275"><div align="center">
              <input type="file" name="image">
              <br>
                  <span class="contentText">  ( <b>ONLY</b> JPEG files below 10mb will be accepted)</span> </div></td>
          </tr>
          <tr>
            <td><div align="center">
              <input name="Submit" type="submit" value="Upload image">
              <input type="hidden" name="formSubmitted" value='TRUE' />
            </div></td>
          </tr>
        </table>
                  </form>
                </center>
              <?php } else {?>
                <center>
                
                  <span class="headerText"> Your current picture is: </span>
                  <P> <?php echo '<img src ="'.$photo.'"/>  ';  ?>
                  <P>
                  <span class="headerText">Upload a new picture:</span>
                  <form name="newad" method="post" enctype="multipart/form-data"  action="">
                    <table>
                      <tr>
                        <td width="265"><div align="center">
                          <input type="file" name="image">
                          <br>
                          <span class="contentText">( <b>ONLY</b> JPEG files below 10mb will be accepted)</span></div></td>
                      </tr>
                      <tr>
                        <td><div align="center">
                          <input name="Submit" type="submit" value="Upload image">
                          <input type="hidden" name="formSubmitted" value='TRUE' />
                        </div></td>
                      </tr>
                    </table>
                  </form>
                </center>
              <?php   } } } else {

					echo '<center><BR>You must be logged in to upload photo!<P></center>';
					echo '<P> <P><P> <P><P> <P><P> <P>';


				}?>

 

Can anyone help???

Link to comment
https://forums.phpfreaks.com/topic/124628-php-upload-image-to-server/
Share on other sites
tpstudent Newbie

tpstudent

Posted
  • Author
Posted

Is this the error?

 

 $newname="/images/uploaded/".$image_name;

 

or

 

I have to change 

 $copied = copy($_FILES['image']['tmp_name'], $newname);

to 

 $copied = copy($HTTP_POST_FILES['image']['tmp_name'], $newname);

 

How should I go about do it; so that i can upload successfully.

Can anyone help please? :'(

CroNiX Member

CroNiX

Posted
Posted

It looks like your image path.  If you start the path with a / then it is going to the root directory of the host, not the root dir of your webspace.  Either user a relative url (like images/uploaded with no / in front) or use the full path (/var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/images/uploaded) or whatever it is.

tpstudent Newbie

tpstudent

Posted
  • Author
Posted

Hi,

 

Thanks for replying.

I tried to change the root path into this.

 

 $newname="var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/images/uploaded/".$image_name;

 

But it did not work.

It comes out this error instead

 

Warning: copy(var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/images/uploaded/1221665140.jpg): failed to open stream: No such file or directory in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 140

 

How do I solve?

CroNiX Member

CroNiX

Posted
Posted

You are using the full path, so it needs the / in front of /var/....

 

Although I would use the relative path as it is much more portable if you switch servers, you wouldn't have to update your code.

 

Say your structure looks like this:

/httpdocs (root of your webspace)

  /images

  /images/uploads

 

if your script is being run from /httpdocs then use 'images/uploads' for your relative url.

tpstudent Newbie

tpstudent

Posted
  • Author
Posted

I used this codes

 

 

$newname="images/uploaded/".$image_name;

 

but there is still the same error face.

Warning: copy(images/uploaded/1221666374.jpg): failed to open stream: Permission denied in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 140

 

The error is from line 140 which is this:

 $copied = copy($_FILES['image']['tmp_name'], $newname);

 

 

Must I change:

 $copied = copy($_FILES['image']['tmp_name'], $newname);

to

$copied = copy($HTTP_POST_FILES['image']['tmp_name'], $newname);

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.