move_uploaded_file & upload_tmp_dir

[bmoremu]

Hello,
    I have a simple form:
[code]
<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="upload_test.php" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>
[/code]

and PHP:
[code]
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = 'images/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
  echo "File is valid, and was successfully uploaded.\n";
} else {
  echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>
[/code]

...both of which were taken right from the PHP manual.

When run, here is the error information:
[code]
Warning:  move_uploaded_file(images/me.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in C:\My Documents\My Sites\bearpaths\upload_test.php on line 17



Warning:  move_uploaded_file() [function.move-uploaded-file]: Unable to move 'D:\WINDOWS\TEMP\phpFB9.tmp' to 'images/me.jpg' in C:\My Documents\My Sites\bearpaths\upload_test.php on line 17

Possible file upload attack!
Here is some more debugging info:Array
(
    [userfile] => Array
        (
            [name] => me.jpg
            [type] => image/jpeg
            [tmp_name] => D:\WINDOWS\TEMP\phpFB9.tmp
            [error] => 0
            [size] => 15641
        )

)
[/code]

Site is running locally on IIS/XP. I have made absolutely sure I clicked on 'Write' for the properties of the 'images/' folder in IIS. Secondly, I don't know why "D:\WINDOWS\TEMP\" is being used seeing as how this line is in my php.ini - "upload_tmp_dir = "images\tmp"".

Thanks in advance for any help!

[[email protected]]

yo, i dunno wuts wrong wit urs, but i have a upload script that works. here it is:

[code]<?php

//here you can  ban certain file types from being uploaded:
$bad_types = array('application/octet-stream');

if( in_array( $_FILES['uploadedfile']['type'], $bad_types ) )
{
    echo "That File type is not supported.";
}
else
{
// the upload path is "uploads". make sure you have a "uploads" folder, and make sure it's chmodded to:
// "chmod 777 uploads"
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

    if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
        echo "The file ".  basename( $_FILES['uploadedfile']['name']).
        " has been uploaded. here is the link to your file: <a href=uploads/".  basename( $_FILES['uploadedfile']['name']). ">".  basename( $_FILES['uploadedfile']['name'])."</a><br>";
    } else{
        echo "There was an error uploading the file, please try again!";
    }
}

?>[/code]


and in the index.html file, make sure you have:
<input name="[b]uploadedfile[/b]" type="file">
for your "browse" button/box thing. make sure it's called "uploadedfile".

[redarrow]

sorry but i think you not using the code you provided from the localhost or a active url as you code is pointing to a temp folder within windows but it would upload to a image folder in the htdocs if you use a url or localhost.

[bmoremu]

For the first response - thanks but I don't see any difference in the code between yours and mine.

For the second - This script is running in my test environment on my local PC. It is WinXP running IIS. In php.ini it says if 'upload_tmp_dir' is not defined, it will use the system default. On a PC, that default is probably \WINDOWS\TEMP\. But I have defined 'upload_tmp_dir' in my php.ini as I noted in my post and it is not using it. I don't know that is the cause of my problem though.