I have a problem with my registration script when uploading an "avatar".

[White_Lily]

Hi,

 

I am trying to create a registration script that when the user registers and tries to upload an avatar, the image itself is placed in the specified directory, and the file name (with extension) is in the database.

 

So far I have managed to get it to put the file name (with extension) in the database, but the script fails because there is a problem when the script tries to put the actual image file in the directory.

 

I was hoping this forum could give some advice/guidance as to how I correct this issue?

 

I will place the code below:

 

<?php

include '../cms/inc/conf.php';
include '../cms/inc/connect.php';
$page = "Register Result";

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
	<title><?php echo $GLOBALS["siteName"]." - ".$page; ?></title>
	<link rel="stylesheet" type="text/css" href="<?php echo $GLOBALS['siteUrl'] ?>/css/design.css">
</head>
<body>
	<div class="wrapper">
		<div class="header">
			<img src="<?php echo $GLOBALS["siteUrl"] ?>/images/logo.png" />
		</div>
		<div class="content">
			<div class="left_content">
				<div class="navigation">
					<?php

						include 'inc/navigation_include.php';

					?>
				</div>
			</div>
			<div class="middle">
				<?php

					//This is the directory where images will be saved 
					 $target = "images/uploads/"; 
					 $target = $target . basename( $_FILES['photo']['name']);

					$name		= $_POST['name'];
					$email		= $_POST['email'];
					$gender		= $_POST['gender'];
					$country	= $_POST['country'];
					$user		= $_POST['username'];
					$pass		= $_POST['password'];
					$pic=($_FILES['photo']['name']); 

					$sql = "INSERT INTO users (name, email, gender, country, username, password, avatar) VALUES ('$name', '$email', '$gender', '$country', '$user', '$pass', '$pic')";
					$res = mysql_query($sql);

					if(move_uploaded_file($_FILES['photo']['tmp_name'], $target)) 
					{
						echo '<h3>Registration Success</h3>';
						echo '<p>Thank you for registering.</p>';
						echo '<a href="../login.php">Login</a>';
					}
					else
					{
						echo '<h3>Registration Failed</h3>';
						echo '<p><h1>Oh dear...</h1> it seems there is a problem with the processing script. Please contact the webmaster via the contact form.</p>'.mysql_error();
						echo '<a href="../register.php">Go Back</a>';
					}

				?>
			</div>
		</div>
		<div class="clear"></div>
		<div class="footer">
			<div class="link-push">
				<div class="footer-navigation">
					<?php/*

						$sql = "SELECT * FROM pages";
						$result = mysql_query($sql);
						if($result)
						{
							echo "  |  ";
							while ($db_field = mysql_fetch_assoc($result))
							{
								echo ("<a href='".$GLOBALS['siteUrl'].'/'.$db_field['page_filename']."'>" . $db_field['page_name'] . "</a>");
								echo "  |  ";
							}
						}
						else
						{
							echo "<p>No pages found.</p>";
						}
						mysql_close($con);*/

					?>
				</div>
			</div>
			<div class="copy">
				<?php echo $GLOBALS["copy"]; ?>
			</div>
			<div class="creator">
				Site created by: <?php echo $GLOBALS["creator"]; ?>
			</div>
		</div>
	</div>
</body>
</html>

[`Karl]

Does the upload folder have write permissions?

[White_Lily]

I did read up on that. If I read the sources correctly the directory has to be 777?

[Christian F.]

Not necessarily, but the process that the PHP parser runs under need to have read & write-permissions to the folder. This can be accomplished by either changing the owner or group of said folder, and giving the standard read/write permissions (733 or 773, respectively).

Generally you want to avoid making the folder world-writeable, as it will (as the name implies) give absolutely everyone permission to write into the folder. A huge security hole, in other words.

 

What you should do, if you haven't done so already, is to turn on error reporting. Then it'll tell you exactly what fails and why it does that, and a quick web search should give you plenty of steps you should take to correct it. If you still have problems with it, then please post the error message here. That way we don't have to guess what's wrong, and as such can focus on actually solving the problem.

[-Karl-]

Easiest method is to just CHMOD the folders permissions to 777, then try it. If it doesn't work, do as Christian said.

[White_Lily]

my php.ini file is set out like this:

 

display_errors: on

error_reporting: E_ALL

 

is that correct?

[Christian F.]

Yes, that's correct for showing all errors.

[White_Lily]

Okay - I have set folder permissions of the directory to 777 and they are also read & write enabled.

I have written "mysql_error()" at the end of the Registration Failed statement.

and i have "error_reporting:E_ALL" the top of the page within the <?php and ?> tags but no error shows except for a 500 internal server error

[Pikachu2000]

my php.ini file is set out like this:

 

display_errors: on

error_reporting: E_ALL

 

is that correct?

 

No, it isn't correct. It should use equal signs, not colons. Also, a value of -1 would be what you'd want to use to display all possible errors and notices.

 

error_reporting = -1

display errors = On

 

and i have "error_reporting:E_ALL" the top of the page within the <?php and ?> tags but no error shows except for a 500 internal server error

 

When changing error settings at runtime, the syntax is different. In the script itself it would be

error_reporting(-1);

ini_set( 'display_errors', 'On' );

[White_Lily]

okay i did what you all said.

 

i recieved 2 errors regarding the file uploading:

 

Warning: move_uploaded_file(images/uploads/Sunset.jpg) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/sites/janedealsart.co.uk/public_html/inc/register-process.php on line 51

 

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phprN1MTY' to 'images/uploads/Sunset.jpg' in /home/sites/janedealsart.co.uk/public_html/inc/register-process.php on line 51

[Christian F.]

And there you have it: The file was not uploaded.

 

The reason you're getting this error is because you've made an assumption in your code, and that assumption was that the file upload will always succeed. In other words, you did not test for errors at any stage, which allowed this situation to come to pass.

If you look at the PHP manual, you'll see that there is an index in the $_FILES array that may contain error messages. Use this to verify that the upload has indeed succeeded, before trying to move the file. I'd also recommend checking the the temporary file actually exists, just to be on the safe side.

 

PS: Lastly you'll want to validate all user input, to stop someone from posting anything besides what you expect. Any attacker can use an unsecured file upload form to gain complete access to your system, either by uploading custom code or by utilizing any other technique to gain unwarranted information from your server.

[Pikachu2000]

I'm going to take a blind stab at this and guess that you forgot to add enctype="multipart/form-data" to your <form> tag, perhaps?

[White_Lily]

what does this error mean?

 

Warning: move_uploaded_file(/images/uploads/) [function.move-uploaded-file]: failed to open stream: No such file or directory in /home/sites/janedealsart.co.uk/public_html/inc/register-process.php on line 51

 

 

 

 

and yes, i remembered to add the enctype.

[darkfreaks]

is the directory folder have permission to write and read and execute (777) ???

 

also does the directory folder exist???

 

if you can rule that out there might be a problem with the path in your code

 

alsi i would change

 

$target = $target . basename( $_FILES['photo']['name']);

 

 

to:

 

$target .= basename( $_FILES['photo']['name']);

 

Also i would highly suggest not changing the name of the FILE to 'photo' instead of file which it needs to work.

 

 

[White_Lily]

I tried setting the permissions to 777. but the Heart Internet file system highlighted the directory in bright red which i assume means its either an invalid directory or invalid permission mode. so what ive done is keep the permission mode to "755" but change the permission to:

 

 

read: yes

write: yes

execute: yes

[Christian F.]

darkfreaks: That error message has nothing to do with the write permissions, and as previously mentioned I strongly recommend against using 777.

Also, while I do agree that using the shorthand concatenation syntax is preferable, it doesn't impact the code nor the problem at all.

 

White_Lily: If you read the error message again, and dissect it into its components, you should be able to understand what it means. It is in pretty clear cut and basic English, after all.

[darkfreaks]

my bad.

[White_Lily]

Ive read the error message over and over. What i understand is that its saying "/images/uploads/" doesnt exist, however going into the heart internet file system it clearly does exist.

 

 

what i dont under is the "failed to open stream" part - whats that mean?

[darkfreaks]

PHP Warning:  include(foo.php): failed to open stream: No such file or directory in /home/mysite/public_html/test.php on line 2

 

This warning tells you that an include file (included using PHP?s include syntax) was not found. It is a warning rather than an error, because PHP will continue trying to load the page if it cannot find an include.

 

In PHP, you can include files using include() or require(). If you use require(), then you are telling PHP that this script is vital to running the website, and so PHP will spit out an error if the file is not found, rather than try to continue.

 

If you get a warning or error message that a file could not be opened, then check that the file referred to in the error message is there and that your path to it is correct. For example, if you have the file /inc/navigation.php, and the page calling this file is in the directory /about, then you would need to include navigation.php with the following include:

<?php include(../inc/navigation.php); ?>

 

Omitting the ../ would result in a warning because PHP would not be able to find the file.

[Christian F.]

That part means that it's trying to open a stream, the most common version of a stream is a file. The error message states that you're trying to send it a folder.

Now, this suggests that you're not getting the actual filename from the $_FILES['photo']['name'] index, or that basename () doesn't return anything. Using var_dump () on each of the elements should give you something to work with, and tell you exactly where the issue happens.

[Pikachu2000]

Are the error messages you posted cut and pasted, or are you retyping them? If the latter, please paste the actual error messages here.

[White_Lily]

I am copying and pasting them.

[Pikachu2000]

I suspect a path issue, and that this: $target = "images/uploads/"; should be this: $target = "{$_SERVER['DOCUMENT_ROOT']}/images/uploads/";, or some variation pretty close to it.

[Christian F.]

Hmm... Have you modified the code since posting it then?

Reason I ask, is because according to the code above, line 51 is this line:

echo '<a href="../login.php">Login</a>';

[White_Lily]

According to Notepad++ and Dreamweaver line:51 points to:

 

 

if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))