Welcome to WebmasterWorld Guest from 54.196.243.192

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Help !!!!!

HTTP Upload with PHP

     
1:19 pm on Nov 26, 2001 (gmt 0)

Preferred Member

10+ Year Member

joined:May 3, 2001
posts:365
votes: 0


What am I doing wrong with uploading a .exe file

here is the code


<?php
// File extention
$uploaddir = "/home/sites/home/web/template/img/ind_tour";
/*== change spaces to underscores in filename (damn windows!) ==*/
$final_filename = str_replace(" ", "_", $tourfile);
$desitnation_file = $uploaddir . "/$final_filename";
// HTTP Upload
if (is_uploaded_file($final_filename)) {
copy($final_filename, "/home/sites/home/web/template/img/ind_tour");
} else {
echo "Possible file upload attack: filename '$tourfile'.";
}
?>
<table cellpadding="2" cellspacing="3" border="0" width="600">
<tr>
<th>Add Virtual Tour</th>
</tr>
<tr>
<td align="left">
<form action="<? $PHP_SELF ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1024000">
<input type="file" name="tourfile">
<br>
<font size="1">Click browse to upload a local file</font><br>
<br>
</td>
</tr>
<tr>
<td align="left" colspan="2">
<p>
<input type="submit" value="submit">
</p>
</td>
</tr>
</table>

I am sooooo frustrated!
Thanks for any help given though :)

1:48 pm on Nov 26, 2001 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Aug 8, 2001
posts:926
votes: 0


Hi,

These four variables are set when a file is uploaded.

$myfile temporary filename (pointer)
$myfile_name original filename
$myfile_size size of uploaded file
$myfile_type mime-type of uploaded file

(Assuming your file is named myfile in the form.)

What your doing wrong here is replacing text on the temporary file that will be something like /tmp/php24f24r2d2 - the one you want to replace on is $myfile_name

So try this -


<?php
// File extention
$uploaddir = "/home/sites/home/web/template/img/ind_tour";
/*== change spaces to underscores in filename (damn windows!) ==*/
$final_filename = str_replace(" ", "_", $tourfile_name);
$desitnation_file = $uploaddir . "/$final_filename";
// HTTP Upload
if (is_uploaded_file($tourfile)) {
copy($tourfile, "/home/sites/home/web/template/img/ind_tour".$final_filename);
} else {
echo "Possible file upload attack: filename '$tourfile_name' as '$tourfile'.";
}
?>
<table cellpadding="2" cellspacing="3" border="0" width="600">
<tr>
<th>Add Virtual Tour</th>
</tr>
<tr>
<td align="left">
<form action="<? $PHP_SELF ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1024000">
<input type="file" name="tourfile">
<br>
<font size="1">Click browse to upload a local file</font><br>
<br>
</td>
</tr>
<tr>
<td align="left" colspan="2">
<p>
<input type="submit" value="submit">
</p>
</td>
</tr>
</table>

or something similar without the bugs ;) If that doesn't work start looking at directory permissions.

Good luck

Gethan

2:12 pm on Nov 26, 2001 (gmt 0)

Preferred Member

10+ Year Member

joined:May 3, 2001
posts:365
votes: 0


gethan, You are the MAN or WOMAN. Which ever it may be.

THANK YOU THANK YOU THANK YOU

It's wroking right!

Thanks again