Tom10 Posted April 9, 2015 Share Posted April 9, 2015 if($_SERVER['REQUEST_METHOD'] == "POST") { $dir = "./"; $file = $dir . basename($_FILES['userfile']['name']); $ext = pathinfo($file, PATHINFO_EXTENSION); $filename = $_FILES['userfile']['name']; $allowed = array('jpg', 'png', 'gif', 'bmp'); if($_FILES['userfile']['size'] > 10000) { die("File is too large!"); } if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } if(move_uploaded_file($_FILES['userfile']['tmp_name'], $dir)) { echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$dir."! "; } else { die("Error: ".$_FILES['userfile']['error']." "); } } i get no errors but if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } is the problem, it just says Invalid Image File. Possible hack attempt! Link to comment https://forums.phpfreaks.com/topic/295385-upload-script/ Share on other sites More sharing options...
QuickOldCar Posted April 9, 2015 Share Posted April 9, 2015 this if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } to if(!in_array($ext,$allowed)) { die("Invalid Image File. Possible hack attempt!"); } Link to comment https://forums.phpfreaks.com/topic/295385-upload-script/#findComment-1508626 Share on other sites More sharing options...
Tom10 Posted April 10, 2015 Author Share Posted April 10, 2015 Now it say's Error: 2 else { die("Error: ".$_FILES['userfile']['error']." "); } i'm guessing it's that? Link to comment https://forums.phpfreaks.com/topic/295385-upload-script/#findComment-1508631 Share on other sites More sharing options...
QuickOldCar Posted April 10, 2015 Share Posted April 10, 2015 Could be file permissions Maybe make a directory named upload and give it 755 permission for www-data $dir = "./upload/"; Link to comment https://forums.phpfreaks.com/topic/295385-upload-script/#findComment-1508632 Share on other sites More sharing options...
QuickOldCar Posted April 10, 2015 Share Posted April 10, 2015 Actually move_uploaded_file is looking for the full path, added that into code and using directory named upload if($_SERVER['REQUEST_METHOD'] == "POST") { $dir = "./upload/"; $file = $dir . basename($_FILES['userfile']['name']); $ext = pathinfo($file, PATHINFO_EXTENSION); $filename = $_FILES['userfile']['name']; $path = $dir . $filename; $allowed = array('jpg', 'png', 'gif', 'bmp'); if($_FILES['userfile']['size'] > 10000) { die("File is too large!"); } if(!in_array($ext,$allowed)) { die("Invalid Image File. Possible hack attempt!"); } if(move_uploaded_file($_FILES['userfile']['tmp_name'], $path)) { echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$path."! "; } else { die("Error: ".$_FILES['userfile']['error']." "); } } Link to comment https://forums.phpfreaks.com/topic/295385-upload-script/#findComment-1508637 Share on other sites More sharing options...
Tom10 Posted April 10, 2015 Author Share Posted April 10, 2015 Thank you Link to comment https://forums.phpfreaks.com/topic/295385-upload-script/#findComment-1508642 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.