question

[Ninjakreborn]

I have a few questions on how to work this out with files.
I have this script so far.
[code]$management = true;
$errorhandler = "";
$filemanager = true;

        if ($_POST['name'] == "") {
        $errorhandler .= "The Name field has been left blank<br />";
        }
        if ($_POST['keywords'] == "") {
        $errorhandler .= "The Keywords were left blank<br />";
        }
        
    if(!is_uploaded_file($_FILES['file']['tmp_name'])){
        $errorhandler .= "No file has been uploaded<br />";
        $filemanager = false;
        }
        
        if ($filemanager == true) {
$_accepted_extensions = array('.mpeg', '.mpg', '.wav', '.avi', '.mid', '.htm', '.jpg', '.jpeg', '.jfif', '.pdf', '.txt', '.wav', '.html', '.gif', '.mp2', '.mp3', '.bmp');
    if ($filemanager == true) {
                    $tmp = pathinfo($_FILES['file']['name']);
                if (in_array('.' . $tmp['extension'],$_accepted_extensions)) {
                    $filemanager = true;
                    $management = true;
                        }else {
                        $filemanager = false;
                        $management = false;
                        $errorhandler .= "You have attempted to upload the wrong file type<br />";
                        $errorhandler .= "We only accept mpeg, mpg, wav, avi, mid, midi, doc, htm, jpg<br />";
                        $errorhandler .= "jpeg, jfif, pdf, txt, wav, html, gif, qt, mp2, mp3 formats<br />";
                        $errorhandler .= "To request new file types email<br />";
                        $errorhandler .= "information@theyellowpagesnetwork.com";
                        }
                    }
                }
                    
            if ($management == false || $filemanager == false) {
                echo "{$errorhandler}";
                }
                    [/code]
Ok This is what I have so far.
Everything works great, I check the form over on
www.funnyemailforwards.com and I handle it here.
I set my script at the top, I go through checking for blank space, then checking if the file was uploaded, if it uploaded I check for file extensions, then it gets down there, and if there were any errors encountered it displays error messages. But I have to get advice on a few things

1. Are those good or bad files to download, s hould I add or remove some extensions.

2. How do I move the files over to a folder, and should I embed them in teh page, or leave them as downloadable links, how do I get the pages to imbed automatically, with each upload

3.The hardest thing is I have to set up to where I record the url of them and everythign including date, into a database, and then get something to send my client an email, he can accept/decline the entry, if he declines I need it to remove tha tentry from the database, and if not leave it alone, but I need the email to be directly related to the file that was entered, I don't know how to set this up.

I really need advice any and all advice you could give would be greatly appreciated.

[Travis Estill]

The file types you're accepting are fine. To be on the safe side, you should convert questionable characters in HTML files to ampersand commands (with the htmlspecialchars() function). No telling what kind of code could be injected.

It would probably be best to move uploaded files to a different directory like this:

[code]
if (!move_uploaded_file($_FILES['file']['tmp_name'], "../storage"))
    {
    $errorhandler .= "Your file was not uploaded properly.<br />";
    $filemanager = false;
    }
[/code]

I could probably help you with that last part. What kind of a database are you using?

Travis

[Ninjakreborn]

Ok here is what I have done.
I wrote up this script now with the pieces I have put together, everything still works except one thing, and that is getting the file into the folder, there is so much more I have to do with this script, but first, I have to get the file to go into another folder, and learn how to comfortably get that to happen, and understand the elements, this is what i have currently.
[code]<?php
$management = true;
$errorhandler = "";
$filemanager = true;

        if ($_POST['name'] == "") {
        $errorhandler .= "The Name field has been left blank<br />";
        }
        if ($_POST['keywords'] == "") {
        $errorhandler .= "The Keywords were left blank<br />";
        }
        
    if(!is_uploaded_file($_FILES['file']['tmp_name'])){
        $errorhandler .= "No file has been uploaded<br />";
        $filemanager = false;
        }
        
        if ($filemanager == true) {
$_accepted_extensions = array('.mpeg', '.mpg', '.wav', '.avi', '.mid', '.htm', '.jpg', '.jpeg', '.jfif', '.pdf', '.txt', '.wav', '.html', '.gif', '.mp2', '.mp3', '.bmp');
    if ($filemanager == true) {
                    $tmp = pathinfo($_FILES['file']['name']);
                if (in_array('.' . $tmp['extension'],$_accepted_extensions)) {
                    $filemanager = true;
                    $management = true;
                        }else {
                        $filemanager = false;
                        $management = false;
                        $errorhandler .= "You have attempted to upload the wrong file type<br />";
                        $errorhandler .= "We only accept mpeg, mpg, wav, avi, mid, midi, doc, htm, jpg<br />";
                        $errorhandler .= "jpeg, jfif, pdf, txt, wav, html, gif, qt, mp2, mp3 formats<br />";
                        $errorhandler .= "To request new file types email<br />";
                        $errorhandler .= "information@theyellowpagesnetwork.com";
                        }
                    }
                }
                
        if ($filemanager == true) {
                if (!move_uploaded_file($_FILES['file']['tmp_name'], "./storage"))
    {
    $errorhandler .= "Your file was not uploaded properly.<br />";
    $filemanager = false;
                $manager = false;
    }
            }
                
                        if ($management == false || $filemanager == false) {
                echo "{$errorhandler}";
                }else {
                echo "Everything Worked out properly and the file should be uploaded";
                }
                
?>[/code]
Ok this is the error I am getting, I need to figure out what is causing this, here is the error.

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Warning: move_uploaded_file(./storage): failed to open stream: Permission denied in /home/all/funnyemailforwards/public_html/apex/acceptfiles.php on line 38

Warning: move_uploaded_file(): Unable to move '/tmp/phpts6OYc' to './storage' in /home/all/funnyemailforwards/public_html/apex/acceptfiles.php on line 38
Your file was not uploaded properly.[/quote]
the the "your file was not uploaded properly" is a message that is appended to

[code]        if ($filemanager == true) {
                if (!move_uploaded_file($_FILES['file']['tmp_name'], "./storage"))
    {
    $errorhandler .= "Your file was not uploaded properly.<br />";
    $filemanager = false;
                $manager = false;
    }
            }[/code]
So that is the only part of the script that currently is not functional. Any advice, here is some of the info I have from my phpinfo page that might have something to do with it, below that is a url to the website.


[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Virtual Directory Support disabled
Configuration File (php.ini) Path /usr/local/lib/php.ini
PHP API 20020918
PHP Extension 20020429
Zend Extension 20050606
Debug Build no
Zend Memory Manager enabled
Thread Safety disabled
Registered PHP Streams php, http, ftp, https, ftps, compress.zlib
allow_call_time_pass_reference On On
allow_url_fopen On On
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 2039 2039
expose_php On On
extension_dir ./ ./
file_uploads On On
gpc_order GPC GPC
highlight.bg #FFFFFF #FFFFFF
highlight.comment #FF8000 #FF8000
highlight.default #0000BB #0000BB
highlight.html #000000 #000000
highlight.keyword #007700 #007700
highlight.string #DD0000 #DD0000
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/local/lib/php .:/usr/local/lib/php
log_errors Off Off
log_errors_max_len 1024 1024
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
max_execution_time 30 30
max_input_time 60 60
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 8M 8M
precision 12 12
register_argc_argv On On
register_globals On On
report_memleaks On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
sendmail_from no value no value
sendmail_path /usr/sbin/sendmail -t -i /usr/sbin/sendmail -t -i
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 2M 2M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS
xmlrpc_error_number 0 0
xmlrpc_errors Off Off
y2k_compliance On On [/quote]
I ALWAYS have register_globals off, but I have absolutely no choice on this server, there are three other programmers working on other sites on the same server, and one of them has to redo like 2000 lines of code to make it ready for register_globals off I warned them of security, and they are currently preparing to change that,
as for the url
[a href=\"http://www.funnyemailforwards.com\" target=\"_blank\"]Funny Email Forwards[/a]

[Travis Estill]

That "../storage" string was just an example. You'll need a separate folder with proper permissions. For example, create a new folder under that "apex" folder called "uploads". You should then be able to change that new folder's permissions through FTP; change it to "777" (read/write/execute all checked). Now you can write files to that new folder in PHP...

[code]// Relative URL with desired folder name and the name of the file on the user's machine
$newfile = "uploads/".basename($_FILES['file']['name']);

// Attempt to move temporary file to relative URL
if (!move_uploaded_file($_FILES['file']['tmp_name'], $newfile))
    {
    $errorhandler .= "Your file was not uploaded properly.<br />";
    $filemanager = false;
    $manager = false;
    }[/code]

[Ninjakreborn]

I don't get it
[code]Warning: move_uploaded_file(uploads/dbinfo.txt): failed to open stream: Permission denied in /home/all/funnyemailforwards/public_html/apex/acceptfiles.php on line 40

Warning: move_uploaded_file(): Unable to move '/tmp/php4M8yWi' to 'uploads/dbinfo.txt' in /home/all/funnyemailforwards/public_html/apex/acceptfiles.php on line 40
Your file was not uploaded properly.[/code]
I have never had permission issue's I don't understand what this means, I don't have any way to set permissions using dreamweaver's ftp.

[Travis Estill]

I'm not familiar with Dreamweaver. Try this in Internet Explorer:

1. Put the following in your address bar (sub in [u]your[/u] [i]username[/i] and [i]password[/i] for the FTP server):

ftp://[i]username[/i]:[i]password[/i]@www.funnyemailforwards.com

2. Navigate to "public_html/apex".

3. Right click on the "uploads" folder and choose properties.

4. In the permissions section, check all the boxes, and hit OK.

Run your script again.

[Ninjakreborn]

he he
How did you figure that out, this will come in handy thanks.

[kenrbnsn]

What you were missing was that the "user" trying to store the move file is not the username that you use to upload, but the username that the webserver uses, most likely "nobody". Since by default only the owner of the directory can create/add files to directories created by the owner, the "permission" error was generated when the webserver tried to store a file there. The the other poster had you do was give permission to everybody to be able to create files in that directory.

Ken

[Ninjakreborn]

That is good, either way it's working now, completely I had another question now, I am moving on to the next step, how do I check the folder to see if the file already exists. If I try to upload a file, and it is alread on teh server folder, will it just overwrite the other one or what?

[AndyB]

[!--quoteo(post=387010:date=Jun 22 2006, 06:49 PM:name=businessman332211)--][div class=\'quotetop\']QUOTE(businessman332211 @ Jun 22 2006, 06:49 PM) [snapback]387010[/snapback][/div][div class=\'quotemain\'][!--quotec--]
how do I check the folder to see if the file already exists.[/quote]
[a href=\"http://ca.php.net/manual/en/function.file-exists.php\" target=\"_blank\"]function file-exists()[/a]

[!--quoteo(post=387010:date=Jun 22 2006, 06:49 PM:name=businessman332211)--][div class=\'quotetop\']QUOTE(businessman332211 @ Jun 22 2006, 06:49 PM) [snapback]387010[/snapback][/div][div class=\'quotemain\'][!--quotec--]
If I try to upload a file, and it is alread on teh server folder, will it just overwrite the other one or what?[/quote]
You could test it and let us know the answer.

[Ninjakreborn]

hmm I created this and it seems to work so. If it doesn't exist then it enters it

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]if ($management === true && $filemanager === true) {
$newfile = "uploads/".basename($_FILES['file']['name']);
$newfiletemp = "{$_FILES[file][tmp_name]}";
if (!file_exists($newfile)) {
if (!move_uploaded_file($newfiletemp, $newfile)) {
$errorhandler .= "Your file was not uploaded properly.<br />";
$filemanager = false;
$management = false;
}
}
}[/quote]