- You are not logged in. | Login
March 8, 2007 11:14 am
- reetesh
- Member
Upload the files
The matter is that I need to save images in the photo gallery but nothing works by me. Here is a part of my code:
$max_image_width = 2000;
$max_image_height = 2000;
$max_image_size = 1024 * 1024;
$valid_types = array("gif","jpg", "png", "jpeg");
$uploaddir='/images/';
if (isset($_FILES['userfile'])) {
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {$filename = $_FILES['userfile']['tmp_name'];
$ext =substr($_FILES['userfile']['name'], 1 + strrpos($_FILES['userfile']['name'], "."));
if (filesize($filename) > $max_image_size) {
echo 'Error: File size > 1M.';
} elseif (!in_array($ext, $valid_types)) {
echo 'Error: Invalid file type.';
} else {
$size = GetImageSize($filename);
if (($size) && ($size[0] < $max_image_width)
&& ($size[1] < $max_image_height)) {
if (@move_uploaded_file($filename, $uploaddir.$_FILES['userfile']['name'])) {
echo 'File successful uploaded.';
} else {
echo 'Error: moving file failed.';
}
} else {
echo 'Error: invalid image properties.';
}
}
} else {
echo "Error: empty file.";
}
} else {
echo '<script language="javascript">
location.replace("http://192.168.0.2/gallery/new_image.php")
</script>';
}By me image is saved into temporary /tmp-catalogue, images-file but if I view it I see that there is an image I wanted to upload there...
March 8, 2007 11:19 am
- Keeper
- Member
Re: Upload the files
$uploaddir='/images/';
You are to write the full complete physical path like /home/my_domain.com/images/ It’s just an example. Complete path you may find out through phpinfo()
March 8, 2007 11:24 am
- bandlist12
- Member
Re: Upload the files
Complete physical path you may find out through __FILE__ cause there is no document_root under IIS.
March 8, 2007 11:26 am
- reetesh
- Member
Re: Upload the files
I’m sorry if I explained the question incorrectly but when I write complete path, for instance, I have : webservers/home/192.168.0.2/gallery/images/ it returns an error ‘Cannot rewrite to folder’. I have Denver server installed. I’ve viewed everything in РНРinfo() and have done necessary corrections. But nevertheless it doesn’t work. Thanks to everyone in advance…
And within $_FILES massive everything is written and everything is correct!!! I cannot realize what is not working… Everything seems to be all right but image is dropped into the server’s root and is given "images" name without extension.
March 8, 2007 11:30 am
- Mr.SMart
- Member
Re: Upload the files
if (@move_uploaded_file($filename, $uploaddir.$_FILES['userfile']['name'])) {
@ - remove it first
Is ‘Cannot rewrite to folder’ equal to ‘Error: moving file failed’?
P.S. Denver isn’t a server.
March 8, 2007 11:33 am
- SRG
- Member
Re: Upload the files
1. Extension is defined so
$a = pathinfo($file);
return $a["extension"];
2. Defining file type on the extension isn’t safe. It’s better to use mime_content_type - MIME Content-type of a file is defined.
3. Generally file is easy to download.
Variable $_POST['userfile'] contains path to the file
$s = file_get_contents($_POST['userfile']);
And we write a string to the address demanded.
March 8, 2007 11:35 am
- bandlist12
- Member
Re: Upload the files
SRG, through mime_content_type it is not safe. You’ll be download file.php but it will be nothing but plain JPEG inside except for the small insertion <? ... ?>
March 8, 2007 11:41 am
- Mr.SMart
- Member
Re: Upload the files
It’s better to use mime_content_type - MIME Content-type of a file is defined.
1. This function has been deprecated as the PECL extension Fileinfo provides the same functionality (and more) in a much cleaner way.
2. You may not be able to use it.
March 8, 2007 11:45 am
- SRG
- Member
Re: Upload the files
bandlist12, it means extension should be checked as well.
Mr.SMart, what do you suggest? Do you want to check the extension only? And what if I replace rar with jpg extension in the achieve and download it? Won’t it be an image? Thus you are not to check on extension at any case.
March 8, 2007 11:50 am
- tucansam
- Member
Re: Upload the files
$uploaddir='/images/';
You are to write the full complete physical path like /home/my_domain.com/images/
Not necessarily. It may be relative one ($uploaddir='images/'; ) if you have some skills
And what if I replace rar with jpg extension in the achieve and download it?
And how will it help you?
Variable $_POST['userfile'] contains path to the file
Right, but it also sets execution rights for the file.
