file upload

[ohdang888]

i am creating a script to upload a picture.

 

how do i grab the width, height, and extension of the image?

 

 

Thanks.

[premiso]

imagesx and imagesy

[trq]

getimagesize

[ohdang888]

sweet. thanks..

already running into problems...

 

and this is what i'm getting from it:

 

Possible file upload attack!

Here is some more debugging info:Array

(

)

 

 

File is not uploaded into the directory.

 

Any ideas?

 

this is upload.php

<html>
<head>
<title>Process Uploaded File</title>
</head>
<body>
<?php

$uploaddir = 'images/posters/';
$uploadfile = $uploaddir . basename($_FILES['userFile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userFile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

?>
<br>
<form action="upload.php" method="post"><br>
Type (or select) Filename: <input type="file" name="userFile">
<input type="submit" value="Upload File">
</form>


</body>
</html>

 

thanks

[premiso]

<?php

if (isset($_POST['submit'])) {
$uploaddir = 'images/posters/';
$uploadfile = $uploaddir . basename($_FILES['userFile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userFile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);
}
?>

 

And add

enctype="multipart/form-data"

 

inside of your <form  tag.

[ohdang888]

thanks. I'm getting this error now:

 

Warning:  move_uploaded_file(../images/posters/dog-walk.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/socialap/public_html/posters/upload.php on line 13

 

Warning:  move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/php2K6sRa' to '../images/posters/dog-walk.jpg' in /home/socialap/public_html/posters/upload.php on line 13

 

the directory is structured like this:

the file that upload.php is in also contains images folder, which contains posters folder..

so "images/posters/" would be the correct upload directory, no?

Thanks.

[ohdang888]

OHHHHHH. nvm. permission denied. Must be my server.

[spitfire1945]

hey

 

I had a customized code for my website a couple of ages ago see if you can pull out the relevant info out of it

 

good luck

 

<table align="center" width="500" border="0">

	<tr><td align="center"><b>[bETA VERSION]<br /><br /><span style="color:#ff6600">Why don't you upload your own contribution to this madness:</span></b><br /><Br /></td></tr>
    
    <tr><td align="center">
    
<?php


//define a maxim size for the uploaded images in Kb
define ("MAX_SIZE","2000"); 

  
// Error codes
$errorcode1= "<span style='font-weight:600; color:#ff0000'>ERROR: Hmm! It seems like you were not trying to upload an image. Please stop hacking this website.</span><br /><br />";

$errorcode2= "<span style='font-weight:600; color:#ff0000'>ERROR: You exceeded the file limit. 2 MB or less.</span><br /><br />";

$errorcode3= "<span style='font-weight:600; color:#ff0000'>ERROR: Copy unsuccessfull! We might have screwed up!</span><br /><br />";

$errorcode4= "<span style='font-weight:600; color:#00CC00'>File Uploaded Successfully!</span><br /><br />";

$errorcode5= "<span style='font-weight:600; color:#00CC00'>There Yah go! See I knew you could do it!</span><br /><br />";

$errorcode6= "<span style='float:left; font-weight:600; text-align:center; color:#ff0000'>ERROR: Ok Genius you forgot to put IN the file. Try Again. This time with a file please.</span><br /><br /><br />";

$errorcode7= "<span style='float:left; font-weight:600; text-align:center; color:#ff0000'>ERROR: Your picture's height is too big. The restriction is set to 100 px.</span><br /><br /><br />";

$errorcode8= "<span style='float:left; font-weight:600; text-align:center; color:#ff0000'>ERROR: Your picture's width is too big. The restriction is set to 400 px.</span><br /><br /><br />";

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
		}

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
//and it will be changed to 1 if an error occurs.  
//If the error occurs the file will not be uploaded.
$errors=0;
//checks if the form has been submitted
if(isset($_POST['Submit'])) 
{  

	//reads the name of the file the user submitted for uploading
	$image=$_FILES['image']['name'];
	//if it is not empty
	if (!$image) 
{
echo $errorcode6;
}
else
	{
	//get the original name of the file from the clients machine
		$filename = stripslashes($_FILES['image']['name']);
	//get the extension of the file in a lower case format
  		$extension = getExtension($filename);
		$extension = strtolower($extension);
	//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
//otherwise we will do more tests
		if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
					{
						//print error message
						echo $errorcode1;
						$errors=1;
					}
				else
					{


					//get the size of the image in bytes
					 //$_FILES['image']['tmp_name'] is the temporary filename of the file
					 //in which the uploaded file was stored on the server
					 $size=filesize($_FILES['image']['tmp_name']);



					// check for file dimenstions. 
					list($width, $height) = getimagesize($_FILES['image']['tmp_name']);
					$maxheight = 100;
					$maxwidth = 400;

					if ($width > $maxwidth) {
					echo $errorcode8;	
					$errors=1;
					} 
					elseif ($height > $maxheight) {
					echo $errorcode7;	
					$errors=1;
					} 


					//compare the size with the maxim size we defined and print error if bigger
					if ($size > MAX_SIZE*1024)
					{
						echo $errorcode2 ;
						$errors=1;
					}

					//we will give an unique name, for example the time in unix time format
					$image_name=time().".$extension";
					//the new name will be containing the full path where will be stored (images folder)
					$newname="moderate/".$image_name;
					//we verify if the image has been uploaded, and print error instead
					$copied = copy($_FILES['image']['tmp_name'], $newname);
					if (!$copied) 
					{
						echo $errorcode3;
						$errors=1;
					}
				}
				//If no errors registred, print the success message
				 if(isset($_POST['Submit']) && !$errors && !$better) 
				 {
					echo $errorcode4;
					echo "<script language ='JavaScript'>setTimeout('refresh()', 5000);</script>";
					unset($better);
				 } 
} 
}
?>

</td>
    </tr>
    
	<tr>
    <td align="center"><form name="newad" method="post" enctype="multipart/form-data" action=""><input type="file" name="image" size="30"> <input name="Submit" type="submit" value="Upload"></form><br /><br />
    </td>
    </tr>

    <tr>
    <td>
    
    
</table>

[premiso]

OHHHHHH. nevermind. permission denied. Must be my server.

 

The images directory needs to be 777 I believe so you can write to it, you may also have to do this to the posters folder.