Jump to content

Archived

This topic is now archived and is closed to further replies.

phpstuck

Upload Script lying to me

Recommended Posts

Simple stuff to some I know, but this is my first attempt as I have never needed it before. Before anyone tells me this is insecure I know, I have removed all checks and restrictions to make this as simple as possible for me to break down, I will add security as soon as I can figure out why it says successful yet puts nothing in the server folder.

I created a folder named "uploads" on the server and changed the permissions to 777

Then I use this HTML to gather the file for upload
uploadtest.html
[code]
<form method="POST" enctype="multipart/form-data" action="me.php">
  <p>
  Select a file:
  <input type="file" name="upfile"><br>
  <br>
  <br>
  <br>
  <input type="submit" value="Upload"></p>
</form>
[/code]

Then I created this to process the posted data
me.php
[code]
<?php
$uploaddir = "uploads";
$uploadfile = $uploaddir . $_FILES['upfile']['name'];
if (move_uploaded_file($_FILES['upfile']['tmp_name'],
$uploadfile)) {
  print("File upload was successful");
  } else {
    print("File upload failed");
  }

?>
[/code]

When I run the script live on my server I get the "File upload was successful" message, but when I check the folder on the sever nothing was actually uploaded.

Any help would be really appriciated :-)



Share this post


Link to post
Share on other sites
Ok that problem is fixed by changing the code as follows, uploads work fine.

[code]<?php
error_reporting(E_ALL & ~E_NOTICE);
$uploaddir = "uploads/";
$filename = trim($_FILES['upfile']['name']);
$filename = substr($filename, -15);
$filename = ereg_replace(" ", "",$filename);
if((ereg(".jpg", $filename)) || (ereg(".gif", $filename))) {
    $uploadfile = $uploaddir . $filename;
    if (move_uploaded_file($_FILES['upfile']['tmp_name'],
    $uploadfile)) {
      chmod($uploadfile, 0644);
      print("File upload was successful");
      } else {
        print("File upload failed");
      }
      } else {
        print("Only images in .gif or .jpg extentions are allowed, upload failed!");
        }
?>
[/code]

But I sure would like to know how to change the filename after submission to something unique so I don't ever end up with two files of the same name with one overwritting the other :-)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.