file upload

ohdang888 · December 17, 2008

i am creating a script to upload a picture.

how do i grab the width, height, and extension of the image?

Thanks.

premiso · December 17, 2008

imagesx and imagesy

trq · December 17, 2008

getimagesize

ohdang888 · December 17, 2008

sweet. thanks..

already running into problems...

and this is what i'm getting from it:

Possible file upload attack!

Here is some more debugging info:Array

(

)

File is not uploaded into the directory.

Any ideas?

this is upload.php

<html>
<head>
<title>Process Uploaded File</title>
</head>
<body>
<?php

$uploaddir = 'images/posters/';
$uploadfile = $uploaddir . basename($_FILES['userFile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userFile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

?>
<br>
<form action="upload.php" method="post"><br>
Type (or select) Filename: <input type="file" name="userFile">
<input type="submit" value="Upload File">
</form>


</body>
</html>

thanks

premiso · December 17, 2008

<?php

if (isset($_POST['submit'])) {
$uploaddir = 'images/posters/';
$uploadfile = $uploaddir . basename($_FILES['userFile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userFile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);
}
?>

And add

enctype="multipart/form-data"

inside of your <form tag.

ohdang888 · December 17, 2008

thanks. I'm getting this error now:

Warning: move_uploaded_file(../images/posters/dog-walk.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/socialap/public_html/posters/upload.php on line 13

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/php2K6sRa' to '../images/posters/dog-walk.jpg' in /home/socialap/public_html/posters/upload.php on line 13

the directory is structured like this:

the file that upload.php is in also contains images folder, which contains posters folder..

so "images/posters/" would be the correct upload directory, no?

Thanks.

ohdang888 · December 17, 2008

OHHHHHH. nvm. permission denied. Must be my server.

spitfire1945 · December 17, 2008

hey

I had a customized code for my website a couple of ages ago see if you can pull out the relevant info out of it

good luck

<table align="center" width="500" border="0">

	<tr><td align="center"><b>[bETA VERSION]<br /><br /><span style="color:#ff6600">Why don't you upload your own contribution to this madness:</span></b><br /><Br /></td></tr>
    
    <tr><td align="center">
    
<?php


//define a maxim size for the uploaded images in Kb
define ("MAX_SIZE","2000"); 

  
// Error codes
$errorcode1= "<span style='font-weight:600; color:#ff0000'>ERROR: Hmm! It seems like you were not trying to upload an image. Please stop hacking this website.</span><br /><br />";

$errorcode2= "<span style='font-weight:600; color:#ff0000'>ERROR: You exceeded the file limit. 2 MB or less.</span><br /><br />";

$errorcode3= "<span style='font-weight:600; color:#ff0000'>ERROR: Copy unsuccessfull! We might have screwed up!</span><br /><br />";

$errorcode4= "<span style='font-weight:600; color:#00CC00'>File Uploaded Successfully!</span><br /><br />";

$errorcode5= "<span style='font-weight:600; color:#00CC00'>There Yah go! See I knew you could do it!</span><br /><br />";

$errorcode6= "<span style='float:left; font-weight:600; text-align:center; color:#ff0000'>ERROR: Ok Genius you forgot to put IN the file. Try Again. This time with a file please.</span><br /><br /><br />";

$errorcode7= "<span style='float:left; font-weight:600; text-align:center; color:#ff0000'>ERROR: Your picture's height is too big. The restriction is set to 100 px.</span><br /><br /><br />";

$errorcode8= "<span style='float:left; font-weight:600; text-align:center; color:#ff0000'>ERROR: Your picture's width is too big. The restriction is set to 400 px.</span><br /><br /><br />";

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
		}

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
//and it will be changed to 1 if an error occurs.  
//If the error occurs the file will not be uploaded.
$errors=0;
//checks if the form has been submitted
if(isset($_POST['Submit'])) 
{  

	//reads the name of the file the user submitted for uploading
	$image=$_FILES['image']['name'];
	//if it is not empty
	if (!$image) 
{
echo $errorcode6;
}
else
	{
	//get the original name of the file from the clients machine
		$filename = stripslashes($_FILES['image']['name']);
	//get the extension of the file in a lower case format
  		$extension = getExtension($filename);
		$extension = strtolower($extension);
	//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
//otherwise we will do more tests
		if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
					{
						//print error message
						echo $errorcode1;
						$errors=1;
					}
				else
					{


					//get the size of the image in bytes
					 //$_FILES['image']['tmp_name'] is the temporary filename of the file
					 //in which the uploaded file was stored on the server
					 $size=filesize($_FILES['image']['tmp_name']);



					// check for file dimenstions. 
					list($width, $height) = getimagesize($_FILES['image']['tmp_name']);
					$maxheight = 100;
					$maxwidth = 400;

					if ($width > $maxwidth) {
					echo $errorcode8;	
					$errors=1;
					} 
					elseif ($height > $maxheight) {
					echo $errorcode7;	
					$errors=1;
					} 


					//compare the size with the maxim size we defined and print error if bigger
					if ($size > MAX_SIZE*1024)
					{
						echo $errorcode2 ;
						$errors=1;
					}

					//we will give an unique name, for example the time in unix time format
					$image_name=time().".$extension";
					//the new name will be containing the full path where will be stored (images folder)
					$newname="moderate/".$image_name;
					//we verify if the image has been uploaded, and print error instead
					$copied = copy($_FILES['image']['tmp_name'], $newname);
					if (!$copied) 
					{
						echo $errorcode3;
						$errors=1;
					}
				}
				//If no errors registred, print the success message
				 if(isset($_POST['Submit']) && !$errors && !$better) 
				 {
					echo $errorcode4;
					echo "<script language ='JavaScript'>setTimeout('refresh()', 5000);</script>";
					unset($better);
				 } 
} 
}
?>

</td>
    </tr>
    
	<tr>
    <td align="center"><form name="newad" method="post" enctype="multipart/form-data" action=""><input type="file" name="image" size="30"> <input name="Submit" type="submit" value="Upload"></form><br /><br />
    </td>
    </tr>

    <tr>
    <td>
    
    
</table>

premiso · December 17, 2008

OHHHHHH. nevermind. permission denied. Must be my server.

The images directory needs to be 777 I believe so you can write to it, you may also have to do this to the posters folder.

Sign In

file upload

Recommended Posts

ohdang888

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

ohdang888

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

ohdang888

Link to comment

Share on other sites

ohdang888

Link to comment

Share on other sites

spitfire1945

Link to comment

Share on other sites

premiso

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information