[SOLVED] PHP Upload Script on Suse Linux and Apache

[jreed2132]

I'm trying to create a form that has a "Browse" button that you can select an image file, then upload it to a folder called "Uploads".

 

I found this form and code on the tutorial web site, www.w3schools.com

 

I'm not sure, but I think the problem could be using the $_FILES variables, because the information doesn't even show up for them.  Could it be that this code only works on Windows?  I am doing this on a Suse Linux box and I've given the user "wwwrun" rights to the write to the "Uploads" folder. 

 

The Form:

 

<form action="upload_file.php" method="post"

enctype="multipart/form-data">

<label for="file">Filename:</label>

<input type="file" name="file" id="file" />

<br />

<input type="submit" name="submit" value="Submit" />

</form>

 

Code from upload_file.php:

<?php

if ((($_FILES["file"]["type"] == "image/gif")

|| ($_FILES["file"]["type"] == "image/jpeg")

|| ($_FILES["file"]["type"] == "image/pjpeg"))

&& ($_FILES["file"]["size"] < 20000))

  {

  if ($_FILES["file"]["error"] > 0)

    {

    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";

    }

  else

    {

    echo "Upload: " . $_FILES["file"]["name"] . "<br />";

    echo "Type: " . $_FILES["file"]["type"] . "<br />";

    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";

    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

 

    if (file_exists("Uploads/" . $_FILES["file"]["name"]))

      {

      echo $_FILES["file"]["name"] . " already exists. ";

      }

    else

      {

      move_uploaded_file($_FILES["file"]["tmp_name"],

      "Uploads/" . $_FILES["file"]["name"]);

      echo "Stored in: " . "Uploads/" . $_FILES["file"]["name"];

      }

    }

  }

else

  {

  echo "Invalid file";

  }

?>

[PFMaBiSmAd]

A) Are uploads enabled in your php.ini? Stop and start your web server to get any change made to php.ini to take effect and confirm what the setting actually is using a phpinfo(); statement.

 

B) The w3schools.com code is retarded. It checks the ['error'] element after it attempts to check the ['type']. Many of the possible upload errors won't set the ['type'], so that code will report an "Invalid file" for upload errors and will never report an actual upload error. It also checks the ['type'] and ['size'] in one test and outputs a single non-specific error message if either test fails, so you both don't know which one of those tests failed and in the case of the ['type'], since the actual value that failed is not displayed, you don't know what ['type'] your browser supplied for the file (different browsers set different mime types for the same file) in order to add it to the list of allowed types.

 

Edit: Proper code would check that a form has been submitted (all form processing code should do this) and if the $_FILES array is empty, report that the file size exceeded the post_max_size setting (see the following item C), then check the ['error'] element and report any upload errors, then check the ['type'] and report if the type is not permitted and display the actual value that the browser supplied, then check the size and report if the size exceeded the permitted value, then finally use the uploaded file information.

 

C) Is the $_FILES array empty or what exactly is the symptom you are getting? If uploads are enabled and the $_FILES array is empty, you are likely exceeding the post_max_size setting. What does a phpinfo(); statement show for post_max_size and what is the size of the file you are attempting to upload?

[jreed2132]

alright, a couple things I've found,

 

- the post_max_size wasn't big but it still hasn't fixed the problem.

- uploads are enabled

- the $_Files array is empty

 

But I started to think, does the upload move the file to a tmp directory before its transferred, if so, where is that directory on Suse Linux (I looked and there are about 5 tmp directories) and does it need rights as well?

 

 

[PFMaBiSmAd]

If the temp upload directory does not exist or has a permission problem there will be an upload error indicated in the ['error'] element - http://us2.php.net/manual/en/features.file-upload.errors.php

 

The $_FILES array will only be empty if uploads are not enabled, if your form does not have a correct enctype, or if you exceed the post_max_size.

 

You apparently changed the post_max_size setting. Did you verify what it actually is using a phpinfo() statement?

 

 

[jreed2132]

Yes, everything I changed I verified and when changed, changed it to a very high amount

[jreed2132]

Is "multipart/form-data" the correct type?

 

and

 

the "upload_tmp_dir" setting displays  "no value"

 

Could that be the issue?

[PFMaBiSmAd]

That should not be a problem (and as already stated, there would be an upload error if the upload could not be put into the temporary directory) -

upload_tmp_dir string

The temporary directory used for storing files when doing file upload. Must be writable by whatever user PHP is running as. If not specified PHP will use the system's default.

 

The form you posted is valid and results in a $_FILES['file'] array. Is that your whole form page?

 

What is the actual syntax of the post_max_size setting? A syntax error in the setting will appear as a correct setting but actually results in a very small value.

[jreed2132]

Yes, thats the whole form page

 

and here is the code from php.ini

 

 

; Maximum size of POST data that PHP will accept.

post_max_size = 90M

 

 

[PFMaBiSmAd]

Put the following code in at the start of upload_file.php. What does it show?

<?php
echo "<pre>";
echo "POST:";
print_r($_POST);
echo "FILES:";
print_r($_FILES);
echo "</pre>";
?>

[jreed2132]

so it is collecting data . . . . . .

 

POST:Array

(

    [submit] => Submit

)

FILES:Array

(

    [file] => Array

        (

            [name] => capitol.jpg

            [type] => image/pjpeg

            [tmp_name] => /tmp/phpVKTVxX

            [error] => 0

            => 58826

        )

 

)

 

[PFMaBiSmAd]

That's not an empty $_FILES array that you have been stating you are getting.

 

I previously asked you what exact symptom you are getting -

C) Is the $_FILES array empty or what exactly is the symptom you are getting?

 

Based on the information you just posted, you are getting an "Invalid file" message due to the file size being 58826 when the code is testing for a maximum size of 20000. What a waste of time.

 

... It also checks the ['type'] and ['size'] in one test and outputs a single non-specific error message if either test fails, so you both don't know which one of those tests failed ...

 

Edit: Proper code would check that a form has been submitted (all form processing code should do this) and if the $_FILES array is empty, report that the file size exceeded the post_max_size setting (see the following item C), then check the ['error'] element and report any upload errors, then check the ['type'] and report if the type is not permitted and display the actual value that the browser supplied, then check the size and report if the size exceeded the permitted value, then finally use the uploaded file information.