Welcome to WebmasterWorld Guest from 54.205.60.49

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Help !!!!!

HTTP Upload with PHP

   
1:19 pm on Nov 26, 2001 (gmt 0)

10+ Year Member



What am I doing wrong with uploading a .exe file

here is the code


<?php
// File extention
$uploaddir = "/home/sites/home/web/template/img/ind_tour";
/*== change spaces to underscores in filename (damn windows!) ==*/
$final_filename = str_replace(" ", "_", $tourfile);
$desitnation_file = $uploaddir . "/$final_filename";
// HTTP Upload
if (is_uploaded_file($final_filename)) {
copy($final_filename, "/home/sites/home/web/template/img/ind_tour");
} else {
echo "Possible file upload attack: filename '$tourfile'.";
}
?>
<table cellpadding="2" cellspacing="3" border="0" width="600">
<tr>
<th>Add Virtual Tour</th>
</tr>
<tr>
<td align="left">
<form action="<? $PHP_SELF ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1024000">
<input type="file" name="tourfile">
<br>
<font size="1">Click browse to upload a local file</font><br>
<br>
</td>
</tr>
<tr>
<td align="left" colspan="2">
<p>
<input type="submit" value="submit">
</p>
</td>
</tr>
</table>

I am sooooo frustrated!
Thanks for any help given though :)

1:48 pm on Nov 26, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hi,

These four variables are set when a file is uploaded.

$myfile temporary filename (pointer)
$myfile_name original filename
$myfile_size size of uploaded file
$myfile_type mime-type of uploaded file

(Assuming your file is named myfile in the form.)

What your doing wrong here is replacing text on the temporary file that will be something like /tmp/php24f24r2d2 - the one you want to replace on is $myfile_name

So try this -


<?php
// File extention
$uploaddir = "/home/sites/home/web/template/img/ind_tour";
/*== change spaces to underscores in filename (damn windows!) ==*/
$final_filename = str_replace(" ", "_", $tourfile_name);
$desitnation_file = $uploaddir . "/$final_filename";
// HTTP Upload
if (is_uploaded_file($tourfile)) {
copy($tourfile, "/home/sites/home/web/template/img/ind_tour".$final_filename);
} else {
echo "Possible file upload attack: filename '$tourfile_name' as '$tourfile'.";
}
?>
<table cellpadding="2" cellspacing="3" border="0" width="600">
<tr>
<th>Add Virtual Tour</th>
</tr>
<tr>
<td align="left">
<form action="<? $PHP_SELF ?>" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1024000">
<input type="file" name="tourfile">
<br>
<font size="1">Click browse to upload a local file</font><br>
<br>
</td>
</tr>
<tr>
<td align="left" colspan="2">
<p>
<input type="submit" value="submit">
</p>
</td>
</tr>
</table>

or something similar without the bugs ;) If that doesn't work start looking at directory permissions.

Good luck

Gethan

2:12 pm on Nov 26, 2001 (gmt 0)

10+ Year Member



gethan, You are the MAN or WOMAN. Which ever it may be.

THANK YOU THANK YOU THANK YOU

It's wroking right!

Thanks again

 

Featured Threads

Hot Threads This Week

Hot Threads This Month