btr2007 Posted December 20, 2007 Share Posted December 20, 2007 I am trying to have an uploader so visitors can upload files to some directories that I don't want people to have direct access to. I am using .htaccess to redirect people to the homepage if they type in the directory name, but apparently this is stopping my uploader working because it redirects the uploader before it has a chance to upload the file. The following is the uploader code: <?php // Where the file is going to be placed $var1 = $_GET["leadon"]; $var2 = $_GET["user"]; //$path = mysql_real_escape_string('leadon'); $target_path = $var1; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file " . basename( $_FILES['uploadedfile']['name']) . " has been uploaded"; $to = "email@address"; $subject = "A File has been uploaded by " . $var2; $body = ""; $headers = 'From: email@address'; mail($to, $subject, $body, $headers); }else{ echo $target_path; echo "There was an error uploading the file, please try again!"; } ?> My .htaccess file has the following code in it: redirect /user/username http://www.website.com redirect /user/username/ http://www.website.com RedirectMatch (.*)\index.php http://www.website.com <Files ~ "\.(inc|sql|pdf)$"> order allow,deny deny from all </Files> Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/ Share on other sites More sharing options...
lachild Posted December 20, 2007 Share Posted December 20, 2007 Where is your upload script located? The upload script needs to be located in an area accessible to the user. Use the script to move the file from tmp to the restricted area. Also if you're on Unix/Linux the folders that PHP is moving the file to either need to belong to the same user/group as PHP or chmoded to 777. Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419783 Share on other sites More sharing options...
btr2007 Posted December 20, 2007 Author Share Posted December 20, 2007 The upload script is located just in the root directory. I just changed the user directories to permission 777 and it still tells me the upload failed. Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419788 Share on other sites More sharing options...
lachild Posted December 20, 2007 Share Posted December 20, 2007 Nothing is glaring at me as a problem, unless the $target_path is wrong. Can you post a copy of the form, and I'll check it on this end? Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419804 Share on other sites More sharing options...
lachild Posted December 20, 2007 Share Posted December 20, 2007 Also, if you look at $target_path, does that file already exist in that directory? Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419806 Share on other sites More sharing options...
btr2007 Posted December 20, 2007 Author Share Posted December 20, 2007 <div id="upload"> <div id="uploadtitle"><strong>File Upload</strong> (Max Filesize: <?=$phpmaxsize;?>KB)</div> <div id="uploadcontent"> <? if($phpallowuploads) { $action = "../uploader.php?leadon=" . $leadon . "&client=" . $client; ?> <form method="post" action="<?=$action; ?>" enctype="multipart/form-data"> <input type="file" name="file" /> <input type="submit" value="Upload" /> </form> <? } else { ?> File uploads are disabled in your php.ini file. Please enable them. <? } ?> </div> </div> <? } ?> </div> It is code that came with a directory listing script that i found online. The file I use to test the upload isn't already in the directory. At the moment in the uploader script i have got it so when there is an error it prints the directory on screen and it is always correct. When i was grabbed the form code for you, I was thinking the page that has that on it is located in the restricted directory and calls the uploader from the root directory, do you think this would have any impact? Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419815 Share on other sites More sharing options...
lachild Posted December 20, 2007 Share Posted December 20, 2007 Ok I found the problem... It's not wonder we missed it. if you upload file "myfile.gif" and then echo $target_path you'll notice it spits out the following (assuming of course that $leadon = 'uploads') uploadsmyfile.gif It's missing the directory separator... Try changing this line... $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); To this $target_path = $target_path .'/'. basename( $_FILES['uploadedfile']['name']); Also I noticed the form posts to the uploader one directory up. if $target_path = 'uploads' then the folder uploads needs to be in the same folder as the uploader.php. Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419826 Share on other sites More sharing options...
btr2007 Posted December 20, 2007 Author Share Posted December 20, 2007 Unfortunately that isn't the problem the leadon that i pass to it already has the slash on the end of it. I pass the leadon as /users/username/ uploader being in the base folder wanting it to upload the file to subdirectories of the directory the uploader is in. Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419844 Share on other sites More sharing options...
lachild Posted December 20, 2007 Share Posted December 20, 2007 Ok.. Well I know this is a dumb question... But is "/users/username/" located in the root? Sorry but I can only go off what you posted. You might also try adding this to your script to bug test. (using the vars in your example) if (!is_dir($var1)){ echo "Directory ".$var1." does not exist!"; exit; } if (!is_writable($var1)){ echo "Unable to write to directory ".$var1."!"; exit; } if (is_file($target_path . basename( $_FILES['uploadedfile']['name']))){ echo "File Already Exists. Unable to move uploaded file to .".$target_path . basename( $_FILES['uploadedfile']['name']); exit; } Edit: Added missing brace Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419882 Share on other sites More sharing options...
btr2007 Posted December 20, 2007 Author Share Posted December 20, 2007 Yes the users directory is within the root directory. When i included your error check things none of them come up when i test it Quote Link to comment https://forums.phpfreaks.com/topic/82573-uploading-to-redirected-directories/#findComment-419923 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.