Jump to content

Recommended Posts

I set up functionality for a client that got moved to their server after I wrote and tested the functionality.  It does not work on their server and I am trying to trouble shoot the problem as I do not have ftp access to the server.

I believe that I have narrowed it down to either I do not know how to access the temp files on their server, Windows IIS, OR the security on the server is not allowing me to upload to the temp files.

Here is the form used to upload to the server.

 

<form  enctype="multipart/form-data"  action="#" method="post" >
    <input type="hidden" name="upload_csv" value="TRUE" />
    <p><label  for="userfile">Upload CSV:</label>
    <input type="hidden" name="MAX_FILE_SIZE" value="45000000" />
    <input type="file" id="userfile" name="userfile" title="userfile" value="" /></p>
    <p><input  type="submit" name="upload_csv" value="Upload CSV" /></p>    
</form>  

 

Here is the test code:

 

<?php
$csvfile = $_FILES['userfile']['tmp_name'];
$size = $_FILES['userfile']['size'];

if($_POST['upload_csv']){
    //---------------------------------validation code here
    if($problem){
        echo '<div class="error">Did not pass validation</div>';
        include("upload_csv.inc.php");
    }else{
        if (($handle = fopen($csvfile, "r")) !== FALSE) {

                //--------------------------------------------------------------this is where the code that imports the data from the csv and to the database goes
                echo '<div class="message"><p>CSV has been opened!</p></div>';
        }elseif(!$csvfile){
                echo '<div class="error">Problem #1</div>';
        }else{
                echo '<div class="error">Problem #2</div>';
        }
    }
}else{
    include("upload_csv.inc.php");
}
?>

 

 

This code generated the error message: Problem #2.

One more bit of information: the permissions on the server is set so that nothing can be uploaded by an external script. I do not know much about servers, but it seems to me that because the security is so tight on the server, the security is the reason that this does not work...???

 

I appreciate help with this. I just am not knowledgeable on how the $_FILES['userfile']['tmp_name'] code actually works?

Link to comment
https://forums.phpfreaks.com/topic/288552-temp-files-on-windows-iis-server/
Share on other sites

What is the number in $_FILES["userfile"]["error"]? Look it up here (if it's not 0).

 

Then find your php.ini, set

error_reporting = -1
display_errors = on
restart IIS, and try again while looking for error messages outputted by PHP.

...I will look at this on Monday...not sure that I understand it.

I do know that I do not have access to the server, and I never will. So changing any settings or restarting the server is not going to happen. But I will look over the documentation on the link and try to figure out how to use it.

I tried to put the class/code on the test site that I originally built the functionality on and all I got was an error.

I am new to OOP...really new. Don't I have to have a class called "Exception" so that I can post the class UploadException as an extension of "Exception"

 

I do know that I do not have access to the server, and I never will. So changing any settings or restarting the server is not going to happen. But I will look over the documentation on the link and try to figure out how to use it.

The settings are to get you any error information that PHP may be generating but not reporting directly to you (like on the page). IIS's error logs, assuming there are any set up, would be the best place to look for those without having to change any configuration.

 

I tried to put the class/code on the test site that I originally built the functionality on and all I got was an error.

...which is? I'm going to go out on a limb and suggest that those might, just, possibly, be relevant.

 

I am new to OOP...really new. Don't I have to have a class called "Exception"

Exception is a built-in class.

 

so that I can post the class UploadException as an extension of "Exception"

I don't know what you're trying to say.

Honestly I am confused! Are you telling me that I can upload the class that is on this page: http://www.php.net/manual/en/features.file-upload.errors.php and then this class will output an error to the page where the class exists? Or is the class going to output the error to the error logs. I do not have access to the error logs.

Understand that I do not have ftp access to the site. So it is a few day process to get anything uploaded to their site.

When I put the class on my test site I got this error:

 

Fatal error: Uncaught exception 'UploadException' with message 'Unknown upload error' in /home/content/38/3399238/html/mysite/mypage.php:54 Stack trace: #0 {main} thrown in /home/content/38/3399238/html/mysite/mypage.php on line 54

Edited by Peg

Honestly I am confused! Are you telling me that I can upload the class that is on this page:

Ignore the class.

 

All you need to do is check the value of $_FILES['userfile']['error'] and see what it contains. If it's anything other than 0 (UPLOAD_ERR_OK) then you need to output it's value and then look up what the error is on that page by finding the appropriate constant.

 

As part of your //---------------------------------validation code here block, you should have:

if ($_FILES['userfile']['error'] != UPLOAD_ERR_OK){
   //report an upload error somehow
   echo 'Failed to upload file, error code is: '.$_FILES['userfile']['error'];
   $problem = true;
}

a) this seems to be a continuation of your previous thread on this forum? if so, i/another mod will merge the two threads as the information in that previous thread would help with the suggestions being made in this thread.
 
b) did you read the new reply in your previous thread? a member who's with godaddy asked a specific question about the windows hosting? though, if the windows hosting is with godaddy, you would need to get permission from your client for anyone to touch the account.
 
c) you can put the error_reporting/display_errors settings into your .php script.
 
d) while it's not relevant to the actual problem you are trying to solve, the error from the exception script on your test site is most likely because you didn't change the $_FILES[....] array index name in that script to match what your form is submitting.
 
e) the 'Problem #2' message from your code would occur if the fopen() fails and $csvfile is a true value. about the only situation i can think of where this would occur is if safe mode or open_basedir are enabled and is preventing the fopen() from working, i.e. the file is being uploaded ($csvfile is a true value), but fopen() cannot access it (the suggested error_reporting/display_errors settings would tell you if this is the case.)
 
if this is the case, you can use move_uploaded_file() to read/move the temp uploaded file to a file that php can access without restrictions.

Thank You Kicken. I will add that to the validation and send the updated code to their tech guy to ftp up for me.

 

In asnswer to you mac_gyver

 

a) Yes this is a continuation of my other thread. If you would merge them that would be great. Thank You!

 

b) I did just read his comment and answer it. It is not hosted with GoDaddy. If it were I would at least have ftp access into the server. That would be really nice.

 

c) I will put the code that Kicken gave me into my script

 

d) Actually I did change the name ... but like you said it is not relevant

 

e) This make sense to me. Thank you for explaining in a way that could understand!

 

I will probably need your guidance to read/move the temp uploaded file to a file that php can access without restrictions.

 

Give me a minute and I will post the code that I am going to send to my clients tech.

Here is the new code that I am sending to the tech. It will probably take a couple of days before this gets uploaded to the server. Thank You all for all of your help!!

<?php

$csvfile = $_FILES['userfile']['tmp_name'];
$size = $_FILES['userfile']['size'];

if($_POST['upload_csv']){
    

   //----------------------------------------------------------------------other validation code here.
  
    if($problem){
        echo '<div class="error">'.$error_message.'</div>';
        include("form_upload_csv.inc.php");
    }else{
        if (($handle = fopen($csvfile, "r")) !== FALSE) {
                echo '<div class="message"><p>CSV has been opened!</p></div>';
        }elseif(!$csvfile){
                echo '<div class="error">Problem #1</div>';
        }else{
                if ($_FILES['userfile']['error'] != UPLOAD_ERR_OK){
                     //report an upload error somehow
                     echo '<div class="error">Failed to upload file, error code is: '.$_FILES['userfile']['error'].'</div>';
                     $problem = true;
                }else{
                    echo '<div class="error">Problem #2</div>';
                }
        }
    }
}else{
    include("form_upload_csv.inc.php");
}
?>

Edited by Peg

The error that is generated by the new code is: "Problem #2".

So this means that the file exists but is not allowed to open. So, mac_gyver, this most likely means that either safe mode or open_basedir in enabled.

 

your suggestion is to use move_uploaded_file() to read/move the temp uploaded file to a file that php can access without restrictions.

I guess I'm confused on why it would make a difference where the file is? Wouldn't server restrictions apply to any place on the server? Sorry to keep asking you questions. I honestly would try some things before I ask questions, but I don't have the option of using ftp. So I just want to be sure that I don't ask their tech to upload documents more often that I have to.
 

Thanks Again!!!

Edited by Peg
Wouldn't server restrictions apply to any place on the server?

 

 

no.

 

if this is something to do with the safe mode or open_basedir, the fopen() statement you are currently using won't be able to access the file in the temp upload directory. the move_uploaded_file() statement however can read the file in the temp uploaded directly and would be able to move it to a location within your account's directory tree, where php would have the ability to access it using fopen() -

 

move_uploaded_file() is both safe mode and open_basedir aware. However, restrictions are placed only on the destination path as to allow the moving of uploaded files in which filename may conflict with such restrictions. move_uploaded_file() ensures the safety of this operation by allowing only those files uploaded through PHP to be moved.

 

OK. Thank you for being so quick to reply to my comment, and for explaining things to me in a way that I can understand them!
I will contact their tech and see if there is a place on the server that I can move a file to. He told me earlier that WordPress was not allowed to upload anything to the server, because he had restrictions on the server that did not allow files to be uploaded to the server. So I believe that moving the file/csv is not going to be allowed, but I will try to get more information.

Thank You!

Edited by Peg
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.