amfony Posted December 4, 2006 Share Posted December 4, 2006 hello everyone,This is my very first post so please be gentle.I am NEWWWWBIE - HARD at PHP and web servering ingeneral, however i have had to do some ASP at uni, and have some C++ and lots of VBScript experience so the coding is not too daunting (at all really). PHP sort of a perfect mix of C++ and JavaScript true? Syntax wise.Anywhoo, my situation is this:I have created an intranet site for submission of works, IE submission of Docs, xls, ppt for students. I have created some restrictions like file extention (no exe's) and file size (no larger then 10MB). Its structured like this: A index.php has a html form which will (in vbscript) get the AD username and computername of the client, it then posts this data and file to my uploader.php, which does all the cheking and that (on the file regarding restrictions), if file fails it will create some session variables so the redirection page (either success.php or failure.php) can tell WHY. IE failure.php shows "FILE FAILED DUE TO: File Extention" or "FILE FAILED DUE TO: Size" dependant on where the file failed. Uploader will also retieve the POST-ed username and computername and filename and set them as session variables as wel so on the success or failure pages the screen display some user specific varialbes AKA user: joe computer: blow filename: joeblowresume.doc FAILED due to : File ExtentionThis works great for me for files with bad extentions, and files marginally over the 10MB limit, however i tried to submit a 50MB file and whilst i expected an error (on the failure.php page) all i got was the failre page but with empty fields. IE no username, no computername, no filename, and no reason for failure (which is another session varaible).So is there something i need to set to allow the session variables to retain? Whilst this is a 'huge' file (50MB) it only takes like .. 5 seconds at the most to error out (and provide empty fields).I dont have a max_file_size property in my POST as i wanted to leave it to the PHP to do this restriction.Can ayone help? Below is my php.ini file. Thanks everyone. (sorry i will attach the whole thing, as i dont know what part is of use or not to this convo! :( NEWB remember)PHP Version 5.2.0 System Windows NT server 5.1 build 2600 Build Date Nov 2 2006 11:50:55 Configure Command cscript /nologo configure.js "--enable-snapshot-build" "--with-gd=shared" Server API ISAPI Virtual Directory Support enabled Configuration File (php.ini) Path C:\PhP\php.ini PHP API 20041225 PHP Extension 20060613 Zend Extension 220060519 Debug Build no Thread Safety enabled Zend Memory Manager enabled IPv6 Support enabled Registered PHP Streams php, file, data, http, ftp, compress.zlib Registered Stream Socket Transports tcp, udp Registered Stream Filters convert.iconv.*, string.rot13, string.toupper, string.tolower, string.strip_tags, convert.*, consumed, zlib.* This program makes use of the Zend Scripting Language Engine:Zend Engine v2.2.0, Copyright (c) 1998-2006 Zend Technologies --------------------------------------------------------------------------------PHP Credits--------------------------------------------------------------------------------ConfigurationPHP CoreDirective Local Value Master Value allow_call_time_pass_reference Off Off allow_url_fopen On On allow_url_include Off Off always_populate_raw_post_data Off Off arg_separator.input & & arg_separator.output & & asp_tags Off Off auto_append_file no value no value auto_globals_jit On On auto_prepend_file no value no value browscap no value no value default_charset no value no value default_mimetype text/html text/html define_syslog_variables Off Off disable_classes no value no value disable_functions no value no value display_errors Off Off display_startup_errors Off Off doc_root no value no value docref_ext no value no value docref_root no value no value enable_dl On On error_append_string no value no value error_log no value no value error_prepend_string no value no value error_reporting 6143 6143 expose_php On On extension_dir ./ ./ file_uploads On On highlight.bg #FFFFFF #FFFFFF highlight.comment #FF8000 #FF8000 highlight.default #0000BB #0000BB highlight.html #000000 #000000 highlight.keyword #007700 #007700 highlight.string #DD0000 #DD0000 html_errors On On ignore_repeated_errors Off Off ignore_repeated_source Off Off ignore_user_abort Off Off implicit_flush Off Off include_path .;C:\php5\pear .;C:\php5\pear log_errors On On log_errors_max_len 1024 1024 magic_quotes_gpc Off Off magic_quotes_runtime Off Off magic_quotes_sybase Off Off mail.force_extra_parameters no value no value max_execution_time 30 30 max_input_time 600 600 open_basedir no value no value output_buffering 4096 4096 output_handler no value no value post_max_size 35M 35M precision 14 14 realpath_cache_size 16K 16K realpath_cache_ttl 120 120 register_argc_argv Off Off register_globals Off Off register_long_arrays Off Off report_memleaks On On report_zend_debug On On safe_mode Off Off safe_mode_exec_dir no value no value safe_mode_gid Off Off safe_mode_include_dir no value no value sendmail_from no value no value sendmail_path no value no value serialize_precision 100 100 short_open_tag Off Off SMTP localhost localhost smtp_port 25 25 sql.safe_mode Off Off track_errors Off Off unserialize_callback_func no value no value upload_max_filesize 35M 35M upload_tmp_dir no value no value user_dir no value no value variables_order GPCS GPCS xmlrpc_error_number 0 0 xmlrpc_errors Off Off y2k_compliance On On zend.ze1_compatibility_mode Off Off bcmathBCMath support enabled calendarCalendar support enabled com_dotnetCOM support enabled DCOM support disabled .Net support enabled Directive Local Value Master Value com.allow_dcom 0 0 com.autoregister_casesensitive 1 1 com.autoregister_typelib 0 0 com.autoregister_verbose 0 0 com.code_page no value no value com.typelib_file no value no value ctypectype functions enabled datedate/time support enabled Timezone Database Version 2006.14 Timezone Database internal Default timezone Australia/Melbourne Directive Local Value Master Value date.default_latitude 31.7667 31.7667 date.default_longitude 35.2333 35.2333 date.sunrise_zenith 90.583333 90.583333 date.sunset_zenith 90.583333 90.583333 date.timezone no value no value domDOM/XML enabled DOM/XML API Version 20031129 libxml Version 2.6.26 HTML Support enabled XPath Support enabled XPointer Support enabled Schema Support enabled RelaxNG Support enabled filterInput Validation and Filtering enabled Revision $Revision: 1.52.2.25 $ Directive Local Value Master Value filter.default unsafe_raw unsafe_raw filter.default_flags no value no value ftpFTP support enabled hashhash support enabled Hashing Engines md4 md5 sha1 sha256 sha384 sha512 ripemd128 ripemd160 whirlpool tiger128,3 tiger160,3 tiger192,3 tiger128,4 tiger160,4 tiger192,4 snefru gost adler32 crc32 crc32b haval128,3 haval160,3 haval192,3 haval224,3 haval256,3 haval128,4 haval160,4 haval192,4 haval224,4 haval256,4 haval128,5 haval160,5 haval192,5 haval224,5 haval256,5 iconviconv support enabled iconv implementation "libiconv" iconv library version 1.9 Directive Local Value Master Value iconv.input_encoding ISO-8859-1 ISO-8859-1 iconv.internal_encoding ISO-8859-1 ISO-8859-1 iconv.output_encoding ISO-8859-1 ISO-8859-1 ISAPIServer Variable Value AUTH_TYPE Negotiate AUTH_USER domain\user CONTENT_LENGTH 0 PATH_TRANSLATED c:\inetpub\wwwroot\phpinfo.php REMOTE_ADDR 192.168.62.19 REMOTE_HOST 192.168.62.19 REMOTE_USER domain\user REQUEST_METHOD GET SERVER_NAME server SERVER_PORT 80 SERVER_PROTOCOL HTTP/1.0 SERVER_SOFTWARE Microsoft-IIS/5.1 APPL_MD_PATH /LM/W3SVC/1/Root APPL_PHYSICAL_PATH c:\inetpub\wwwroot\ INSTANCE_ID 1 INSTANCE_META_PATH /LM/W3SVC/1 LOGON_USER domain\user URL /phpinfo.php ALL_HTTP HTTP_ACCEPT:*/* HTTP_ACCEPT_LANGUAGE:en-au HTTP_CONNECTION:Keep-Alive HTTP_HOST:server HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) HTTP_COOKIE:ssc= HTTP_AUTHORIZATION:Negotiate TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP HTTPS off SCRIPT_NAME /phpinfo.php SERVER_PORT_SECURE 0 jsonjson support enabled json version 1.2.1 libxmllibXML support active libXML Version 2.6.26 libXML streams enabled odbcODBC Support enabled Active Persistent Links 0 Active Links 0 ODBC library Win32 Directive Local Value Master Value odbc.allow_persistent On On odbc.check_persistent On On odbc.default_db no value no value odbc.default_pw no value no value odbc.default_user no value no value odbc.defaultbinmode return as is return as is odbc.defaultlrl return up to 4096 bytes return up to 4096 bytes odbc.max_links Unlimited Unlimited odbc.max_persistent Unlimited Unlimited pcrePCRE (Perl Compatible Regular Expressions) Support enabled PCRE Library Version 6.7 04-Jul-2006 ReflectionReflection enabled Version $Id: php_reflection.c,v 1.164.2.33.2.31 2006/10/18 16:35:15 johannes Exp $ sessionSession Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 15 15 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path c:\inetpub\wwwroot\tmp c:\inetpub\wwwroot\tmp session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid 0 0 SimpleXMLSimplexml support enabled Revision $Revision: 1.151.2.22.2.15 $ Schema support enabled SPLSPL support enabled Interfaces Countable, OuterIterator, RecursiveIterator, SeekableIterator, SplObserver, SplSubject Classes AppendIterator, ArrayIterator, ArrayObject, BadFunctionCallException, BadMethodCallException, CachingIterator, DirectoryIterator, DomainException, EmptyIterator, FilterIterator, InfiniteIterator, InvalidArgumentException, IteratorIterator, LengthException, LimitIterator, LogicException, NoRewindIterator, OutOfBoundsException, OutOfRangeException, OverflowException, ParentIterator, RangeException, RecursiveArrayIterator, RecursiveCachingIterator, RecursiveDirectoryIterator, RecursiveFilterIterator, RecursiveIteratorIterator, RecursiveRegexIterator, RegexIterator, RuntimeException, SimpleXMLIterator, SplFileInfo, SplFileObject, SplObjectStorage, SplTempFileObject, UnderflowException, UnexpectedValueException standardRegex Library Bundled library enabled Dynamic Library Support enabled Internal Sendmail Support for Windows enabled Directive Local Value Master Value assert.active 1 1 assert.bail 0 0 assert.callback no value no value assert.quiet_eval 0 0 assert.warning 1 1 auto_detect_line_endings 0 0 default_socket_timeout 60 60 safe_mode_allowed_env_vars PHP_ PHP_ safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry user_agent no value no value tokenizerTokenizer Support enabled wddxWDDX Support enabled WDDX Session Serializer enabled xmlXML Support active XML Namespace Support active libxml2 Version 2.6.26 xmlreaderXMLReader enabled xmlwriterXMLWriter enabled zlibZLib Support enabled Stream Wrapper support compress.zlib:// Stream Filter support zlib.inflate, zlib.deflate Compiled Version 1.2.3 Linked Version 1.2.3 Directive Local Value Master Value zlib.output_compression Off Off zlib.output_compression_level -1 -1 zlib.output_handler no value no value Additional ModulesModule Name EnvironmentVariable Value ALLUSERSPROFILE C:\Documents and Settings\All Users CLASSPATH C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip CommonProgramFiles C:\Program Files\Common Files COMPUTERNAME server ComSpec C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK NO NUMBER_OF_PROCESSORS 2 OS Windows_NT Path C:\PHP\;C:\Program Files\Windows Resource Kits\Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;E:\wamp\bin\stable\perl\bin\;C:\Program Files\QuickTime\QTSystem\ PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PHPRC C:\PHP\ PROCESSOR_ARCHITECTURE x86 PROCESSOR_IDENTIFIER x86 Family 15 Model 4 Stepping 3, GenuineIntel PROCESSOR_LEVEL 15 PROCESSOR_REVISION 0403 ProgramFiles C:\Program Files QTJAVA C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip SystemDrive C: SystemRoot C:\WINDOWS TEMP C:\WINDOWS\TEMP TMP C:\WINDOWS\TEMP USERPROFILE C:\Documents and Settings\LocalService VS80COMNTOOLS C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\ windir C:\WINDOWS PHP VariablesVariable Value _REQUEST["ssc"] no value _COOKIE["ssc"] no value _SERVER["ALL_HTTP"] HTTP_ACCEPT:*/* HTTP_ACCEPT_LANGUAGE:en-au HTTP_CONNECTION:Keep-Alive HTTP_HOST:server HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) HTTP_COOKIE:ssc= HTTP_AUTHORIZATION:Negotiate TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP _SERVER["HTTPS"] off _SERVER["SCRIPT_NAME"] /phpinfo.php _SERVER["HTTP_COOKIE"] ssc= _SERVER["AUTH_PASSWORD"] no value _SERVER["AUTH_TYPE"] Negotiate _SERVER["AUTH_USER"] domain\user _SERVER["CONTENT_LENGTH"] 0 _SERVER["CONTENT_TYPE"] no value _SERVER["PATH_TRANSLATED"] c:\inetpub\wwwroot _SERVER["QUERY_STRING"] no value _SERVER["REMOTE_ADDR"] 192.168.62.19 _SERVER["REMOTE_HOST"] 192.168.62.19 _SERVER["REMOTE_USER"] domain\user _SERVER["REQUEST_METHOD"] GET _SERVER["SERVER_NAME"] server _SERVER["SERVER_PORT"] 80 _SERVER["SERVER_PROTOCOL"] HTTP/1.0 _SERVER["SERVER_SOFTWARE"] Microsoft-IIS/5.1 _SERVER["APPL_MD_PATH"] /LM/W3SVC/1/Root _SERVER["APPL_PHYSICAL_PATH"] c:\inetpub\wwwroot\ _SERVER["INSTANCE_ID"] 1 _SERVER["INSTANCE_META_PATH"] /LM/W3SVC/1 _SERVER["LOGON_USER"] domain\user _SERVER["REQUEST_URI"] /phpinfo.php _SERVER["URL"] /phpinfo.php _SERVER["SCRIPT_FILENAME"] c:\inetpub\wwwroot\phpinfo.php _SERVER["ORIG_PATH_INFO"] /phpinfo.php _SERVER["PATH_INFO"] no value _SERVER["ORIG_PATH_TRANSLATED"] c:\inetpub\wwwroot\phpinfo.php _SERVER["DOCUMENT_ROOT"] c:\inetpub\wwwroot _SERVER["PHP_SELF"] /phpinfo.php _SERVER["HTTP_ACCEPT"] */* _SERVER["HTTP_ACCEPT_LANGUAGE"] en-au _SERVER["HTTP_CONNECTION"] Keep-Alive _SERVER["HTTP_HOST"] server _SERVER["HTTP_USER_AGENT"] Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) _SERVER["HTTP_AUTHORIZATION"] Negotiate TlRMTVNTUAADAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAAAAAAAEgAAAAAAAAASAAAAAAAAABIAAAABcKIogUBKAoAAAAP _SERVER["REQUEST_TIME"] 1165202021 Quote Link to comment Share on other sites More sharing options...
btherl Posted December 4, 2006 Share Posted December 4, 2006 Hmm.. I would try removing the redirection, and replacing it with var_dump($_SESSION), and see what you get. Maybe there will be clues there.It's odd that the redirection executes, but the session variables are not set. Very odd indeed. Quote Link to comment Share on other sites More sharing options...
amfony Posted December 4, 2006 Author Share Posted December 4, 2006 hey guys sorry i should have pasted my code - i will post index.php, uploader.php and failure.php, as success.php works fine. I do warn you though, this will be crap - but as i say its my actual first code written in php.Index.php[code]<?php session_destroy() ?><html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>submission</title> <SCRIPT LANGUAGE="VBScript"> Set objNet = CreateObject("WScript.Network") username = objnet.username computername = objnet.computername set objnet = nothing </SCRIPT> </head> <body> <form enctype="multipart/form-data" action="uploader.php" method="post"> <script type="text/vbscript"> document.write("<input type='hidden' name='username' value='" & username &"' />") document.write("<input type='hidden' name='computername' value='" & computername &"' />") </script> File to be uploaded: </br> <input type="file" name="uploadedfile" /> <br> <input type="submit" value="submit Assignment"> <input type="reset" value="reset Form"> </form> </body></html>[/code]uploader.php[code]<?phpsession_start();$_SESSION['username'] = $_POST['username'];$_SESSION['filename'] = $_FILES['uploadedfile']['name'];$_SESSION['computername'] = $_POST['computername'];$test = explode('.',$_FILES['uploadedfile']['name']);if($test[1] == ''){ $_SESSION['noFile'] = 1; $to = 'http://server/failure.php'; header('Location: '.$to); exit;}else{$_SESSION['noFile'] = 0;}$ext = $test[1];$ext = strtoupper($ext);$badExt = array('EXE','BAT','CMD','ZIP','VBS','JS','AU3','PHP','PHP3','COM','PL','DAT');foreach($badExt as $i){ if(stristr($i,$ext)) { $to = 'http://server/failure.php'; $_SESSION['invalidFileType'] = 1; $_SESSION['ext'] = $ext; header('Location: '.$to); exit; } else{$_SESSION['invalidFileType'] = 0;}}$size = $_FILES['uploadedfile']['size'];if($size > 10486000){ $to = 'http://server/failure.php'; $_SESSION['invalidFileSize'] = 1; header('Location: '.$to); exit;}else{$_SESSION['invalidFileSize'] = 0;}move_uploaded_file($_FILES["uploadedfile"]["tmp_name"], "uploads/" . $_SESSION['username']."-".$_SESSION['filename']);$to = 'http://server/success.php';header('Location: '.$to);[/code]failure.php[code]<?php session_start(); ?><html> <head> <title>Submission Failure</title> </head> <body> <p style class='Title'>Submission Failed</p> <p style class='Title'><span class="Error">ERROR: Your assignment could not be submitted.</span></p></br> <p style class='InformationBox'> Student : <?php echo $_SESSION['username']?><br> Computer: <?php echo $_SESSION['computername']?><br> File: <?php echo $_SESSION['filename']?> </p> <p style class='Error'> </p> <?php if($_SESSION['noFile'] == 1){?> <p style class="InformationBox">No File</p> <?php }elseif($_SESSION['invalidFileType'] == 1){?> <p style class="InformationBox">Invalid File TYPE of <?php echo $_SESSION['ext']; ?></p> <?php }elseif($_SESSION['invalidFileSize'] == 1){?> <p style class="InformationBox">Invalid File Size</p> <?php }else{?> <p style class="InformationBox">Contact I.T. Dept.</p> <?php }?> <p style class='MainWriting'>Your file was <strong>NOT</strong> uploaded to the Submission server, please try again. <br> <br> If this problem persists, please check from the Submission site regarding parameters for successful file upload. If these parameters are met and you stll receive this page, please ask your teacher to contact the I.T. Dept. </p> <p style class='MainWriting'> <br> <br> Regards,<br> I.T. Department.</p> <p style class='MainWriting'> </p> <p style class='MainWriting'><a href="index.php">Back to Submission Site</a> </p> </body></html>[/code] Quote Link to comment Share on other sites More sharing options...
amfony Posted December 5, 2006 Author Share Posted December 5, 2006 i did that var_dump($_SESSION) thing. I see what i believe is my pre-defined session variables and their values? Am i correct? I think i am.Okay okay - i got some new info. When i proceed through the site with a certain security measure in place (instantiate a control to allow me to get wscript.network info) my site gives me no love when it comes to username, computername. IE it says username: computername: nothing right because the control wasnt intanciated and therfore it cant return anything to me. When this happens i get these restuls with the var_dump($_SESSION).[code]array(4) { ["username"]=> string(0) "" ["filename"]=> string(0) "" ["computername"]=> string(0) "" ["noFile"]=> int(1) }[/code]As session variable 'nofile' is not dependant on my wscript.network object its expected to have a value - and does. Now when i do the same with a large file (over 10ish MB) heres what i got.[code]array(4) { ["username"]=> NULL ["filename"]=> NULL ["computername"]=> NULL ["noFile"]=> int(1) } [/code] Now that sucks, because my session variables are NULL.I am now offically at the end of my php knowledge guys - could some one PLEASE help me here. I have posted my entire site (pretty much) and returned all results.Please help, thank alot and thanks in advance.Amfony Quote Link to comment Share on other sites More sharing options...
amfony Posted December 6, 2006 Author Share Posted December 6, 2006 no help? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.