Firefox and $_SESSION in upload directory structure not working

[daledsm]

I have a php script that when you log, it takes the $_SESSION['username'] and creates a directory with it. Then it takes you to another page that allows you to upload to that newely created directory. I have session_start(); on all my pages. When using IE, all works just fine. When using Firefox, it will not upload to the new directory, but outside it in the root. When I do the echo on it, the page shows that the directory is there and that the session info has passed, but it will not upload to it. All the other variables in the upload.php work just fine.

 

 

I can take $userdir = $_SESSION['username']; and make it $userdir = "user", and Firefox will now upload into the new folder no problems. But if I leave it as the session, it puts it in the upload folder. Again, all my echos show the right directory. IE has no problems, but Firefox just can't seem to get the directory structure. Everything else is fine in there. Any advice? Firefox don't have any cookies turned off or any privacy settings turned on. As open as can be. I thought maybe there was something special that needs to be added.

 

$session_start();

$userdir = $_SESSION['username'];

echo $userdir; // shows user

 

$curdir = "upload/";

echo $curdir; // shows upload/

 

$target = $curdir.$userdir."/";

echo $target; // shows upload/user/

 

$targetfile = $target . ($_FILES['uploadedfile']['name']);

echo $targetfile; // shows upload/user/filename

 

 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $targetfile))

{

echo "The file " . ($_FILES['uploadedfile']['name']) . " has been uploaded.";

}

else

{

echo "There was an error uploading the file, please try again!";

}

 

Thanks.

 

[PFMaBiSmAd]

It sounds like FF is requesting the page twice (once with a matching session ID and once without it.) FF has a nasty habit of requesting pages twice due to some of the debugger add-ons. Also, what does your form look like? Any javascript that could be submitting the form and the normal browser's form submission doing it as well? Any URL rewriting or redirecting to a different path than where the session cookie was first sent and the session cookie path setting is not set to '/'?

 

Your code should be testing that $_SESSION['username'] is at least set before doing anything on the form processing page. Your form page should only output the form if the current visitor is logged in and your form processing code should also check if the current visitor is logged in.

[daledsm]

Here is my login (i know it isnt all that secure, but it is just basic to get it workign) For the form, I have used both how it is here, and just regular html form and the php print method form. Same results. The unmask for the mkdir was something I read in a post and thought I would try. Same results.

 

Thank again for your assistance!

 

 

login.php

<?php

session_start();

$password = "admin";

$target = "uploadpage.php";

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

...yada

</head>

<body>

<?php

print "<h2 align=\"center\">Input Username ANd Password</h2>";

 

if (isset($_POST["password"]) && ($_POST["password"]=="$password"))

{

$_SESSION['username'] = $_POST['username'];

 

if(!file_exists("upload/".$_SESSION['username']."."))

{

$oldmask = unmask(0);

mkdir("upload/".$_SESSION['username']."/",0777,true);

unmask($oldmask);

}

header('Location: ".$target);

}

else

{

 

if (isset($_POST['password']) || $password == "")

{

  print "<p align=\"center\"><font color=\"red\"><b>Incorrect Password</b><br>Please enter the correct password</font></p>";

}

  print "<form method=\"post\"><p align=\"center\">Please enter your username and password for access<br>";

  print "<input name=\"username\" type=\"text\" size=\"25\" maxlength=\"10\"><br>";

  print "<input name=\"password\" type=\"password\" size=\"25\" maxlength=\"10\"><br>";

print "<input value=\"Login\" type=\"submit\"></p></form>";

}

?>

<BR>

</body>

</html>

[PFMaBiSmAd]

If you are having a problem with what the code in uploadpage.php is doing, what relevance would there be in posting your login code?

 

Your login code is attempting to perform a header() redirect after it has output content to the page. This will only work on a limited number of server configurations and should be avoided. Your php logic that determines what to do on the page should be first. You then only output content on that page (including any doctype...) if you are going to remain on that page.

[daledsm]

Yes, I am having problem with my upload script and the relevance posting my login code was because you asked about how my form looked when I was asking about my upload code. I was giving you all the info I could as to get help from you or anyone else that may catch it. Sorry if I supplied you too much information, but maybe someone else who can help might need it, or someone else searching for help can come across this post and use a bit of my code on their own project.

 

Thank you for your input. I have spent lots of time trying to get this to work with Firefox and have read thousands of posts and other tutorials both outdated and not. I have tried everything I could before I posted my question. I just thought maybe I was overlooking something or if I had something bad that firefox just don't like. I figured it had to be something simple I was missing since everything works just fine in IE.

 

I will give your advice a shot. Thanks again for your input. It is greatly appreciated. I have found alot of help on here and glad I came across it!

 

Dale

 

 

 

[daledsm]

Ok, I think i have it figured out. I think it is because I am actually using a flash uploader. The flash uploader is calling the upload script and I think the upload.php is getting a different session id when it does that. I think I need to either pass the new userid directory or the session id() from my login page to flash and have the uploader script use those variables when flash calls it. I still don't understand why it works like it does in IE, but not firefox, but as long as it works...