I'm trying to set up a form that will allow a file to be uploaded. I ran some code out of a book, and it seemed to work just fine, other than some permission problems when it was executing "move_uploaded_file(..)".

So I tried changing the temp upload directory to "upload_tmp_dir = 'usr/'" in my php.ini file. That didn't work, so I commented out that option. Then when I tried running that same code, I was getting errors. So I went to http://us.php.net/features.file-upload and picked up the code that's listed, and tried running that. Here's the error that it gives:

Notice: Undefined index: userfile in /Users/g5_01/Sites/ftppage.php on line 6

Notice: Undefined index: userfile in /Users/g5_01/Sites/ftppage.php on line 9

Possible file upload attack!
Here is some more debugging info:Array
(
)

Here's the HTML:

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="__URL__" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

Here's the PHP:

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

Any suggestions would be greatly appreciated.
Thanks,
Brian

    You dont have any checks that the $_FILES['userfile'] is actually set hence the notice error.

    if (isset($_FILES['userfile'])) {
	$uploaddir = '/var/www/uploads/';
	$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
	echo "File is valid, and was successfully uploaded.\n";
} else {
	echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";
}

    Check the debugging info. It will give you an error number that you can check from the manual what it means. Also make sure that the uploaddir is writable by the webserver.

    The upload_tmp_dir propably didnt work because you used relative path. Use absolute path for it. If this is the only site in the server you could set it to /tmp
    upload_tmp_dir = /tmp

      looks like the upload does not work
      and $FILES['userfile'] array does not exists
      so, not much idea to try get value of $      FILES['userfile']['error']

      also you have set the max size to 30kB, which isnt too much
      ( php by default allow 2M which is >2,000kB )

      you should checkout all php.ini settings that deals with file upload
      run phpinfo();
      and search for 'upload'

      file_uploads On
      upload_max_filesize 55M
      upload_tmp_dir c:/tmp/uploads
      post_max_size 55M

        Thanks for the replies. I actually removed PHP completely from my computer and then reinstalled from scratch, then ran the same code and it seemed to work perfectly.

        The only thing I can figure is that I did something that corrupted a configuration file or something like that. I'm not really sure, but after a reinstall, everything is working again.

        Thanks again for the help.
        Brian

          We will never know
          I feel a bit sad 🙁

            Write a Reply...