I am using a quick and dirty upload script that I got off of... php's official site I think. Anyway here it is:
<?php
if (isset ($POST[submit])) {
$uploaddir = '/usr/www/pnhs.net/public_html/members/';
$uploadfile = $uploaddir . $FILES['userfile']['name'];
print "<pre>";
if (copy($FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($FILES);
print "\n";
print $FILES['file']['error'];
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print "$uploaddir\n";
print "$uploadfile\n";
print_r($FILES);
}
print "</pre>";
} else {
print "<form enctype=\"multipart/form-data\" action=\"uploadtest.php\" method=\"post\">\n";
print "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\" />\n";
print "Send this file: <input name=\"userfile\" type=\"file\" />\n";
print "<input type=\"submit\" name=\"submit\" value=\"Send File\" />\n";
print "</form>\n";
}
?>
The server is RedHat 9 with PHP 4.2.2. Permissions are 777 on the target directory, I have tried this script with both $_FILES and $HTTP_POST_FILES. And it is having problems.
The problem is that it uploads the file, I can see it sniffing the wire with Ethereal, but then the tmp_name gets set to blank. Does the upload_tmp_dir need to be explicitly set in the php.ini? I am a bit lost on this one...
From the browser here is what I get back:
Warning: Unable to open '' for reading: No such file or directory in /usr/www/pnhs.net/public_html/members/uploadtest.php on line 11
Possible file upload attack! Here's some debugging info:
/usr/www/pnhs.net/public_html/Adoption/images/
/usr/www/pnhs.net/public_html/Adoption/images/a4.jpg
Array
(
[userfile] => Array
(
[name] => a4.jpg
[type] =>
[tmp_name] =>
[error] => 2
[size] => 0
)
)
Any help and advice is greatly appreciated.
-G
