HELP with uploading an image, please!

wsmith

I am trying to upload an image file using the code below, and keep getting this response, no matter what I try, can anyone help?
//*************
//response from browser
//*************
Possible file upload attack! Here's some debugging info:
Array
(
[userfile] => Array
(
[name] => 11221.jpeg
[type] => image/pjpeg
[tmp_name] => /tmp/phpp57xO0
[error] => 0
[size] => 16492
)

)
//temp echo's
file=/tmp/phpp57xO0
uploaddir=/usr/local/psa/home/vhosts/shirrasoft.com/httpdocs/images/
uploadfile=/usr/local/psa/home/vhosts/shirrasoft.com/httpdocs/images/11221.jpeg

//***********
// myupload.php
//***********
<html>
<body>
<form enctype="multipart/form-data" action="myuploadItem.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="20000">
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
</body>
</html>

//***********
// myuploadItem.php
//***********
<?php

$uploaddir = '/usr/local/psa/home/vhosts/shirrasoft.com/httpdocs/images/';
$uploadfile = $uploaddir. $_FILES['userfile']['name'];

print "<pre>";
if (move_uploaded_file($FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($FILES);
}
print "</pre>";
echo '<br>file='.$FILES['userfile']['tmp_name'];
echo "<br>uploaddir=$uploaddir";
echo "<br>uploadfile=$uploadfile";
?>

Najjar

Try this link from Hotscripts.com they have awesome scripts

http://www.hotscripts.com/Detailed/12972.html

This one will work with no problem
just read the readme file.. 🙂

wsmith

Hi Najjar,
I tried the file you suggested and put some debugging statements into it, but still haveing problem with that one (see below)

file=/tmp/phpiaXAGl
absolute_path=/usr/local/psa/home/vhosts/shirrasoft.com/httpdocs/images/11221.jpeg

The file you are trying to upload couldn't be copied to the server

I have done a full dump of my paths at http://www.shirrasoft.com/myinfo.php
can you just double the path for me? I think I have it right??
Thanks
Wayne

Najjar

This is my code below and the trick is in the (absolute_path)
and (websiteurl); Make sure that they are right then
make sure that you have permission to copy, delete ...etc to the
folder you are trying to upload your file to; the folder has to be owned by
(nobody) or you in order for you to be able to upload your files.

$absolute_path = "/home/aaa/ddd/ccc/nnn/";
//Absolute path to where files are uploaded

$websiteurl = "http://www.abc.def.com";
//Url to you website

<html><head>
<title>File Upload</title></head><body background=bkgnd5.jpg>
<form method=POST action=index.php?action=doupload&button=Upload_File&Up=value&Viewer=second enctype=multipart/form-data>
<p><h3>File to upload:</h3><br>";
<INPUT TYPE=HIDDEN NAME='action' VALUE='doupload'>
<INPUT TYPE=HIDDEN NAME='Course_Dir' VALUE='$Course_Dir'>
<INPUT TYPE=HIDDEN NAME='Course_in_Term' VALUE='$Course_in_Term'>
<input type=file name=file size=30><p>
<button name=submit type=submit style='border: 1px solid'> Upload </button></form><br><br></body></html></TD></TR>
</Table>