Photos won't save on upload

Forum Moderators: mack

Message Too Old, No Replies

Photos won't save on upload

Users should be able to upload a photo, but cannot

scalp8

10:04 pm on Jan 5, 2009 (gmt 0)

Thank you in advance for any responses. I have really gained a lot of knowledge from this site.
My site was recently switched from a shared hosting account to a virtual dedicated server. Prior to the switch everything was working fine with photo uploads. We are using PHP and SQL. Upon submission the code seems to write to a tmp_name file somewhere before it is given a random letter/number combination which is saved in the SQL database before the image is saved in the /images folder. We cannot seem to find where or how the tmp file is referred to. The path to the images folder is correct and based on the if/else statement it seems that we're not getting that far before the error message is returned regarding possible file upload attack(s). What could have changed or need to be changed that would tell where the tmp file should be saved?

rocknbil

10:49 pm on Jan 5, 2009 (gmt 0)

Files will, by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The server's default directory can be changed by setting the environment variable TMPDIR in the environment in which PHP runs......

link [us.php.net]

scalp8

7:19 pm on Jan 7, 2009 (gmt 0)

Thank you rocknbil. So if I'm reading that right the writing of the tmp file is automated. So that would make it seem to me that the problem must be occuring when the file is being written from the tmp file to its permanent location. The config.inc file seems to be pointing to the right location. I'm not sure what would have changed just by doing the migration to the new server.

rocknbil

3:52 pm on Jan 8, 2009 (gmt 0)

The path to the images folder is correct and based on the if/else statement it seems that we're not getting that far before the error message is returned regarding possible file upload attack(s).

Having a little trouble understanding exactly what the problem is . . . is it not moving the files to you images folder as expected? Where does this "error message" come from, the system or the PHP code itself?

It could be, for example, the PHP is returning an error that is not really indicative of the problem. It could be something as simple as you don't have permissions properly set on the images folder.

scalp8

9:35 pm on Jan 9, 2009 (gmt 0)

It doesn't seem to be even moving the files into a tmp folder. There error message is definitely coming from the code as I am able to change it. Here's the bit of code containing it:

function upload_image($uid)
{
$message = "";
if (@is_uploaded_file($this->arrFile['tmp_name'])) {
$extn = substr(strrchr($this->arrFile['name'], "."), 1);
$uploadfile = $uid."_".$this->generate_password().".".$extn;
if (@move_uploaded_file($this->arrFile['tmp_name'], PROFILE_IMAGE_PATH.DIRECTORY_SEPARATOR.$uploadfile)) {
$this->vUrl = $uploadfile;
/* Thumbnail code */
require_once "thumbnail.class.php";
$objCThumb = new thumbnail(PROFILE_IMAGE_PATH.DIRECTORY_SEPARATOR.$uploadfile, 100, 100);
$objCThumb->save($uploadfile, PROFILE_IMAGE_PATH.DIRECTORY_SEPARATOR, "sthumb_");
$objCThumb1 = new thumbnail(PROFILE_IMAGE_PATH.DIRECTORY_SEPARATOR.$uploadfile, 300, 300);
$objCThumb1->save($uploadfile, PROFILE_IMAGE_PATH.DIRECTORY_SEPARATOR, "pthumb_");
/* Thumbnail code */

} else {
$message .= "File cannot be saved due to possible file upload attack test(s).<br>";
}
} else {
$message .= "File cannot be saved due to possible file upload attack.<br>";
}
return $message;
}

The error I'm getting is the one that I added "test" into the error from the first else statement. In the second if statement the vURL that it is supposed to return is what the file would be stored as in the /images folder. Does this make it any clearer?

sleepy_az

6:42 am on Jan 10, 2009 (gmt 0)

Two quick thoughts:
- Is the new server/host using a different version of PHP? (i.e. possible register_globals issues and so forth)
- Have folder permission been granted properly?

scalp8

1:56 pm on Jan 10, 2009 (gmt 0)

FIXED! It ended up being a permissions issue. I granted full permissions to all folders used in the path and found that I could then upload photos. I was able to return all permissions back to their original configuration except for the last folder in the path which needed to have write permissions for public. If this will cause any security problems please let me know, but nothing is stored in that folder except user photos.
rocknbil and sleepy_az thank you VERY much for taking the time to help me with this!

rocknbil

4:48 pm on Jan 10, 2009 (gmt 0)

There you go . . . permissions. :-) However those messages are not really indicative of the problem, but you'll probably never see them again . . . except . . .

PHP has a 2MB file upload limit by default, if they try to upload more than 2MB, it will kick this same error and it won't be accurate. There's info in the PHP documentation on how to modify this to reflect an accurate error, but if it's good enough, it's good enough . . .