User file upload not working

[moshpuff]

Hi!

Im pretty new to php and I try making a form where users can upload files to my ftp. But nothing happens so it would be very nice if someone could check the code and see if it's any errors.

Thanks in advance.

<?php
    header('Content-Type: text/html; charset=utf-8');
    // create cookies to save user data, saved for 1 year
    if (isset($_POST['savecontact'])) {
        setcookie('LOUserName', $_POST['username'], time()+31000000);
        setcookie('LOUserOrg', $_POST['userorg'], time()+31000000);
        setcookie('LOUserMail', $_POST['usermail'], time()+31000000);
        setcookie('LOUserPhone', $_POST['userphone'], time()+31000000);
        setcookie('LOUserContact', $_POST['usercontact'], time()+31000000);
    }
?>

<form action="index.php?" method="post" enctype="multipart/form-data">
    <table><tr>
    <td><div class="form_col1"><p class="body">
    Avsändare: <span style="color:red">*</p>
    </p></div></td><td>
    <input type="text" name="username" <?php if (isset($_COOKIE['LOUserName'])) { echo 'value="'.$_COOKIE['LOUserName'].'"'; } ?> size="45px" maxlength="36" required="true" /><br />
    </td>
</tr><tr>
    <td><p class="body">
    Företag: <span style="color:red">*</p>
    </p></td><td>
    <input type="text" name="userorg" <?php if (isset($_COOKIE['LOUserOrg'])) { echo 'value="'.$_COOKIE['LOUserOrg'].'"'; } ?> size="45px" maxlength="36" required="true" /><br />
    </td>
</tr><tr>
    <td><p class="body">
    E-post: <span style="color:red">*</p>
    </p></td><td>
    <input type="text" name="usermail" <?php if (isset($_COOKIE['LOUserMail'])) { echo 'value="'.$_COOKIE['LOUserMail'].'"'; } ?> size="45px" maxlength="36" required="true" /><br />
    </td>
</tr><tr>
    <td><p class="body">
    Telefon:
    </p></td><td>
    <input type="text" name="userphone" <?php if (isset($_COOKIE['LOUserPhone'])) { echo 'value="'.$_COOKIE['LOUserPhone'].'"'; } ?> size="45px" maxlength="36" /><br />
    </td>
</tr><tr>
    <td><p class="body">
    Meddelande:
    </p></td><td>
    <input type="text" name="usermessage" size="45px" maxlength="150" /><br />
    </td>
</tr><tr>
    <td valign="top"><p class="body">
    Kontakt hos oss:
    </p></td><td><p class="body">
    <input type="radio" name="usercontact" value="name1" <?php if (isset($_COOKIE['LOUserContact']) && $_COOKIE['LOUserContact'] == 'name1') { echo 'checked'; } ?>/> name1<br />
    <input type="radio" name="usercontact" value="name2" <?php if (isset($_COOKIE['LOUserContact']) && $_COOKIE['LOUserContact'] == 'name2') { echo 'checked'; } ?>/> name2<br />
    <input type="radio" name="usercontact" value="name3" <?php if (isset($_COOKIE['LOUserContact']) && $_COOKIE['LOUserContact'] == 'name3') { echo 'checked'; } ?>/> name3<br />
    <input type="radio" name="usercontact" value="name4" <?php if (isset($_COOKIE['LOUserContact']) && $_COOKIE['LOUserContact'] == 'name4') { echo 'checked'; } ?>/> name4<br />
    <input type="radio" name="usercontact" value="name5" <?php if (isset($_COOKIE['LOUserContact']) && $_COOKIE['LOUserContact'] == 'name5') { echo 'checked'; } ?>/> name5<br />
    <input type="radio" name="usercontact" value="name6" <?php if (isset($_COOKIE['LOUserContact']) && $_COOKIE['LOUserContact'] == 'name6') { echo 'checked'; } ?>/> name6<br />
    </p><br /></td>
</tr><tr>
    <td colspan="2"><p class="body">
    <input type="checkbox" name="savecontact" /> Kom ihåg mig<br />
    <i style="font-size:10pt;">Genom att kryssa för denna ruta godkänner du att vi lagrar cookies på din dator för att spara informationen till nästa gång du besöker sidan.</i>
    </p></td>
</tr><tr style="height:40px; vertical-align:bottom">
    <td colspan="2"><p class="body">Verifiera att du inte är en robot:</p></td>
</tr><tr>
    <td><p class="body">
    5 gånger 5 = <span style="color:red">*</p>
    </p></td><td>
    <input type="text" name="verifyhuman" size="45px" maxlength="36" required="true" /><br />
    </td>
</tr></table>
<br />
<p class="body">
Välj fil att ladda upp (max 2GB):
</p>
<input type="file" name="userfile" size="31px" />
<input type="submit" name="submit" value="Ladda upp" /><br /><br />
</form>
<p class="body" style="font-size: 13px;">
STATUS: <i style="font-family: Helvetica, Arial, sans-serif; font-size: 14px; font-weight: normal; color: #ff4444;">

<?php
    if (isset($_FILES['userfile'])) {
        include 'ftp_functions.php';

        // declaration of text variables
        $username = $_POST['username'];
        $username = textformat_safe($username);
        $userorg = $_POST['userorg'];
        $userorg = textformat_safe($userorg);
        $userphone = $_POST['userphone'];
        $userphone = textformat_safe($userphone);
        $usermail = $_POST['usermail'];
        $usermail = textformat_safe($usermail);
        $usermessage = $_POST['usermessage'];
        $usermessage = textformat_safe($usermessage);
        $usercontact = $_POST['usercontact'];
        $usercontact = textformat_safe($usercontact);
        $verifyhuman = $_POST['verifyhuman'];
        date_default_timezone_set('Europe/Stockholm');
        $uploaddate = date('y.m.d H:i ');

        // check verification field
        if ($verifyhuman != '25') {
            echo 'Error! Fyll i rätt svar på frågan ovan.';
        }
        else {
            set_time_limit(9000); // for setting 
            //$paths = '..'; (tror inte den behövs)
            $local_file = $_FILES['userfile']['tmp_name'];
            $local_file = str_replace(' ','_',$local_file);
            $ftp_server = 'SERVERIP';
            $ftp_user_name = 'USERNAME';
            $ftp_user_pass = 'PASSWORD';
            $ftp_path = $_FILES['userfile']['name'];
            $ftp_path = filename_safe($ftp_path);        
            $ftp_path = $userorg . '/' . $ftp_path;
            // set up a connection to ftp server
            $ftpconnection = ftp_connect($ftp_server) or die('Kunde inte ansluta till servern');
     
            // login with username and password
            $ftplogin = ftp_login($ftpconnection, $ftp_user_name, $ftp_user_pass);
    
            // check if directory exists, if not: create it
            $userdir = is_dir('ftp://'.$ftp_user_name.':'.$ftp_user_pass.'@'.$ftp_server.'/'.$userorg);
            if ($userdir == 0) {
                ftp_mkdir($ftpconnection, $userorg);
            }
            
            //check if file name exists
            $namecheck = $ftp_path;
            $file_name = pathinfo($ftp_path);
            $file_base = $file_name['filename'];
            $file_ext = $file_name['extension'];
            for ($i = 1; ; $i++) {
                $check = ftp_size($ftpconnection, $namecheck);
                if ($check != -1) {
                    $namecheck = $userorg."/".$file_base.$i.".".$file_ext; //if file name exists, add $i as number after filename.
                }
                else {
                    $ftp_path = $namecheck; //if file name doesn't exist set filename and exit loop.
                    break;
                }
            }
        
            // upload the file to the path specified
            $upload = ftp_put($ftpconnection, $ftp_path, $local_file, FTP_BINARY);

            // if textfile exists, open it
            $textfile = $userorg.'/'.$userorg.'.txt';
            $check = ftp_size($ftpconnection, $textfile);
            if ($check != -1) {
                $fp = fopen('ftp://'.$ftp_user_name.':'.$ftp_user_pass.'@'.$ftp_server.'/'.$textfile,'a');
            }
            // else create new textfile, upload and open it
            else {
                $temp = tmpfile();
                ftp_fput($ftpconnection, '../'.$textfile, $temp, FTP_ASCII);
                $fp = fopen('ftp://'.$ftp_user_name.':'.$ftp_user_pass.'@'.$ftp_server.'/'.$textfile,'a');
            }
            // write to textfile and close it
            $filetext = $uploaddate.$username.', '.$userphone.', '.$usermail.' uploaded the file '.$ftp_path.'. Message: '.$usermessage.'. Contact: '.$usercontact.PHP_EOL;
            fwrite($fp, $filetext);
            fclose($fp);
    
            // check the upload status
            if (!$upload) {
                echo 'Error! Filen kunde inte laddas upp.';
            }
            else {
                echo 'Tack! Filen har nu laddats upp.';
                
                // send mail with upload message
                $subject = $username.' uploaded a file via FTP';
                $message = $uploaddate.$username.', '.$userphone.', '.$usermail.' uploaded the file '.$ftp_path.PHP_EOL.'Message: '.$usermessage.'. Contact: '.$usercontact;
                // message lines should not exceed 70 characters (PHP rule), so wrap it
                $message = wordwrap($message, 70);
                // send mail
                mail("EMAIL",$subject,$message,"From: $usermail\n");
                mail("$usermail","TEXT","Thanks for uploading to our FTP. We have received the file ".$ftp_path.".","From: EMAIL"); 
            }

            // delete tmp-files from upload
            array_map('unlink', glob("D:/wwwtmp/php*"));
            
            // close the FTP connection
            ftp_close($ftpconnection);    
        }        
    }
?>

 

[requinix]

$local_file = str_replace(' ','_',$local_file);

Don't do that. The tmp_name is the location of the upload on your server and if you change the value then you won't be able to find the file. But that's probably not the problem.

 

There are too many ways this script could have problems. You will have to do some debugging yourself. Are you sure there aren't any messages being outputted? You have a lot of them in there. If there aren't then add some to the places that don't have any until your code is at a point where it tells you every single thing it does.

[ginerjm]

Whoever gave you the idea of using cookies for storing data that you want to use in the currently running script?  I do believe that cookies are not available to a script until it loads, so setting one and then referring to it a few lines later won't work.

• Do you have php error checking turned on?  That might have given you some warnings.