PhP FTPing

phrater

I recently loaded a prewritten php page into my system that was
supposed to allow me to upload files from the web.

When you submit the file, there aren't any errors but the
file is not in the target folder.

I have the target folder set to 777 and still nothing.

Anyone have any ideas as to why this would be happening?

Here is the code:

<HTML><BODY BGCOLOR=FFFFFF>
<?php
$uploadDir = '/var/www/html/PHP/storage/';
if (isset($submit)){
if ($upload != 'none'){
$dest = $uploadDir . $upload_name;
if (@copy($upload, $dest)){
echo "Successfully uploaded $dest<BR>\n";
}
else{
echo "<FONT COLOR=FF0000><B>File Upload Failed</B></FONT><BR>\n";
$perms = @fileperms($uploadDir);
$owner = @fileowner($uploadDir);
if (!$perms){
echo "Directory does not exist: $uploadDir<BR>\n";
}
else{
$myuid = getmyuid();
if (!($perms & 2) && !(($owner == $myuid) && ($perms & 128))){
echo get_current_user(), " doesn't have permission to write in $uploadDir<BR>\n";
}
}
}
}
else{
echo "<FONT COLOR=FF0000><B>File Upload Failed</B></FONT><BR>\n";
echo "Filesize exceeds limit in FORM or php.ini<BR>\n";
}
}
?>
<FORM ENCTYPE=multipart/form-data ACTION=fileupload.php METHOD=POST>
<INPUT TYPE=HIDDEN NAME=MAX_FILE_SIZE VALUE=10000>
Upload File: <INPUT NAME=upload TYPE=FILE><BR>
<INPUT TYPE=SUBMIT NAME=submit VALUE="Upload">
</FORM>
</BODY></HTML>

phrater

Hmmm... my code lost it's nice shape...

Anyone know how to preserve it's actuall
format?

Is it a preformmated text tag?

TIA

dinger

use [ code ] your code [ /code ]

Chris

phrater

Thank You Chris.

dinger

If you want your PHP code to be color coded, use

[ php ] your code [ /php ]

instead.

Chris.

HalfaBee

From the manual

<?php
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of $_FILES.
// In PHP earlier then 4.0.3, use copy() and is_uploaded_file() instead of move_uploaded_file

$uploaddir = '/var/www/uploads/'; // change this to your location to save the file.

print "<pre>";
if (move_uploaded_file($FILES['userfile']['tmp_name'], $uploaddir . $FILES['userfile']['name'])) {
print "File is valid, and was successfully uploaded. Here's some more debugging info:\n";
print_r($FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($FILES);
}

HalfaBee

phrater

Dinger:

Thanks for the the posting help.

HalfABee:

Thank you for your help, but it too is not working.
any idea if there is an apache setting etc that
might be standing in my way? I'll keep working
with the code you posted hopefully I'm just
doing something dumb that I will learn from :-P