homepage Welcome to WebmasterWorld Guest from 54.167.138.53
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Help !!!!!
HTTP Upload with PHP
circuitjump

10+ Year Member



 
Msg#: 342 posted 1:19 pm on Nov 26, 2001 (gmt 0)

What am I doing wrong with uploading a .exe file

here is the code


<?php
// File extention
$uploaddir = "/home/sites/home/web/template/img/ind_tour";
/*== change spaces to underscores in filename (damn windows!) ==*/
$final_filename = str_replace(" ", "_", $tourfile);
$desitnation_file = $uploaddir . "/$final_filename";
// HTTP Upload
if (is_uploaded_file($final_filename)) {
copy($final_filename, "/home/sites/home/web/template/img/ind_tour");
} else {
echo "Possible file upload attack: filename '$tourfile'.";
}
?>
<table cellpadding="2" cellspacing="3" border="0" width="600">
<tr>
<th>Add Virtual Tour</th>
</tr>
<tr>
<td align="left">
<form action="<? $PHP_SELF ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1024000">
<input type="file" name="tourfile">
<br>
<font size="1">Click browse to upload a local file</font><br>
<br>
</td>
</tr>
<tr>
<td align="left" colspan="2">
<p>
<input type="submit" value="submit">
</p>
</td>
</tr>
</table>

I am sooooo frustrated!
Thanks for any help given though :)

 

gethan

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 342 posted 1:48 pm on Nov 26, 2001 (gmt 0)

Hi,

These four variables are set when a file is uploaded.

$myfile temporary filename (pointer)
$myfile_name original filename
$myfile_size size of uploaded file
$myfile_type mime-type of uploaded file

(Assuming your file is named myfile in the form.)

What your doing wrong here is replacing text on the temporary file that will be something like /tmp/php24f24r2d2 - the one you want to replace on is $myfile_name

So try this -


<?php
// File extention
$uploaddir = "/home/sites/home/web/template/img/ind_tour";
/*== change spaces to underscores in filename (damn windows!) ==*/
$final_filename = str_replace(" ", "_", $tourfile_name);
$desitnation_file = $uploaddir . "/$final_filename";
// HTTP Upload
if (is_uploaded_file($tourfile)) {
copy($tourfile, "/home/sites/home/web/template/img/ind_tour".$final_filename);
} else {
echo "Possible file upload attack: filename '$tourfile_name' as '$tourfile'.";
}
?>
<table cellpadding="2" cellspacing="3" border="0" width="600">
<tr>
<th>Add Virtual Tour</th>
</tr>
<tr>
<td align="left">
<form action="<? $PHP_SELF ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1024000">
<input type="file" name="tourfile">
<br>
<font size="1">Click browse to upload a local file</font><br>
<br>
</td>
</tr>
<tr>
<td align="left" colspan="2">
<p>
<input type="submit" value="submit">
</p>
</td>
</tr>
</table>

or something similar without the bugs ;) If that doesn't work start looking at directory permissions.

Good luck

Gethan

circuitjump

10+ Year Member



 
Msg#: 342 posted 2:12 pm on Nov 26, 2001 (gmt 0)

gethan, You are the MAN or WOMAN. Which ever it may be.

THANK YOU THANK YOU THANK YOU

It's wroking right!

Thanks again

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved