Jump to content

PHP Upload image to server

tpstudent

By tpstudent
in PHP Coding Help

 Share

Recommended Posts

tpstudent Newbie

tpstudent

Posted
Posted

Hi, I had create a upload picture into the server.It is able to work on the WAMP server and upload successfully. However, I faced some error when I upload into the server.

 

Warning: copy(): open_basedir restriction in effect. File(/images/uploaded/1221651842.jpg) is not within the allowed path(s): (/var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs:/tmp) in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 138

 

Warning: copy(/images/uploaded/1221651842.jpg): failed to open stream: Operation not permitted in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 138

 

 

I believe is the php path of the folder i want to import to.

 

  <?php
				$submitted = isset($_POST['formSubmitted']);
				$success = FALSE;	

$staffid=$_SESSION['staffid'];
/////////////////////////////////////SQL///////////////////////////////////

				require_once('staffSql.php');

				mysql_select_db($dbname);

				$_SESSION['staffid'] = $staffid;

				//Query the database to see if the given username/password combination is valid.
				$query = "SELECT photo FROM staff WHERE staffid='$staffid'";

				//$result = mysql_query($query);	 	
				$result = mysql_fetch_array(mysql_query($query));
			//$password=$row['password'];	
			$photo= $result['photo'];


				//define a maxim size for the uploaded images in Kb 
	define ("MAX_SIZE","81920"); 
//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension. 
	function getExtension($str) {
         $i = strrpos($str,".");         
	 if (!$i) { 
	 	return ""; 
	 }         
	 $l = strlen($str) - $i;         
	 $ext = substr($str,$i+1,$l);         
	 return $ext; 
	 }
	 //This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
	 //and it will be changed to 1 if an errro occures.  
	 //If the error occures the file will not be uploaded. 
	 $errors=0;
	 //checks if the form has been submitted
	  if(isset($_POST['Submit']))  { 
	  		
	  //reads the name of the file the user submitted for uploading 	
		  $image=$_FILES['image']['name']; 	
		  
		 if (empty($image))  {

			 echo '<span class= "contentText"><font color="red"><center><b>You forgot to browse a image.</b></center></font><br><span>';

			 $errors=1;
		 }



		  //if it is not empty 	
		  if ($image)  	{ 	
		  		$errors=0;
			  //get the original name of the file from the clients machine 		
				$filename = stripslashes($_FILES['image']['name']); 	
			  //get the extension of the file in a lower case format  		
				 $extension = getExtension($filename); 		
				 $extension = strtolower($extension); 	
			  //if it is not a known extension, we will suppose it is an error and will not  upload the file,  	
			  //otherwise we will do more tests 
				if (($extension != "jpg") && ($extension != "jpeg")){	
				$errors=1;	
			  //print error message 			
					echo '<span class= "contentText"><font color="red"><center><b>Unknown file type!</b></center></font><br><span>'; 			

				}//if(ext)

				else{
				  //get the size of the image in bytes 
				  //$_FILES['image']['tmp_name'] is the temporary filename of the file 
				  //in which the uploaded file was stored on the server 
					$size=filesize($_FILES['image']['tmp_name']);
				  //compare the size with the maxim size we defined and print error if bigger

					if ($size > MAX_SIZE*1024){	
						echo '<span class = "contentText"><font color="red"><center><b>You have exceeded the size limit!</b></center></font></span>';	
						$errors=1;
					}//if ($size > MAX_SIZE*1024)


					  //we will give an unique name, for example the time in unix time format
								 $image_name=time().'.'.$extension;;
					  //the new name will be containing the full path where will be stored (images folder)
								 $newname="/images/uploaded/".$image_name;
					  //we verify if the image has been uploaded, and print error instead
						 $copied = copy($_FILES['image']['tmp_name'], $newname);

						 if (!$copied) {	
								echo '<span class = "contentText"><font color="red"><center><b>Upload unsuccessful!<b></center></font></span>';	
								$errors=1;
						}//close of if copied


					}//close of else

			} //if ($image) 

		}//close of if



	 if(isset($_POST['Submit']) && !$errors)  { 	


		  list($width, $height) = getimagesize($newname) ; 
                                                         
              $modwidth = 180; 
                                                         
              $diff = $width / $modwidth;
                                                        
              $modheight = $height / $diff; 
              $tn = imagecreatetruecolor($modwidth, $modheight) ; 
              $image = imagecreatefromjpeg($newname);
		  
		   
		  //$image1 = imagecreatefrompng($newname);
              imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
                                                        
              imagejpeg($tn, $newname, 100) ; 	

				/////////////////////////////////////SQL///////////////////////////////////
				$image = mysql_real_escape_string($_POST["newname"]);
				require_once('staffSql.php');

				mysql_select_db($dbname);

				$_SESSION['staffid'] = $staffid;

				//Query the database to see if the given username/password combination is valid.
				$query = "UPDATE staff SET photo='$newname' WHERE staffid='$staffid'";

				$result = mysql_query($query);	 	


				$success = TRUE;
				echo "<center><span class = 'headerText'>File Uploaded Successfully!</span><BR>
					<span class = 'text'>Click <a href=editImage.php>here</a> to view the photo you had updated.</span></center>"; 

			} 



?>
                <?php 

			if (isset($_SESSION['staffid'])==TRUE) {


				if($success==FALSE) { 

							if($photo == NULL) {

				?>
                <center>
                 <span class="headerText"> Upload your own photo and this will be displayed on the touch screen application.</span>
                    <form name="newad" method="post" enctype="multipart/form-data"  action="">
        <table>
          <tr>
            <td width="275"><div align="center">
              <input type="file" name="image">
              <br>
                  <span class="contentText">  ( <b>ONLY</b> JPEG files below 10mb will be accepted)</span> </div></td>
          </tr>
          <tr>
            <td><div align="center">
              <input name="Submit" type="submit" value="Upload image">
              <input type="hidden" name="formSubmitted" value='TRUE' />
            </div></td>
          </tr>
        </table>
                  </form>
                </center>
              <?php } else {?>
                <center>
                
                  <span class="headerText"> Your current picture is: </span>
                  <P> <?php echo '<img src ="'.$photo.'"/>  ';  ?>
                  <P>
                  <span class="headerText">Upload a new picture:</span>
                  <form name="newad" method="post" enctype="multipart/form-data"  action="">
                    <table>
                      <tr>
                        <td width="265"><div align="center">
                          <input type="file" name="image">
                          <br>
                          <span class="contentText">( <b>ONLY</b> JPEG files below 10mb will be accepted)</span></div></td>
                      </tr>
                      <tr>
                        <td><div align="center">
                          <input name="Submit" type="submit" value="Upload image">
                          <input type="hidden" name="formSubmitted" value='TRUE' />
                        </div></td>
                      </tr>
                    </table>
                  </form>
                </center>
              <?php   } } } else {

					echo '<center><BR>You must be logged in to upload photo!<P></center>';
					echo '<P> <P><P> <P><P> <P><P> <P>';


				}?>

 

Can anyone help???

Link to comment
Share on other sites
tpstudent Newbie

tpstudent

Posted
  • Author
Posted

Is this the error?

 

 $newname="/images/uploaded/".$image_name;

 

or

 

I have to change 

 $copied = copy($_FILES['image']['tmp_name'], $newname);

to 

 $copied = copy($HTTP_POST_FILES['image']['tmp_name'], $newname);

 

How should I go about do it; so that i can upload successfully.

Can anyone help please? :'(

Link to comment
Share on other sites
CroNiX Member

CroNiX

Posted
Posted

It looks like your image path.  If you start the path with a / then it is going to the root directory of the host, not the root dir of your webspace.  Either user a relative url (like images/uploaded with no / in front) or use the full path (/var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/images/uploaded) or whatever it is.

Link to comment
Share on other sites
tpstudent Newbie

tpstudent

Posted
  • Author
Posted

Hi,

 

Thanks for replying.

I tried to change the root path into this.

 

 $newname="var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/images/uploaded/".$image_name;

 

But it did not work.

It comes out this error instead

 

Warning: copy(var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/images/uploaded/1221665140.jpg): failed to open stream: No such file or directory in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 140

 

How do I solve?

Link to comment
Share on other sites
CroNiX Member

CroNiX

Posted
Posted

You are using the full path, so it needs the / in front of /var/....

 

Although I would use the relative path as it is much more portable if you switch servers, you wouldn't have to update your code.

 

Say your structure looks like this:

/httpdocs (root of your webspace)

  /images

  /images/uploads

 

if your script is being run from /httpdocs then use 'images/uploads' for your relative url.

Link to comment
Share on other sites
tpstudent Newbie

tpstudent

Posted
  • Author
Posted

I used this codes

 

 

$newname="images/uploaded/".$image_name;

 

but there is still the same error face.

Warning: copy(images/uploaded/1221666374.jpg): failed to open stream: Permission denied in /var/www/vhosts/sppa.org.sg/subdomains/istaff/httpdocs/editImage.php on line 140

 

The error is from line 140 which is this:

 $copied = copy($_FILES['image']['tmp_name'], $newname);

 

 

Must I change:

 $copied = copy($_FILES['image']['tmp_name'], $newname);

to

$copied = copy($HTTP_POST_FILES['image']['tmp_name'], $newname);

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.