login & registration problem/tmp_files

[Joseph_J]

Hello all!

 

Lets get right to it!

 

I am running my code on an apache server hosted by Godaddy.

 

My code functions perfect except for this problem.

 

I was following the phpacademy login & register tutorials.  On the last section is a picture upload series that uploads a picture and sets the picture in the html.

 

So far, I am able to select and upload the path of the picture to the db.

 

However, the picture does not get uploaded to the images/profile directory.

 

If I manually place the picture in the images/profile directory the picture does display on the site.

 

Here is the code for the page that calls the fucntion:

 

<div class="widget">
    <h2>Hello, <?php echo $user_data['first_name']; ?>!</h2>
    <div class="inner">
        <div class="profile">
            <?php
            if (isset($_FILES['profile']) === true) {
                if (empty($_FILES['profile']['name']) === true) {
                    echo 'Please choose a file!';
                } else {
                    $allowed = array('jpg', 'jpeg', 'gif', 'png');
                    
                    $file_name = $_FILES['profile']['name'];
                    $file_extn = strtolower(end(explode('.', $file_name)));
                    $file_temp = $_FILES['profile']['tmp_name'];
                    
                    if (in_array($file_extn, $allowed) === true) {
                        change_profile_image($session_user_id, $file_temp, $file_extn);
                        
                        header('Location: ' . $current_file);
                        exit();
                        
                    } else {
                        echo 'Incorrect file type. Allowed: ';
                        echo implode(', ', $allowed);
                    }
                }
            }
            
            if (empty($user_data['profile']) === false) {
                echo '<img src="', $user_data['profile'], '" alt="', $user_data['first_name'], '\'s Profile Image">';
            }
            ?>
            <form action="" method="post" enctype="multipart/form-data">
                <input type="file" name="profile"> <input type="submit">
            </form>
        </div>
        <ul>
            <li>
                <a href="logout.php">Log out</a>
            </li>
            <li>
                <a href="<?php echo $user_data['username']; ?>">Profile</a>
            </li>
            <li>
                <a href="changepassword.php">Change password</a>
            </li>
            <li>
                <a href="settings.php">Settings</a>
            </li>
        </ul>
    </div>
</div>

 

Here is the function:

 

function change_profile_image($user_id, $file_temp, $file_extn) {
    $file_path = 'images/profile/' . substr(md5(time()), 0, 10) . '.' . $file_extn;
    move_uploaded_file($file_temp, $file_path);
    mysql_query("UPDATE `users` SET `profile` = '" . mysql_real_escape_string($file_path) . "' WHERE `user_id` = " . (int)$user_id);
}

 

 

At first I thought the problem was with the move_uploade_files() function, however, I am starting to think that the problem lyes with the [tmp_file'] calls in the arguments in the first section of example code.

 

I don't think my site is moving the file to a temp directory.

 

The function sys_get_temp_dir(); does not return a result.

 

My questions are:

 

Am I on the right track?

 

How do I set up a temp directory?

 

Do I need a php.ini file or configuration file?  If so, where do I put it?

 

Do I need to restart Apache?  If so, how do I do that on a Godaddy platform?

 

My apologies and sincerest thanks in advance:  I am a noob!

 

Thanks,

 

Joseph

 

 

 

 

[mac_gyver]

the code you have isn't checking if the upload worked before trying to use the uploaded file information. $_FILES['profile']['name'] will be set and will contain the name of the selected file, for most of the possible upload errors. this is the problem with following the crap php code you find online, that professes to show you the right way to do something, but was written by someone who doesn't really know or care what the code does.

 

for debugging, what does adding the following echo ... statement show -

<?php
echo '<pre>',print_r($_FILES,true),'</pre>'; // add this right before the following line -
if (isset($_FILES['profile']) === true) { // this is part of your existing code

if you are doing this for real, you would make sure that a post method form was actually submitted by testing if $_SERVER['REQUEST_METHOD'] == 'POST, then you would test if the $_FILES array is set (it not being set indicates that the post_max_size setting was exceeded), then you would test if $_FILES['profile']['error'] == 0. only if all three of these conditions are true, do you know that the file was actually uploaded and you can use the uploaded file information in the rest of your code.

[Joseph_J]

Thanks for your reply!

 

A quick note!  I believe you that online videos and such may offer code that is sub-parr to what it should be:  however as a noob!  I don't know what good code is vs bad code!  Thanks for your input, it wont be forgotten.

 

Here is what your statement provided:

Array(    [profile] => Array        (            [name] => 8462777.jpg            [type] =>             [tmp_name] =>             [error] => 6            [size] => 0        ))

images/profile/ddba68d61f.jpg

[mac_gyver]

here's a list of the upload errors - http://www.php.net/manual/en/features.file-upload.errors.php

 

you will need to set the upload_tmp_dir setting, in a php.ini file, to an actual private (not in the public http document folder) folder within your account's directory tree.

[Joseph_J]

ok!

 

So I am already running a seperate domain in the root directory of the hosting server  (that was probably a bad idea but I did not know any better at the time).  As of now and for the forseable future nothing can be uploaded to that site.

 

The second domain is actually pointed to a folder in the root directory. 

 

/second domain/where this code is/

 

I do have a /tmp folder.

 

I was going to set the upload_tmp_dir = /tmp/seconddomain/

 

Where do I place the php.ini file?

 

Also;  do I use a php.ini file or a php5.ini file?

 

Thankyou for you patience!

[Joseph_J]

Did I mention I was a noob!

 

I had a php5.ini file with the following line in it:

 

ini_set(upload_tmp_dir, \temp);

 

I'm not sure if that was an invalid command and I'm sure it was to the wrong path!

 

Anyways, I deleted it and the original code function as intended.

 

Thank you Mac_gyver for you input and suggestions!!  I really apreciated it;  Your comments help me focus in the php.ini file whuch led me to the problem.  I also learched how to test for issue with the array.  I will also incorporate the $_SERVER['REQUEST_METHOD'] == 'POST command into my site going forward:

 

Sincerly,

 

A noob in training!