I have a form like:
<FORM ENCTYPE='multipart/form-data' ACTION='addphotosuccess.php' METHOD='POST'>
<input type='hidden' name='Loginusername' value='<?php echo($Loginusername);?>'>
<input type='hidden' name='userfile' value='<?php echo($userfile);?>'>
<INPUT TYPE='hidden' name='MAX_FILE_SIZE' value='1000'>
Send this file: <INPUT NAME='userfile' TYPE='file'><br><br>
<INPUT TYPE='submit' VALUE='Send File'>
</FORM>
which is in a php file. Onsubmit it go to another php file which looks like this:
<input type='hidden' name='Loginusername' value='<?php echo($Loginusername);?>'>
<input type='hidden' name='userfile' value='<?php echo($userfile);?>'>
<?php
function is_uploaded_file($userfile) {
if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
$tmp_file = dirname(tempnam('', ''));
}
$tmp_file .= '/' . basename($userfile);
/ User might have trailing slash in php.ini... /
return (ereg_replace('/+', '/', $tmp_file) == $userfile);
}
if (is_uploaded_file($userfile)) {
copy($userfile, "http://www.onecardexpress.net/temp17/$Loginusername/");
} else {
echo "Possible file upload attack: filename '$userfile'.";
}
?>
but I keep getting this error:
Possible file upload attack: filename 'none'.
anyone know why ?
thanks
