Tom10 Posted April 9, 2015 Share Posted April 9, 2015 if($_SERVER['REQUEST_METHOD'] == "POST") { $dir = "./"; $file = $dir . basename($_FILES['userfile']['name']); $ext = pathinfo($file, PATHINFO_EXTENSION); $filename = $_FILES['userfile']['name']; $allowed = array('jpg', 'png', 'gif', 'bmp'); if($_FILES['userfile']['size'] > 10000) { die("File is too large!"); } if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } if(move_uploaded_file($_FILES['userfile']['tmp_name'], $dir)) { echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$dir."! "; } else { die("Error: ".$_FILES['userfile']['error']." "); } } i get no errors but if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } is the problem, it just says Invalid Image File. Possible hack attempt! Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted April 9, 2015 Share Posted April 9, 2015 this if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } to if(!in_array($ext,$allowed)) { die("Invalid Image File. Possible hack attempt!"); } 1 Quote Link to comment Share on other sites More sharing options...
Tom10 Posted April 10, 2015 Author Share Posted April 10, 2015 Now it say's Error: 2 else { die("Error: ".$_FILES['userfile']['error']." "); } i'm guessing it's that? Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted April 10, 2015 Share Posted April 10, 2015 Could be file permissions Maybe make a directory named upload and give it 755 permission for www-data $dir = "./upload/"; Quote Link to comment Share on other sites More sharing options...
Solution QuickOldCar Posted April 10, 2015 Solution Share Posted April 10, 2015 (edited) Actually move_uploaded_file is looking for the full path, added that into code and using directory named upload if($_SERVER['REQUEST_METHOD'] == "POST") { $dir = "./upload/"; $file = $dir . basename($_FILES['userfile']['name']); $ext = pathinfo($file, PATHINFO_EXTENSION); $filename = $_FILES['userfile']['name']; $path = $dir . $filename; $allowed = array('jpg', 'png', 'gif', 'bmp'); if($_FILES['userfile']['size'] > 10000) { die("File is too large!"); } if(!in_array($ext,$allowed)) { die("Invalid Image File. Possible hack attempt!"); } if(move_uploaded_file($_FILES['userfile']['tmp_name'], $path)) { echo "File: ".$_FILES['userfile']['name']." has been uploaded to ".$path."! "; } else { die("Error: ".$_FILES['userfile']['error']." "); } } Edited April 10, 2015 by QuickOldCar 1 Quote Link to comment Share on other sites More sharing options...
Tom10 Posted April 10, 2015 Author Share Posted April 10, 2015 Thank you Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.