File upload php

[Guernica]

Here is my current php code:

 

	$allowed_filetypes = array('.jpg','.gif','.bmp','.png','.rar','.zip','.doc','.mp3','.mpeg','.avi');
$max_filesize = 157286400;
$filename = $_FILES['uploadedfile']['name'];
$filesize = $_FILES['uploadedfile']['filesize'];
$userid = $_SESSION['userid'];
$filepass = sha1($_POST['filepass']);
$ext = substr($filename, strrpos($filename, '.'));
$target_path = "./files/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$_FILES['uploadedfile']['tmp_name'];

if(!in_array($ext,$allowed_filetypes)) {
	die('The file you attempted to upload is not allowed.');
	}
if(filesize($_FILES['uploadedfile']['tmp_name']) > $max_filesize) {
	die('The file you attempted to upload is too large.');
	}
if(!is_writable($target_path)) {
	die('You cannot upload to the specified directory, please CHMOD it to 777.');
}

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path . $filename)) {
  	  echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
	" has been uploaded successfully!";
mysql_query("INSERT INTO files (userid, filename, password, filesize) VALUES('$userid', '$filename', '$filepass', '$filesize') ")
or die(mysql_error());
	if(!($filepass == 0)) {
	echo "File has been passworded successfully!";
	} else {
	echo "No password specified.";
}
} else{
    echo "There was an error uploading the file, please try again!";
	print_r($_FILES);
}
}

 

The result I get when doing the upload is:

 

The file you attempted to upload is not allowed.

 

It is under the max size and is a .zip file. (allowed)

 

Also, I take out the extension check from php and it says:

There was an error uploading the file, please try again!Array ( )

 

I would really appreciate any help. I have asked a few people and haven't gotten anywhere yet. Thanks!

[jvrothjr]

what about checking your ini file there is a max files size set in there as well that maybe limiting it

[Guernica]

I was able to fix the extension problem. However I get this now:

 

You cannot upload to the specified directory, please CHMOD it to 777.

 

With this code:

 

// Set variables and stuff.

$allowed_filetypes = array('.jpg','.gif','.bmp','.png','.rar','.zip','.doc','.mp3','.mpeg','.avi');
$max_filesize = 157286400;
$filename = ((int)rand(0,9)).((int)rand(0,9)).$_FILES['uploadedfile']['name'];
$filesize = $_FILES['uploadedfile']['filesize'];
$userid = $_SESSION['userid'];
$filepass = sha1($_POST['filepass']);
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1);
$target_path = "/home/myoosicn/public_html/upload/files/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$_FILES['uploadedfile']['tmp_name'];

// Run the shit...

if(!in_array($ext,$allowed_filetypes)) {
	print_r($_FILES);
	die('The file you attempted to upload, ('.$ext.') is not allowed.');
	}
if(filesize($_FILES['uploadedfile']['tmp_name']) > $max_filesize) {
	die('The file you attempted to upload is too large.');
	}
if(!is_writable($target_path)) {
	die('You cannot upload to the specified directory, please CHMOD it to 777.');
}

// If it is moved successfully, woot!

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path . $filename)) {
	echo "The file ".  basename( $_FILES['uploadedfile']['name']).  " has been uploaded successfully!<br/>";
	echo "<b>File Size:</b> $filesize";
	echo "<b>File Name:</b> {$_FILES['uploadedfile']['name']}";
	mysql_query("INSERT INTO files (userid, filename, password, filesize) VALUES('$userid', '$filename', '$filepass', '$filesize') ")
	or die(mysql_error());
		if(!($filepass == 0)) {
		echo "File has been passworded successfully!";
		} else {
		echo "No password specified.";
		}
}
} else {
    echo "There was an error uploading the file, please try again!";
	print_r($_FILES);
}

?>

 

And it is 777 CHMOD.