Help $_FILES problem

Lucidnight

Ok, my web hosting service is using php 4.1 and the code i am trying to work out was written for 4.3, but with a few diff commands i was told it should work, so i've been learning some php and switch some commands. I need help with this one though.

Code : $f = $_FILES["file"];

this is the line of code for the script, my host has their "register globals" on, since it is on by default, and my files are trying to upload to the /tmp/ directory. Which is not allow because open_basedir is in effect.(and i don't want it to go there anyway)

Code: $fp = fopen($f, "rb");

this is the line of code that recieves the "$f" and it gives out a error like this

Error: Warning: open_basedir restriction in effect. File is in wrong directory

Warning: fopen("/tmp/phpBYvtmv", "rb") - Operation not permitted

So what i want to know is how to fix this, i want my files to go to a directory of my setting and not to /tmp/, but i have no idea what to do about $_Files. I know if i fix this alot of other problems i am haveing will be cleared. So if you can help plz do...

Thanx Lucid

benkillin

well, on your server, the admin disabled fopen in the php module... so, your kinda out of luck with fopen,

so, use:

$uploadfile = $_FILES['upload']['tmp_name'];
move_uploaded_file($uploadfile, "/dir/dir/dir/");
or
copy($uploadfile, "/dir/dir/dir/");

Lucidnight

i'm sorry i don't fully understand, is this a fix for the first "code" i have listed or the second?

benkillin

alright, you have a html form that sends the file

the $_FILES['upload']['tmp_name']; is the temporary name of the file after it is uploaded... umm, I dont quite know how to explain it, except with code, so here is a snippett from my filesystem script:

//define the different vars of the file:
			$name = $_FILES['upload']['name']; //name of the file on the users computer
			$temp = $_FILES['upload']['tmp_name']; //The temporary upload file
			$type = $_FILES['upload']['type']; //MIME type (very important for the download PHP script)
			$size = $_FILES['upload']['size']; //Size of file

		if($size > 1024 && $size < 1048576){ //if it is needed in kb
			$size = round($size / 1024, 2) . "(kb)";
		} elseif($size > 1048576){ //if it is needed in mb
			$size = round($size / 1048576, 2) . "(mb)";
		} elseif($size < 1024){ //if it is needed in b
			$size = $size . "(b)";
		}

		$lname1 = str_replace("\t", "     ", $_POST["lname"]); //replace the stuff in the name
		$lname2 = "$updir".$lname1."/"; //beginning of upload dir
		$uploadfile = $_FILES['upload']['tmp_name']; //the file to move
		$uploaddir = "$lname2".$_FILES['upload']['name']; //the last of the vars needed to upload the file
		if(mkdir("$lname2", 0775)){ //make the dir for the file
			if(is_uploaded_file($uploadfile)){ //make sure the file was uploaded	
				if(move_uploaded_file($uploadfile, $uploaddir)){ // move the uploaded file

I hope it helps a little...

Lucidnight

ok, i'm not sure what to do here...take a look at the full code..

<?

require_once("include/benc.php");
require_once("include/bittorrent.php");

hit_start();

ini_set("upload_max_filesize",$max_torrent_size);

function bark($msg) {
	genbark($msg, "Upload failed!");
}

dbconn(); 

hit_count();

loggedinorreturn();

foreach(explode(":","descr:type:name") as $v) {
	if (!isset($_POST[$v]))
		bark("missing form data");
}

if (!isset($_FILES["file"]))
	bark("missing form data");

$f = $_FILES["file"];
$fname = unesc($f["name"]);
if (empty($fname))
	bark("Empty filename!");
if (!validfilename($fname))
	bark("Invalid filename!");
if (!preg_match('/^(.+)\.torrent$/si', $fname, $matches))
	bark("Invalid filename (not a .torrent).");
$shortfname = $torrent = $matches[1];
if (!empty($_POST["name"]))
	$torrent = unesc($_POST["name"]);

$tmpname = $f["tmp_name"];
if (!is_uploaded_file($tmpname))
	bark("eek");
if (!filesize($tmpname))
	bark("Empty file!");

$dict = bdec_file($tmpname, $max_torrent_size);
if (!isset($dict))
	bark("What the hell did you upload? This is not a bencoded file!");

function dict_check($d, $s) {
	if ($d["type"] != "dictionary")
		bark("not a dictionary");
	$a = explode(":", $s);
	$dd = $d["value"];
	$ret = array();
	foreach ($a as $k) {
		unset($t);
		if (preg_match('/^(.*)\((.*)\)$/', $k, $m)) {
			$k = $m[1];
			$t = $m[2];
		}
		if (!isset($dd[$k]))
			bark("dictionary is missing key(s)");
		if (isset($t)) {
			if ($dd[$k]["type"] != $t)
				bark("invalid entry in dictionary");
			$ret[] = $dd[$k]["value"];
		}
		else
			$ret[] = $dd[$k];
	}
	return $ret;
}

function dict_get($d, $k, $t) {
	if ($d["type"] != "dictionary")
		bark("not a dictionary");
	$dd = $d["value"];
	if (!isset($dd[$k]))
		return;
	$v = $dd[$k];
	if ($v["type"] != $t)
		bark("invalid dictionary entry type");
	return $v["value"];
}

list($ann, $info) = dict_check($dict, "announce(string):info");
list($dname, $plen, $pieces) = dict_check($info, "name(string):piece length(integer):pieces(string)");

if (!in_array($ann, $announce_urls, 1))
	bark("invalid announce url! must be <b>" . $announce_urls[0] . "</b>");

if (strlen($pieces) % 20 != 0)
	bark("invalid pieces");

$filelist = array();
$totallen = dict_get($info, "length", "integer");
if (isset($totallen)) {
	$filelist[] = array($dname, $totallen);
	$type = "single";
}
else {
	$flist = dict_get($info, "files", "list");
	if (!isset($flist))
		bark("missing both length and files");
	if (!count($flist))
		bark("no files");
	$totallen = 0;
	foreach ($flist as $fn) {
		list($ll, $ff) = dict_check($fn, "length(integer):path(list)");
		$totallen += $ll;
		$ffa = array();
		foreach ($ff as $ffe) {
			if ($ffe["type"] != "string")
				bark("filename error");
			$ffa[] = $ffe["value"];
		}
		if (!count($ffa))
			bark("filename error");
		$ffe = implode("/", $ffa);
		$filelist[] = array($ffe, $ll);
	}
	$type = "multi";
}

$infohash = pack("H*", sha1($info["string"]));




$descr = unesc($_POST["descr"]);

$ret = mysql_query("INSERT INTO torrents (search_text, filename, owner, visible, info_hash, name, size, numfiles, type, descr, ori_descr, category, save_as, added, last_action) VALUES (" .
		implode(",", array_map("sqlesc", array(searchfield("$shortfname $dname $torrent"), $fname, $CURUSER["id"], "no", $infohash, $torrent, $totallen, count($filelist), $type, parsedescr($descr), $descr, 0 + $_POST["type"], $dname))) .
		", NOW(), NOW())");
if (!$ret) {
	if (mysql_errno() == 1062)
		bark("torrent already uploaded!");
	bark("mysql puked: ".mysql_error());
}
$id = mysql_insert_id();

@mysql_query("DELETE FROM files WHERE torrent = $id");
foreach ($filelist as $file) {
	@mysql_query("INSERT INTO files (torrent, filename, size) VALUES ($id, ".sqlesc($file[0]).",".$file[1].")");
}

move_uploaded_file($tmpname, "$torrent_dir/$id.torrent");

header("Refresh: 0; url=details.php?id=$id&uploaded=1");

hit_end();

?>