[Resolved] [Resolved] How Do I Upload Word/Excel/PDF files not just plain text?

ducey

Hi,

I am having trouble trying to upload Word, Excel and Adobe Acrobat (PDF) documents to my webserver.

I can successfully upload any plain text files (.txt) but anything other then plain text will not work.

Here is my code:

<?php
if(!$submit)
{
print "\n<form enctype=\"multipart/form-data\" action=\"upload2.php\" method=\"post\">";
print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"20000\">";
print "\n<font>Upload a file</font><br>";
print "\n<br><INPUT NAME=\"userfile\" TYPE=\"file\" SIZE=\"35\"><br>";
print "\n<font>Title:</font> <input type=\"text\" name=\"title\"><br>";
print "\n<font>Synopsis:</font> <textarea name=\"synopsis\" rows=\"5\" cols=\"17\"></textarea><br>";
print "\n<font>Review Date:</font> <input type=\"text\" name=\"revdate\"><br>";
print "\n<font>Status:</font> <select name=\"status\"><option value=\"Active\">Active</option><option value=\"Under Review\">Under Review</option></select><br>";
print "\n<font>Which section is the file under?</font> <select name=\"folder\">";
print "<option selected>Please Select...</option>";

include("connection.php");
// Grab all folder names searching on section eg corsupser for Corporate Support Services
$query =  "select * from policyfolders order by folder asc";
$returned = mysql_query($query, $connection);
$rows = mysql_num_rows($returned);
if($rows == 0)
{
}
else
{
	for($int=0;$int<$rows;$int++)
	{
		$array = mysql_fetch_array($returned);
		$directory = $array[0];
		//$directory = str_replace(" ", "", $directory);
		print "<option value=\"$directory\">$array[0]</option>";
	}
}
print "</select><br>";
print "\n<input type=\"submit\" name=\"submit\" Value=\"Upload\">";
print "\n</form>";

}
else
{
// Check the file size and return an error if documents are above a certain size
if($FILES['userfile']['size'] > $MAX_FILE_SIZE)
{
echo("<font>The file you are tyrying to upload is larger than the designated size. Please choose another file or reduce the size of the file.</font>");
}
else
{
$folder = strtolower($folder);
$folder = str_replace(" ", "", $folder);
$uploaddir = "/usr/local/www/departments/policies/newsite/uploads/" . $folder;
// Check the type to be uploaded
$filetype = $FILES['userfile']['type'];
echo($filetype);
//if($filetype == "image/gif" || $FILES['userfile']['type'] == "image/jpeg" || $FILES['userfile']['type'] == "image/jpg" || $FILES['userfile']['type'] == "application/pdf" || $FILES['userfile']['type'] == "application/msword" || $FILES['userfile']['type'] == "application/vnd.ms-excel" || $FILES['userfile']['type'] == "text/plain")
//{
if (move_uploaded_file($FILES['userfile']['tmp_name'], $uploaddir . "/" . $FILES['userfile']['name']))
{
print "File is valid, and was successfully uploaded. Here's some more debugging info:\n";
print_r($FILES);
$query = "select * from policyfolders where folder='$folder'";
$returned = mysql_query($query, $connection);
$array = mysql_fetch_array($returned);
$section = $array[1];
$query = "insert into policynew values('" . $FILES['userfile']['name'] . "', '$title', '$revdate', '$status', '$folder', '$section','$synopsis')";
mysql_query($query, $connection);
}
else
{
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
//}
//else
//{
//echo("<font>Please only upload the following documents:<ul><li>Gif</li><li>Jpeg</li><li>PDF</li><li>Word</li><li>Excel</li><li>Plain Text</li></ul></font>");
//}
}
}
?>

Any help would be greatful 🙂

Many thanks,
Nathan

sdjensen

What happens if you try a word file?

ducey

I get the following error:

Possible file upload attack! Here's some debugging info: Array ( [userfile] => Array ( [name] => domain hosting.doc [type] => [tmp_name] => [error] => 2 [size] => 0 ) )

And I haven't a clue what this file info means!

Nathan

sdjensen

You are receiving the error because of move_uploaded_file is failing.

Are you sure $uploaddir is a valid directory?

Are you sure the folders has the right permissions?

[edit]
The error you are receiving error 2 is:
Value: 2; The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the html form.

http://dk2.php.net/manual/en/features.file-upload.errors.php
[/edit]

ducey

Hi,

$uploaddir is a valid directory and I have set the permissions to it to be 755 and have also tried them as 777. They work fine when uploading normal text files so I knwo that the permissions are correct. It is only when uploading Word, Excel or PDF files that the error occurs.

I will take a look at the site you have quoted. Many thanks for the link 🙂

Nathan

Bijan

I never use MAX_FILE_SIZE in my html form, coz it's basically useless! It's no need to put it in there, and it doesn't help ya at all! But most of the times it'll generate an error, so, it's no need to use it! I remember I changed my maximum file size in php.ini to 10MB, but it always gave me an error for uploading a 2KB file! Finally I found out that it's because of that html field, and when I removed it, everything worked fine!

Something else, b4 using move_uploaded_file, you can use is_uploaded_file() to get sure that what you have is a valid file, ie it's uploaded successfully.

ducey

Thanks very much Bijan! I removed the MAX_FILE_SIZE line and it works fine now.

Yours and everyone else help is very much appreciated 🙂

Nathan

ducey

Well, the upload now works, but when I choose to view the files I have uploaded, it says that the document is corrupt or cannot be opened.

This error occurs on Microsoft Word and excel files and also Acrobat files (.pdf).

Does anyone know why this could be?

Here is my code:

<?php
if(!$submit)
{
echo("<form enctype=\"multipart/form-data\" action=\"upload.php\" method=\"post\">");
echo("<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" align=\"center\">");
echo("<tr>");
echo("<td width=\"200\" colspan=\"2\"><font>Upload a file</font></td>");
echo("</tr>");
echo("<tr>");
echo("<td width=\"100\" valign=\"top\"><font>Select File:</font></td>");
echo("<td width=\"100\" valign=\"top\"><input name=\"userfile\" type=\"file\" size=\"25\"></td>");
echo("</tr>");
echo("<tr>");
echo("<td width=\"100\" valign=\"top\"><font>Title:</font></td>");
echo("<td width=\"100\" valign=\"top\"><input type=\"text\" name=\"title\"></td>");
echo("</tr>");
echo("<tr>");
echo("<td width=\"100\" valign=\"top\"><font>Synopsis:</font></td>");
echo("<td width=\"100\" valign=\"top\"><textarea name=\"synopsis\" rows=\"5\" cols=\"17\"></textarea></td>");
echo("</tr>");
echo("<tr>");
echo("<td width=\"100\" valign=\"top\"><font>Review Date:</font></td>");
echo("<td width=\"100\" valign=\"top\"><input type=\"text\" name=\"revdate\"></td>");
echo("</tr>");
echo("<tr>");
echo("<td width=\"100\" valign=\"top\"><font>Status:</font></td>");
echo("<td width=\"100\" valign=\"top\"><select name=\"status\"><option value=\"Active\">Active</option><option value=\"Under Review\">Under Review</option></select></td>");
echo("</tr>");
echo("<tr>");
echo("<td width=\"100\" valign=\"top\"><font>Which section is the file under?</font></td>");
echo("<td width=\"100\" valign=\"top\"><select name=\"folder\"><option selected>Please Select...</option>");

include("connection.php");
// Grab all folder names searching on section eg corsupser for Corporate Support Services
$query =  "select * from policyfolders order by folder asc";
$returned = mysql_query($query, $connection);
$rows = mysql_num_rows($returned);
if($rows == 0)
{
}
else
{
	for($int=0;$int<$rows;$int++)
	{
		$array = mysql_fetch_array($returned);
		$directory = $array[0];
		//$directory = str_replace(" ", "", $directory);
		echo("<option value=\"$directory\">$array[0]</option>");
	}
}
echo("</select></td>");
echo("</tr>");
echo("<tr>");
echo("<td width=\"200\" valign=\"top\" colspan=\"2\" align=\"center\"><input type=\"submit\" name=\"submit\" Value=\"Upload\"></td>");
echo("</tr>");
echo("</table>");
echo("</form>");

}
else
{
$folder = strtolower($folder);
$folder = str_replace(" ", "", $folder);
$uploaddir = "/usr/local/www/departments/policies/newsite/uploads/" . $folder;

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . "/" . $_FILES['userfile']['name']))
{
	echo("<font><b>Thank you for uploading $the_file_name. It is now available to view <a href=\"policies.php\">here</a></b></font>");
	$query =  "select * from policyfolders where folder='$folder'";
	$returned = mysql_query($query, $connection);
	$array = mysql_fetch_array($returned);
	$section = $array[1];
	$query = "insert into policynew values('" . $_FILES['userfile']['name'] . "', '$title', '$revdate', '$status', '$folder', '$section','$synopsis')";
	mysql_query($query, $connection);
}
else
{
	print "Possible file upload attack!  Here's some debugging info:\n";
	print_r($_FILES);
	print "<br><br>" . $_FILES['userfile']['error'];
}

}
?>

Many thanks,
Nathan

sdjensen

Well glad you made it work, but I don't think your problem with viewing the documents lies in this code.

How do you view the code?

ducey

If i have uploaded a Microsoft Word document, I view it using Microsoft Word. And if it's an Adobe Acrobat file, I use Adobe Acrobat to view it.

To edit my code I use EditPlus, but I do't think this would have no bearing on how the files are corrupted when being uploaded.

sdjensen

Sorry my mistake, how do you read the uploaded files.
I can see you have uploaded them to a linux server and I don't think you are reading the documents using microsoft word on your linux?

Next time please use [ php ] [ /php ] around your code without the spaces.

ducey

I read the files from the Linux machine on a win xp box with office installed.

I didn't know about the php tags in this forum sorry.

sdjensen

Are you reading the files through policies.php?

echo("<font><b>Thank you for uploading $the_file_name. It is now available to view <a href=\"policies.php\">here</a></b></font>");

If you are, then the problem might be in this file.

If not, how are you getting the uploaded files back to your xp box? Are you using a shared netvork drive, samba or ..?

Don't feel bad about the tags, it is just easier to read the code if you use the tags :-)

ducey

Thanks for the tips 🙂

The policies.php page is a page that displays a table and from the subsequent pages from that page, the mysql database is read and displays links to the files in the respective directories which the user can click on and then they should open, but they all return read errors.

The links on the pages that display links to the files are in the format:

<a href="uploads/foldername/file.pdf" target="_blank">Link to Document</a>

The user can then click this link and should be able to view the file.

sdjensen

This is my last idea why you cannot get it to work...

taken from
http://dk2.php.net/manual/en/features.file-upload.php

If you're using Apache 2, you may have to comment out the following lines in your Apache config

SetOutputFilter PHP
SetInputFilter PHP

With these in, my binary files were incorrectly uploaded

ducey

I had a look in my httpd.conf file for these lines, but couldn't find them. I'll take another look tomorrow at work.

Thanks a lot for the help/ideas sd 🙂

Many thanks,
Nathan

benkillin

dude... you dont need to use an echo statement for every line... just do multilines like this:


echo "blah blah blah<br />\r\n
blah blah blah<br />\r\n
blah blah blah<br />\r\n
blah blah blah<br />\r\n";

good for html...

ducey

Ah! Thanks for that Ben 🙂 I'm learning loads today on here! 😃

benkillin

glad I could help 🙂

ducey

I have looked through my httpd.conf file for the lines that sdjensen has stated, but I cannot find them.

Is anyone else finding that files are being corrupted when they upload them to a webserver? Inparticular, Microsoft Word and Excel files and Adobe Acrobat files?

Any help is grateful,

Nathan