Forum Moderators: coopster
I have a piece of code I've written that allows the end user to upload a file from the front-end of the site don't worry - there are security measures in place to access the form in question). I've had several clients who wanted this capability in the past, so I wrote a bit of code that works well for them. I have it running perfectly on five different sites, on three different servers, no problems whatsoever.
However, I just installed it one someone's site, and it refuses to work. I'm at a loss as to why. I've been debugging like mad trying to figure it out, but I'm coming up empty. I have error reporting on, but nothing is being reported (and nothing is showing the in the logs, either).
From my troubleshooting, I've found that the file IS being uploaded, the temporary path and file IS being created, but for some reason, the move_uploaded_file() function is failing. It's just not moving the file from the temporary area to the final destination.
I have checked file permissions, paths - everything is correct. I also know it's not my code i other ways (such as something conflicting) because I've tested this entire thing on two separate servers, and it works perfectly. but when I put it on *this* particular server, it stops working. So my only conclusion is that it's some kind of server setting that's preventing it from moving the file.
I've been told that there's some kind of Apache setting (in http.conf) that could be stopping it, and I've also been told that if the server is SELinux that could also cause the problem. What the specifics are on either of these, I don't know.
So my question is this: would anyone here know what the particulars are? What I should be looking for? How it can be fixed?
Alternatively, here is my code. Would anyone know how to fix this so it would work, no matter what the server settings are?
<?php function avatar_uploader() {
add_submenu_page('users.php', 'Avatar Uploader', 'Avatar Uploader', 8, 'testmanage', 'avatar_manager');
}
function avatar_manager() {
global $root, $basepath, $path;
// let's peek in the directory
$headerpath = $root . $basepath . "/gravatars/";
$files = scandir($headerpath);
if($files) {
$count = '1';
foreach ($files as $f) {
if($f == '.' ¦¦ $f == '..') {
$imglist = '<br />';
} else {
$imglist .= '<div style="float:left; margin:10px; text-align:center;">';
$imglist .= '<img style="width:54px; height:64px" src="' . $path . '/wp-content/uploads/gravatars/' . $f . '" /><br />';
$imglist .= $f;
$imglist .= '</div>';
$count++;
if($count == '7') {
$imglist .= '<div style="clear:left; height:0;"></div>';
$count = '1';
}
}
}
}
?>
<div class="wrap">
<h2>Avatar Uploader</h2>
<?php
$intro = '<p>Upload your avatar image here for storage. </p> <p>Please keep in mind the following requirements:<ul style="margin-left:2em;list-style:disc;"><li>the image needs to be in <strong>GIF</strong> format.</li><li>the filename must be a lowercase version of the author\'s nickname, as defined by the "nickname" field in the user\'s profile, with spaces replaced by dashes. For example, if the author\'s nickname is "Alexander Heffner", then your filename must be "alexander-heffner.gif" for the image to show up properly for that author.</li></ul><p><strong>PLEASE NOTE: If you upload a file that has the same name as an existing file, the old file will be overwritten!</strong></p><br />';
$form .= '<form method="post" action="' . $PHP_SELF . '" enctype="multipart/form-data">';
$form .= '<label for="file">Your image:</label>';
$form .= '<input class="form" type="file" id="file" name="file" />';
$form .= '<input type="hidden" name="action" value="upload" />' . "\n";
$form .='<input class="button" type="submit" value="Upload!" />';
$form .='</form>';
// validation
$thanks .= "<p>Success! Your file has been uploaded. Would you like to upload another file?</p>";
// start the script
foreach($_POST as $k => $v);
$_POST[$k] = htmlentities($v);
isset($_POST['action']) ? $action = $_POST['action'] : $action = '';
isset($_POST['file']) ? $file = $_POST['file'] : $file = '';
isset($_POST['file_error']) ? $file_error = $_POST['file_error'] : $file_error = '';
isset($_POST['error']) ? $error = $_POST['error'] : $error = '';
isset($_POST['send']) ? $send = $_POST['send'] : $send = '';
if ($action != "upload") {
echo $intro;
echo $form;
echo $imglist;
}
if ($action == "upload") {
if (($_FILES["file"]["type"] == "image/gif")) {
if ($_FILES["file"]["error"] > 0) {
echo "<span class=\"message\">I'm sorry - there was an error with your upload. " . $_FILES["file"]["error"] . "</span>" . "\n";
$send = "no";
}
} else {
echo "<span class=\"message\">I'm sorry - this is an ivalid file format. You can only upload GIF files.</span>" . "\n";
$send = "no";
}
if ($send == "no") {
echo $form;
return;
}
$filename = $_FILES['file']['name'];
move_uploaded_file ($_FILES['file']['tmp_name'], $root . $basepath . "/gravatars/" . $filename); {
echo $thanks;
echo $form;
echo $imglist;
return;
}
}
?>
</div>
<?php }
Thank you!
Do you have the permissions set correctly on the directory you are trying to move the file to? At the very top of your processing file, activate error reporting:
error_reporting(E_ALL);
And see if that throws any errors.
dc
I believe it to be a server setting. the code is written in WordPress, and it's not only my script that fails, but anything in the WordPress back-end that needs to upgrade, import or upload. ALL of it has the same error. however, the host refuses to do anythign about it, and says that I'm the one that needs to solve the issue. I've told them if they allow me to have a copy of the php.ini file then I probably could (ll I'd have to do is change the Apache /tmp location in the php.ini file) but it's been two weeks and they still refuse to give it to me. They also won't change the setting in Apache for me either - apparently that's asking too much of them. I'm currently at a loss - the host won't do anything (says it's not their problem), and they won't give me access to what I need so I *can* fix it, and I can't switch hosts (the site's not for me, and the client won't swap, they've been using them for too long). So I'm trying to figure out what else I can to do solve this problem. The client, of course, blames me because they have another WordPress installation that's running just fine with no issues (however, it's an old install - 2.3.x - and I was hired to upgrade them, and what I'm working on is the testbed on their server.
I had another client who had the exact same issue and the host has them somehow wrap everything in cgi-wrap. They sent instructions directly from the host, but I don't understand them very well, and I don't know if I can use the same instructions for this host, because I don't know if I have SSH access to their server (or even if I'm allowed to do it).
We ended up getting a new host. That solved the problem. however, I will note that afterwards, I installed another version of 2.8.5 (and later 2.8.6) on yet another host and ran into the same issue, and discovered that there was something new WordPress had done. There's a workaround to it, but you should be aware of the consequences of using it. (for the following install, we used the workaround, and I did try to use it on the above site, but it didn't work - it was totally a hosting setting in the above case. But the workaround has worked in all of the other installs that people wanted to use it for.)
The info on the workaround can be found here: http://core.trac.wordpress.org/ticket/10692 [core.trac.wordpress.org] - better to let WordPress explain it than me! But the fix itself is simply adding this line to the wp-config.php file:
define('ALLOW_UNFILTERED_UPLOADS', true);But definitely read up on *why* they made this change, because there really is good reason to it.
