Hi guys, here is part of my image upload script. My problem is that when i upload images, they appear to be uploaded eg xxx.jpg will be uploaded, but the uploaded files are only 0kb meaning they have not been uploaded properly for some reason 🙁

can anyone spot any errors i may have made?

 //check picture1 MIME type 
if (!in_array($picture1_type, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/x-png'))) 
{ 
    $picture1_error = TRUE; 
    echo 'File must be an image<br/>';
} else  { 
    $picture1_error = FALSE; 
    echo $picture1_name.' uploaded successfully<br/>'; 

  // where to upload picture1
  $upfile1 = '../images/uploads/'.$picture1_name;

  if(is_uploaded_file($picture1))
  {
   if (!move_uploaded_file($picture1, $upfile1))
   {
  echo 'Could not move file to destination directory';
  exit;
   }
  }
  else
  {
  echo 'Possible file upload attack. Filename: '.$picture1_name;
  exit;
  }
  //reformat picture1 contents
  $fp = fopen($upfile1, 'r');
  $contents=fread($fp, filesize ($upfile1));
  fclose ($fp);

  $contents = strip_tags($contents1);
  $fp = fopen($upfile1, 'w');
  fwrite ($fp, $contents);
  fclose ($fp);

}

    You can modify this to add the file types,m but it basically has everything you need. A little modification will be needed, but here:

    Code provided by http://www.spechal.com

     <? 
include('dbinfo.inc.php');
$query = mysql_query("SELECT * FROM XXX WHERE username='$username'AND password='$password'") or die(mysql_error());
$rows = mysql_num_rows($query); 
if($rows=1){

if(isset($_POST["submit"])) { 

   $home = "/XXX/XXX/public_html/"; 
   $dir = $home.$_POST["path"];  
    
   $maxsize = "50000000";  
    
$file_size = $_FILES['file']['size'];
       if ($file_size <= $maxsize) { 

   	   echo "<font color='#0000CC' size='2' face='Tahoma'><strong>"; 
$file_name = $_FILES["file"]["name"];
           print ("Script name: " . $name . "<br>");   
    
           print ("File name: " . $file_name . "<br>");   
    
		   		   echo "</strong></font>";

       if(copy($file, "$dir/$file_name")) { 
	    mysql_query("INSERT INTO scripts (file, name, cat, type, mysql, descrip, size) VALUES ('$file_name', '$name', '$cat', '$type', '$mysql', '$descrip', '$file_size')") or die(mysql_error());
	   	   echo "<font color='#0000CC' size='2' face='Tahoma'><strong>";
           print ("Your file was successfully uploaded!<br>");   
		   		   echo "</strong></font>";
       } else {   
	   	   echo "<font color='#0000CC' size='2' face='Tahoma'><strong>";
           print ("Your file could not be copied.<br>  "); 
		   		   echo "</strong></font>";  
       }  

   } else { 
   echo "<font color='#0000CC' size='2' face='Tahoma'><strong>";
       print ("Filesize exceeds " . $maxsize . "File was not uploaded<br>"); 
	   echo "</strong></font>";
   } 

echo "<font color='#0000CC' size='2' face='Tahoma'><strong>";
   print "$dir/$file_name"; 
   echo "<br>File Size: $file_size Max Size: $maxsize </strong></font>";



} else { 

?> 
 <form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data">
    <?=$error?>
    <div align="center"><br>
    <font color="#0000CC" size="2" face="Tahoma"><strong> Username to upload file: 
    <input type="text" name="username" maxlength="12">
    <br>
    Password to upload file:: 
    <input type="password" name="password" maxlength="12">
    <br>
    File name: 
    <input type="text" name="name" maxlength="36">
    <br>
    Type: 
    <select name="type" id="type">
      <option>GPL</option>
      <option>Mixed</option>
      <option>Spechal</option>
    </select>
    <br>
    Category: 
    <select name="cat" id="cat">
      <option>Auctions </option>
      <option>Web Traffic Analysis</option>
    </select>
    <br>
    Description: 
    <textarea name="descrip" cols="30" rows="3" id="descrip"></textarea>
    <br>
    MySQL Needed: 
    <select name="mysql" id="mysql">
      <option selected>Yes</option>
      <option>No</option>
    </select>
    <br>
    Directory to upload: 
    <select name="path" id="path">
      <option selected>scripts</option>
    </select>
    <br>
    Choose a file to upload: 
    <input type="file" name="file">
    <br>
    <input type="image" src="images/submit.jpg" value="submit">
    </strong></font> </div>
  </form>

 </td> <?
}} else {

   if (getenv ("HTTP_X_FORWARDED_FOR")) { 
  $ip = getenv ("HTTP_X_FORWARDED_FOR"); 
} else { 
  $ip = getenv ("REMOTE_ADDR"); 
} 
$lastline = exec( "ping $ip", $resultsArray ); 
for($i=0; $i < sizeof($resultsArray); $i++) 
{ 
        echo $resultsArray[$i] . '<br>'; 
} 
   $page = $_SERVER['REQUEST_URI'];
   mysql_query("INSERT INTO error ('page', 'ip') VALUES ('$page', '$ip')") or die(mysql_error());
   print "Password is invalid. Page, IP, and TIMESTAMP has been added to database. "; 

} 
?>

    This script allows you to designate the path, password protected, file size protected, blah blah blah...you just need to take out what you dont want and add what you do.

    Hope this helps.

      Write a Reply...