Jump to content


Photo

Upload Script lying to me


  • Please log in to reply
1 reply to this topic

#1 phpstuck

phpstuck
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 22 June 2006 - 09:12 PM

Simple stuff to some I know, but this is my first attempt as I have never needed it before. Before anyone tells me this is insecure I know, I have removed all checks and restrictions to make this as simple as possible for me to break down, I will add security as soon as I can figure out why it says successful yet puts nothing in the server folder.

I created a folder named "uploads" on the server and changed the permissions to 777

Then I use this HTML to gather the file for upload
uploadtest.html
<form method="POST" enctype="multipart/form-data" action="me.php">
  <p>
  Select a file:
  <input type="file" name="upfile"><br>
  <br>
  <br>
  <br>
  <input type="submit" value="Upload"></p>
</form>

Then I created this to process the posted data
me.php
<?php
$uploaddir = "uploads";
$uploadfile = $uploaddir . $_FILES['upfile']['name'];
if (move_uploaded_file($_FILES['upfile']['tmp_name'],
$uploadfile)) {
  print("File upload was successful");
  } else {
    print("File upload failed");
  }

?>

When I run the script live on my server I get the "File upload was successful" message, but when I check the folder on the sever nothing was actually uploaded.

Any help would be really appriciated :-)





#2 phpstuck

phpstuck
  • Members
  • PipPipPip
  • Advanced Member
  • 59 posts

Posted 23 June 2006 - 12:54 AM

Ok that problem is fixed by changing the code as follows, uploads work fine.

<?php
error_reporting(E_ALL & ~E_NOTICE);
$uploaddir = "uploads/";
$filename = trim($_FILES['upfile']['name']);
$filename = substr($filename, -15);
$filename = ereg_replace(" ", "",$filename);
if((ereg(".jpg", $filename)) || (ereg(".gif", $filename))) {
    $uploadfile = $uploaddir . $filename;
    if (move_uploaded_file($_FILES['upfile']['tmp_name'],
    $uploadfile)) {
      chmod($uploadfile, 0644);
      print("File upload was successful");
      } else {
        print("File upload failed");
      }
      } else {
        print("Only images in .gif or .jpg extentions are allowed, upload failed!");
        }
?>

But I sure would like to know how to change the filename after submission to something unique so I don't ever end up with two files of the same name with one overwritting the other :-)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users