• You are not logged in. | Login

Pages 1

Post a reply

March 8, 2007 11:14 am

reetesh
Member
Ranks

Upload the files

The matter is that I need to save images in the photo gallery but nothing works by me. Here is a part of my code: 

$max_image_width = 2000; 
$max_image_height = 2000; 
$max_image_size = 1024 * 1024; 
$valid_types =  array("gif","jpg", "png", "jpeg"); 

$uploaddir='/images/'; 


if (isset($_FILES['userfile'])) { 
    if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {$filename = $_FILES['userfile']['tmp_name']; 
$ext =substr($_FILES['userfile']['name'], 1 + strrpos($_FILES['userfile']['name'], ".")); 
        if (filesize($filename) > $max_image_size) { 
            echo 'Error: File size > 1M.'; 
        } elseif (!in_array($ext, $valid_types)) { 
            echo 'Error: Invalid file type.'; 
        } else { 
             $size = GetImageSize($filename); 
             if (($size) && ($size[0] < $max_image_width)  
                && ($size[1] < $max_image_height)) { 
                if (@move_uploaded_file($filename, $uploaddir.$_FILES['userfile']['name'])) { 
                    echo 'File successful uploaded.'; 
                } else { 
                    echo 'Error: moving file failed.'; 
                } 
            } else { 
                echo 'Error: invalid image properties.'; 
            } 
        } 
    } else { 
        echo "Error: empty file."; 
    } 
} else { 
    echo  '<script language="javascript"> 
location.replace("http://192.168.0.2/gallery/new_image.php") 
</script>'; 
}

By me image is saved into temporary /tmp-catalogue, images-file but if I view it I see that there is an image I wanted to upload there...


 

 

March 8, 2007 11:19 am

Keeper
Member
Ranks

Re: Upload the files

$uploaddir='/images/';
You are to write the full complete physical path like /home/my_domain.com/images/ It??™s just an example. Complete path you may find out through phpinfo()


 

 

March 8, 2007 11:24 am

bandlist12
Member
Ranks

Re: Upload the files

Complete physical path you may find out through __FILE__ cause there is no document_root under IIS.


 

 

March 8, 2007 11:26 am

reetesh
Member
Ranks

Re: Upload the files

I??™m sorry if I explained the question incorrectly but when I write complete path, for instance, I have : webservers/home/192.168.0.2/gallery/images/ it returns an error ???Cannot rewrite to folder??™. I have Denver server installed. I??™ve viewed everything in ? ??? info() and have done necessary corrections. But nevertheless it doesn??™t work. Thanks to everyone in advance??¦

And within $_FILES massive everything is written and everything is correct!!! I cannot realize what is not working??¦ Everything seems to be all right but image is dropped into the server??™s root and is given "images" name without extension.


 

 

March 8, 2007 11:30 am

Mr.SMart
Member
Ranks

Re: Upload the files

if (@move_uploaded_file($filename, $uploaddir.$_FILES['userfile']['name'])) {
@ - remove it first
Is ???Cannot rewrite to folder??™ equal to ???Error: moving file failed??™?

P.S. Denver isn??™t a server.


 

 

March 8, 2007 11:33 am

SRG
Member
Ranks

Re: Upload the files

1. Extension is defined so

$a = pathinfo($file);
return $a["extension"];

2. Defining file type on the extension isn??™t safe. It??™s better to use mime_content_type - MIME Content-type of a file is defined.

3. Generally file is easy to download.
Variable $_POST['userfile'] contains path to the file
$s = file_get_contents($_POST['userfile']);
And we write a string to the address demanded.


 

 

March 8, 2007 11:35 am

bandlist12
Member
Ranks

Re: Upload the files

SRG, through mime_content_type it is not safe. You??™ll be download file.php but it will be nothing but plain JPEG inside except for the small insertion &lt;? ... ?&gt;


 

 

March 8, 2007 11:41 am

Mr.SMart
Member
Ranks

Re: Upload the files

It??™s better to use mime_content_type - MIME Content-type of a file is defined.

1. This function has been deprecated as the PECL extension Fileinfo provides the same functionality (and more) in a much cleaner way.
2. You may not be able to use it.


 

 

March 8, 2007 11:45 am

SRG
Member
Ranks

Re: Upload the files

bandlist12, it means extension should be checked as well.

Mr.SMart, what do you suggest? Do you want to check the extension only? And what if I replace rar with jpg extension in the achieve and download it? Won??™t it be an image? Thus you are not to check on extension at any case.


 

 

March 8, 2007 11:47 am

Mr.SMart
Member
Ranks

Re: Upload the files

Cannot you check mime_type when loading?


 

 

March 8, 2007 11:50 am

tucansam
Member
Ranks

Re: Upload the files

$uploaddir='/images/';
You are to write the full complete physical path like /home/my_domain.com/images/

Not necessarily. It may be relative one ($uploaddir='images/'; ) if you have some skills

And what if I replace rar with jpg extension in the achieve and download it?

And how will it help you?

Variable $_POST['userfile'] contains path to the file

Right, but it also sets execution rights for the file.


 

 

Post a reply

Pages 1

  • Actions
  • Top