Hey guys,
can anybody please tell me how to get a working file upload with php?
I'm a lil confused right now. My script works as far as the uplod function is concerned. It makes a new file php... in the tmp directory and the file gets bigger and bigger. But as soon as the script should move/copy/renam the uploaded file, the file is gone.
Here's my script so far:
<?
$uploaddir = '/opt/uploaded/';
$uploadfile = $uploaddir. $HTTP_POST_FILES['userfile']['name'];
print "<pre>";
if (is_uploaded_file($HTTP_POST_FILES['userfile'])) {
rename($_FILES['userfile']['tmp_name'], "/opt/uploaded/123.mpg");
} else {
echo "Mögliche Dateiupload-Attacke: Dateiname '$HTTP_POST_FILES[userfile]'.";
}
print "</pre>";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input name="userfile" type="file" /><input type="text" name="filename" /><input type="submit" />
</form>
<? phpinfo();?>
</body>
</html>
or
<?
# @function upload_file
#
# @param $field string the name of the file upload form field
# @param $dirPath string the relative path to which to store the file (no trailing slash)
# @param $maxSize int the maximum size of the file
# @param $allowed array an array containing all the "allowed" file mime-types
#
# @return mixed the files' stored path on success, false on failure.
function upload_file($field = '', $dirPath = '', $maxSize = 100000, $allowed = array())
{
foreach ($_FILES[$field] as $key => $val)
$$key = $val;
if ((!is_uploaded_file($tmp_name)) || ($error != 0) || ($size == 0) || ($size > $maxSize))
return false; // file failed basic validation checks
if ((is_array($allowed)) && (!empty($allowed)))
if (!in_array($type, $allowed))
return false; // file is not an allowed type
do $path = $dirPath . DIRECTORY_SEPARATOR . rand(1, 9999) . strtolower(basename($name));
while (file_exists($path));
if (move_uploaded_file($tmp_name, "/opt/uploaded/123.mp3"))
return $path;
return false;
}
?>
DEMO:
<?php
if (array_key_exists('submit', $_POST)) // form has been submitted
{
if ($filepath = upload_file('music_upload', 'music_files', 700000, array('application/octet-stream','audio/wav')))
echo 'File uploaded to ' . $filepath;
else
echo 'An error occurred uploading the file... please try again.';
}
echo '
<form method="post" action="' .$_SERVER['PHP_SELF']. '" enctype="multipart/form-data">
<input type="file" name="music_upload" id="music_upload" />
<input type="submit" name="submit" value="submit" />
</form>
';
print_r($_FILES); // for debug purposes
?>
The rights of my tmp are 777 and chown nobody.
Thanks in advance
can anybody please tell me how to get a working file upload with php?
I'm a lil confused right now. My script works as far as the uplod function is concerned. It makes a new file php... in the tmp directory and the file gets bigger and bigger. But as soon as the script should move/copy/renam the uploaded file, the file is gone.
Here's my script so far:
<?
$uploaddir = '/opt/uploaded/';
$uploadfile = $uploaddir. $HTTP_POST_FILES['userfile']['name'];
print "<pre>";
if (is_uploaded_file($HTTP_POST_FILES['userfile'])) {
rename($_FILES['userfile']['tmp_name'], "/opt/uploaded/123.mpg");
} else {
echo "Mögliche Dateiupload-Attacke: Dateiname '$HTTP_POST_FILES[userfile]'.";
}
print "</pre>";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input name="userfile" type="file" /><input type="text" name="filename" /><input type="submit" />
</form>
<? phpinfo();?>
</body>
</html>
or
<?
# @function upload_file
#
# @param $field string the name of the file upload form field
# @param $dirPath string the relative path to which to store the file (no trailing slash)
# @param $maxSize int the maximum size of the file
# @param $allowed array an array containing all the "allowed" file mime-types
#
# @return mixed the files' stored path on success, false on failure.
function upload_file($field = '', $dirPath = '', $maxSize = 100000, $allowed = array())
{
foreach ($_FILES[$field] as $key => $val)
$$key = $val;
if ((!is_uploaded_file($tmp_name)) || ($error != 0) || ($size == 0) || ($size > $maxSize))
return false; // file failed basic validation checks
if ((is_array($allowed)) && (!empty($allowed)))
if (!in_array($type, $allowed))
return false; // file is not an allowed type
do $path = $dirPath . DIRECTORY_SEPARATOR . rand(1, 9999) . strtolower(basename($name));
while (file_exists($path));
if (move_uploaded_file($tmp_name, "/opt/uploaded/123.mp3"))
return $path;
return false;
}
?>
DEMO:
<?php
if (array_key_exists('submit', $_POST)) // form has been submitted
{
if ($filepath = upload_file('music_upload', 'music_files', 700000, array('application/octet-stream','audio/wav')))
echo 'File uploaded to ' . $filepath;
else
echo 'An error occurred uploading the file... please try again.';
}
echo '
<form method="post" action="' .$_SERVER['PHP_SELF']. '" enctype="multipart/form-data">
<input type="file" name="music_upload" id="music_upload" />
<input type="submit" name="submit" value="submit" />
</form>
';
print_r($_FILES); // for debug purposes
?>
The rights of my tmp are 777 and chown nobody.
Thanks in advance
