where is my error? not renaming correctly..

[Hofmeister]

<?PHP

// SITE URL//
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);

//URL OF UPLOADED FILES DIRECTORY//
$upload_url = $url_dir."/files/";

//DIRECTORY FOR XML FILE (MUST END WITH PLAYLIST.XML) PHP WILL CREATE FILE IF DIR CHMOD TO 777//
$xmldata = "playlist.xml";

// LOCATION URL OF MP3 FILE DIRECTORY // 
$upload_dir = "files/";


//***********************************************************************************************//
//**************************** SAVING FILE FROM JAVASCRIPT **************************************//
//***********************************************************************************************//


// FILE UPLOADED FROM JAVASCRIPT IS DEFINED "Filedata" //

if(isset($HTTP_POST_FILES["Filedata"])){


$len = strlen($HTTP_POST_FILES['Filedata']['name']); 
$ext = substr($HTTP_POST_FILES['Filedata']['name'],$len - 3,3); 

$name= '('. $_POST["song"].')['. $_POST["artist"].']'.'.'.$ext;
	if (move_uploaded_file($HTTP_POST_FILES['Filedata']['tmp_name'],$upload_dir.$name)) {
    echo "Song Successully Uploaded.\n";
} else {
    echo "Upload Failed, Possible File Upload Attack!\n";
}
}

 

There is more to the cod but the problem I am having is when it moves and renames the file it is named as ()[] why is it not inserting the $_POST? I have a flash form with "song" and "artist" as the variables, I know the flash is sending them because a simple echo displays them. Where is my error?!

 

Thanks!!

[atomicrabbit]

Well first of all $HTTP_POST_FILES is an older method. Instead try $_FILES which exists as of PHP v4.1.0

[Hofmeister]

Thanks for the advice..I'm now using the updated $_FILES tag but the same problem occurs. Could my problem be in my "if" statement? I have the flash form to send variables "onComplete" would there be no variables considering it hasn't completed the php move?

[Hofmeister]

if(isset($_FILES["Filedata"])){
if(isset($_POST["song"]))
if(isset($_POST["artist"]))

$sng = $_POST["song"];
$art = $_POST["artist"];
$len = strlen($_FILES['Filedata']['name']); 
$ext = substr($_FILES['Filedata']['name'],$len - 3,3); 

$name= '('.$sng.')['.$art.']'.'.'.$ext;
		if (move_uploaded_file($_FILES['Filedata']['tmp_name'],$upload_dir.$name)) {
    echo "Song Successully Uploaded.\n";
} else {
    echo "Upload Failed, Possible File Upload Attack!\n";
}
}

 

My latest attempt still doing the same thing... :-\

[Corona4456]

Could you post the code for your form please?

[Hofmeister]

the flash action script? The form is made in flash and using POST to a php script...

[Corona4456]

So what happens when you print the POST data?

echo $_POST["artist"] . " - " . $_POST["song"];

 

[Hofmeister]

You would like to see the flash action script?

The form is made in flash and POST sends it to my php file.

 

like this...

 

objList.onComplete = function() {
pbProgress.visible = true;
objList.onProgress(frFile.size, frFile.size);
pbProgress.label = "Upload completed";
txtStatus.visible = false;
txtStatus.text = "";
btnUpload.enabled = false;
btnBrowse.enabled = true;
iResult = 1;
txtFileName.text = "";
form.loadVariables("uploader.php", "POST");
if (strOnProgress != "") {
	flash.external.ExternalInterface.call(strOnProgress, iResult);
}
if (strURLRedirect != "") {
	_root.getURL(strURLRedirect);

[Hofmeister]

Here is the entire script...the echo returns nothing..the kicker is it sees the $song and $artist because when it goes down to write my xml it writes it from the form..I am REALLY LOST NOW! PLUS...I don't even have that variable $song and $artist defined anymore as I was trying to get the top fixed!!

 

 

<?PHP

//***********************************************************************************************//
//************************************ ASSIGNED VARIABLES  **************************************//
//***********************************************************************************************//


// SITE URL//
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);

//URL OF UPLOADED FILES DIRECTORY//
$upload_url = $url_dir."/files/";

//DIRECTORY FOR XML FILE (MUST END WITH PLAYLIST.XML) PHP WILL CREATE FILE IF DIR CHMOD TO 777//
$xmldata = "playlist.xml";

// LOCATION URL OF MP3 FILE DIRECTORY // 
$upload_dir = "files/";

$song = $_POST["song"];
$artist = $_POST["artist"];

//***********************************************************************************************//
//**************************** SAVING FILE FROM JAVASCRIPT **************************************//
//***********************************************************************************************//

echo "working";
echo $_POST["artist"] . " - " . $_POST["song"];

// FILE UPLOADED FROM JAVASCRIPT IS DEFINED "Filedata" //

if(isset($_FILES["Filedata"])){
if(isset($_POST["song"]))
if(isset($_POST["artist"]))

$sng = $_POST["song"];
$art = $_POST["artist"];

$len = strlen($_FILES['Filedata']['name']); 
$ext = substr($_FILES['Filedata']['name'],$len - 3,3); 

$name= '('.$sng.')['.$art.']'.'.'.$ext;
		if (move_uploaded_file($_FILES['Filedata']['tmp_name'],$upload_dir.$name)) {
    echo "Song Successully Uploaded.\n";
} else {
    echo "Upload Failed, Possible File Upload Attack!\n";
}
}
//***********************************************************************************************//
//********************* CREATE AND OR UPDATE XML PLAYLIST FILE **********************************//
//***********************************************************************************************//

if (!is_dir("files")) {
  if (!mkdir($upload_dir))
  	die ("Upload Directory Does Not Exist");
  if (!chmod($upload_dir,"0777"))
  	die ("CHMOD To 777 Failed");
}

$handle=opendir($upload_dir);
$filelist = "";

$stringdata .= "<playlist version='1' xmlns='http://xspf.org/ns/0/'>\n <trackList>\n";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $stringdata .= "\n  <track>\n   <title>".str_replace(".mp3","",$song)."</title>\n   <creator>".str_replace(".mp3","",$artist)."</creator>\n   <location>$url_dir/$upload_dir$file</location>\n";
if ($info == "yes")
{$stringdata .= "     <info>$url_dir$upload_dir$file</info>\n";}
if (file_exists(str_replace(".mp3",$ingfilecheck,$file)))
{$stringdata .= "      <img>$url_dir$upload_dir".str_replace(".mp3",".jpg",$file)."</img>\n";}
$stringdata .= "  </track>\n\n";
}
}
$stringdata .= "\n\n </tracklist>\n
</playlist>";

$fh = fopen($xmldata, 'w');
fwrite($fh, $stringdata);
fclose($fh);

?>

 

 

[Corona4456]

So you are saying that the script above will output the artist and song in the xml file but not when you are saving the file?

[Hofmeister]

exactly

[Corona4456]

Heh... that's odd... looks like register globals is On, however, that makes no sense as to why $_POST var wouldn't be set.

 

I do see a problem with the code however:

if(isset($_FILES["Filedata"])){
if(isset($_POST["song"]))
if(isset($_POST["artist"]))

$sng = $_POST["song"];
$art = $_POST["artist"];

 

I don't know if that's your intention but it looks like $sng = $_POST["song"] will be the only line to execute if $_POST["artist"] is set.

[Hofmeister]

Thanks for that catch...so far nothing has helped, I did use print $_POST["song"] and now it returns 1's for both $_POST if that means anything? ???

[Corona4456]

Hmm... something is just not adding up here.  Could you post your latest PHP script?

I just want to look over it and make sure there's something I'm not missing here.  It's just not making sense why $artist and $song are being printed and $art and $sng are not being set.