Help understanding a php routine

[Warspite]

Sorry, I do not know anything about php, except that I need to (try) make this work

 

<?php
$uploads_dir = '/uploads';
foreach ($_FILES["pictures"]["error"] as $key => $error) {
    if ($error == UPLOAD_ERR_OK) {
        $tmp_name = $_FILES["pictures"]["tmp_name"][$key];
        $name = $_FILES["pictures"]["name"][$key];
        move_uploaded_file($tmp_name, "$uploads_dir/$name");
    }
}
?>

 

What i hope to achieve is move a file Posted via WinHttp.WinHttpRequest.5.1 to a target folder.

There is no '/Uploads' folder as such but I could make one.  All the above is an example from

Google, there's no "pictures" or "tmp_name".  The file is a .zip file.

 

Any help greatly appreciated.

 

[requinix]

$_FILES only works for a specifically-formatted request. What is the uploading code? Even if it isn't PHP. And just in case, are you able to change it?

[Warspite]

Yes, I can change anything.  The uploading code is (and doesn't quite work) is

---

Function WinHTTPPostRequest(URL, theFile)
  Dim http

  Set http = CreateObject("WinHttp.WinHttprequest.5.1")
 
  'Open URL As POST request
  http.Open "POST", URL, False
 
  'Send theFile data To URL As POST binary request
  http.send theFile
 
  'Get a result of the script which has received upload
  WinHTTPPostRequest = http.responseText
  Debug.Print http.responseText
End Function

---

It returns "Forbidden' or somesuch and I presume that's a fair-enough security thing.  I can attempt to resolve that, but I do have working

php script which accepts a string send by WinHttp.WinHttprequest.5.1 (and appends to on text file on the website + sends a notify email).  It's this I'm trying to adapt

to accepting a zip file and saving it to somwhere on the site.

[boompa]

If you're going to use WinHTTP, you're likely going to have to assemble a multipart MIME message to send a file. See here or RFC 1867 for how to do this.

[Warspite]

Thanks boompa,  took a look at both but it's all a bit too complex for me.  I assume there's the routine to send the file (on my local machine) and

a routine (php) on the website to receive it and copy somewhere?  But I can't find anything along those lines... so I'll keep using FTP for now.

But if anyone has an example I could follow I'd like to give it a go.

[requinix]

You can still use WinHttpRequest to upload a file, but you do it not as a "regular" file upload but by sending the data right in the request body. Which is what you're doing right now, in fact.

 

1. Use the PUT method instead of POST to be consistent with how the various HTTP request methods are supposed to be used.

2. Your PHP code needs the filename so you'll have to send that in the request. Easiest way would be to put that in the query string like

http.Open "PUT", URL & "?filename=" & URL_encoded_filename_goes_here, False

(if the URL already has a query string then you'd use "&" instead of "?", of course)

Or, if possible, you can modify your code so that it doesn't need the filename

3. Your PHP code can't use $_FILES but it can get the file data with

file_get_contents("php://input")

The filename comes from $_GET like normal. Edited February 16, 2015 by requinix

[Warspite]

Many thanks..  wish i could follow what you mean as well as you!   I did try your example

http.Open "PUT", URL & "?filename=" & URL_encoded_filename_goes_here, False

and received error  "This method cannot be called until the Send method has been called"

 

I am flying completetly blind here, first up I'm not sure what a 'URL_encoded_filename' is and I was just using

the normal filespec 'C:\ZipTest\tt.zip'.

 

If you're Ok to help (and I hope you are!) can we do this in 2 stages, first get the zip file onto the site

then the php code to move it to the required destination.  Or maybe that all happens in one hit?. The other php code I

have (the one I was trying to adapt) does stuff this doesn't need.  Maybe there's nothing needed on the site at all ?

[requinix]

All you did to the uploading code was change that one http.Open line to the new one, right? You also have to substitute "URL_encoded_filename_goes_here", which I wrote in the hopes that you would read that name and realize you were supposed to put the URL-encoded filename there and not just copy/paste it blindly.

[Warspite]

>All you did to the uploading code was change that one http.Open line to the new one, right?

 

Yes

 

>You also have to substitute "URL_encoded_filename_goes_here", which I wrote in the hopes that you would read that name and realize you were supposed to put the URL-encoded filename there >and not just copy/paste it blindly.

 

Fair comment, but I did say I'm not sure what a 'URL_encoded_filename' is. I used my 'best guess' to what it might be.

If you could tell me I'll certainly try.  Would that also sort the error message about the Send method ?

[Warspite]

Continuing on, I did some Googling and found a bit about URL-encoded filenames. I found a site that did the conversion and

 

"C:\ZipTest\tester.zip" became "C%3A%5CZipTest%5Ctester.zip"

 

But  another site reported the "." should be "%2E"  Afaik that's decimal 46 and is part of the ascii character set ?

 

I tried both but the same error resulted

 

This method cannot be called until the Send method has been called

[Warspite]

A liitle more to add, found an example of the Send Method and tried it just to see results

 

 http.send ("Post data")

 

Now the respose text is very different, and says

 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method PUT is not allowed for the URL /files/site/.</p>
<hr>
 

[requinix]

Fair comment, but I did say I'm not sure what a 'URL_encoded_filename' is. I used my 'best guess' to what it might be.

I'm not sure what else to say besides "the filename, but URL encoded". If you weren't sure what URL encoding it, it's basically that %XX stuff you found; the only character you actually have to worry about encoding is the slash - the rest are fine.

 

Would that also sort the error message about the Send method ?

That was what my first question was for. But it seems you have that sorted out.

 

But  another site reported the "." should be "%2E"  Afaik that's decimal 46 and is part of the ascii character set ?

Yes. As I mentioned above, the period doesn't have to be escaped, but it's fine if it is.

 

I tried both but the same error resulted

 

This method cannot be called until the Send method has been called

If putting the file contents back in there brings the error up again, please post the revised code for it.

 

Method Not Allowed

The requested method PUT is not allowed for the URL /files/site/.

---

There's something on the web server blocking PUT. That's unfortunate but whatever, it's not worth messing around with. Change the method back to POST.

However add a Content-Type header between the Open and Send. PHP will see that and not try to interpret the request like it normally would (ie, putting stuff into $_POST and such).

http.SetRequestHeader "Content-Type", "application/zip"

Edited February 17, 2015 by requinix

[Warspite]

OK. There's much more to this, apparently.   Perhaps I cannot do what I'm attempting...

 

The full routine now is

 

Function WinHTTPPostRequest(URL, theFile)
  Dim http

  Set http = CreateObject("WinHttp.WinHttprequest.5.1")
 
  http.Open "POST", URL & "?filename=" & theFile, False
   
  http.setRequestHeader "Content-Type", "application/zip"
 
  http.send ("Post data")
 
  'Get a result of the script which has received upload
  WinHTTPPostRequest = http.responseText
  Debug.Print http.responseText
End Function

 

 

Th response is now

 

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /files/site/
on this server.</p>
<hr>

 

What do I need to do to "be allowed" or "have permission " ?

 

Would showing you the routine which does "allow" me to send data (instead of a zip file)

be useful ?

[requinix]

Now we're back to the security thing you mentioned a couple days ago, which is probably unrelated to anything we've been talking about so far.

 

The web server is denying access to that location and/or with the POST method. Can you find any rules or security settings that would explain that?

[CroNiX]

When posting code, please use the code tags (it's the <> on the menu bar) to make your code much more readable to us.

[Warspite]

> Can you find any rules or security settings that would explain that?

 

I don't think so; not even sure where to look. I just assumed (because I can send text data) I could also send a file and automate the process

without needing to run up cuteftp. Maybe I was a bit ambitious...  and in an area I know nothing about.  But thanks for trying.

Cronix, will remember about code tags.