Uploading File ...

Warning: move_uploaded_file(/var/www/html/php-books/php_and-mysql-web-development/chapter17/uploads/php.png): Failed to open stream: No such file or directory in /var/www/html/php-books/php-and-mysql-web-development/chapter17/writing-the-php-to-deal-with-the-file-pag-382/upload.php on line 49

Warning: move_uploaded_file(): Unable to move "/tmp/phprGaLtZ" to "/var/www/html/php-books/php_and-mysql-web-development/chapter17/uploads/php.png" in /var/www/html/php-books/php-and-mysql-web-development/chapter17/writing-the-php-to-deal-with-the-file-pag-382/upload.php on line 49
Problem: Could not move file to destination directory.
upload.hml

<!DOCTYPE html>
<html>
<head>
    <title>Upload a File</title>
</head>
<body>
    <h1>Upload a File</h1>
    <form action="upload.php" method="post" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FILE_SIZE" value="1000000"/>
        <label for="the_file">Upload a file:</label>
        <input type="file" name="the_file" id="the_file"/>
        <input type="submit" value="Upload File"/>
    </form>
</body>
</html>

upload.php

<!DOCTYPE html>
<html>
<head>
    <title>Uploading... </title>
</head>
<body>
    <h1>Uploading File ...</h1>
    <?php
    if($_FILES['the_file']['error'] > 0)
    {
        echo 'Problem: ';
        switch($_FILES['the_file']['error'])
        {
            case 1:
                echo 'File exceeded upload_max_filesize.';
                break;
            case 2:
                echo 'File exceeded max_file_size.';
                break;
            case 3:
                echo 'File only partially uploaded.';
                break;
            case 4:
                echo 'No file uploaded.';
                break;
            case 6:
                echo 'Cannot uploaded file: No temp directory specified';
                break;
            case 7:
                echo 'Upload failed: Cannot write to disk.';
                break;
            case 8:
                echo 'A PHP extension blocked the file upload.';
                break;
        }
        exit;
    }
    //Does the file have the right MIME type ?
    if($_FILES['the_file']['type'] != 'image/png')
    {
        echo 'Problem: file is not a PNG image.';
        exit;
    }
    //put the file where we'd like it
    $upload_file = '/var/www/html/php-books/php_and-mysql-web-development/chapter17/uploads/'.$_FILES['the_file']['name'];

    if(is_uploaded_file($_FILES['the_file']['tmp_name']))
    {
        if(!move_uploaded_file($_FILES['the_file']['tmp_name'],$upload_file))
        {
            echo 'Problem: Could not move file to destination directory.';
            exit;
        }
    }
    else
    {
        echo 'Problem: Possible file upload attack. Filename';
        echo $_FILES['the_file']['name'];
        exit;
    }
    echo 'File uploaded successfully.';

    //show what was uploaded
    echo '<p>You uploaded the following image:<br/></p>';
    echo '<img src="/uploads/'.$_FILES['the_file']['name'] .'"/>';
    ?>
</body>
</html>

    The error means that there is no uploads folder, with that exact spelling and capitalization, inside the chapter17 folder. Is there an uploads folder and where is it?

    The learning resource you are using is incomplete, out of date, insecure, and provides a poor user experience. Here's a list of issues with the posted code -

    1. The form and form processing code should be on the same page. This results in the simplest code and lets you display any user/validation errors when you redisplay the form, so that the user can correct the problem, and resubmit the form, without having to remember the errors and navigate back to the form page.
    2. The code for any page should be laid out in this general order - 1) initialization, 2) post method form processing, 3) get method business logic - get/produce data needed to display the page, 4) html document.
    3. There should be a lang attribute in the html tag.
    4. The page should have a charset set for it.
    5. The closing / are no longer used in html tags.
    6. The hidden MAX_FILE_SIZE input is not secure and should not be used.
    7. If you put the closing </label> tag after the form field it corresponds to, you can leave out the for='...' attribute and the corresponding id='...' attribute, simplifying the code.
    8. The post method form processing code should detect if a post method form was submitted before referencing any of the form data. This is so that when a search engine indexes a site, it won't cause the post method form processing code to be executed.
    9. If the total size of the form data exceeds the post_max_size setting on the server, both the $_POST and $_FILES arrays will be empty. Your code must test for this condition and setup an error message for the user.
    10. After you have determined that there is data in $_FILES, you can test the ['error'] element.
    11. The validation/error logic should store any error messages in an array, using the field name as the main array index. You can then test if this array is empty, meaning there are no errors, in order to use the submitted form data, or test if this array is not empty, meaning there are errors, to display its contents in the html document.
    12. For upload errors that the user can correct, the error message should specifically let them know what was wrong and how to correct the problem. For 'internal' errors, that the user cannot correct, you should setup a generic failure message, then log all the information about the actual error. For the upload error #4, no file was uploaded, if the upload is required, you would display this message. If the upload is not required, this is not an error and you would ignore its occurrence.
    13. The ['type'] element can be anything and cannot be trusted. The type could be set to image/png, but the actual file could be a .php file. You must determine the mime type on the server. Php has a couple of different ways you can do this.
    14. You should move uploaded files into a folder than prevents direct http requests, so that any nefarious files cannot be directly requested and executed on the server.
    15. The ['name'] element can be anything and cannot be trusted. You must at a minimum apply basename() to it to prevent directory traversal, which would let the uploaded file be put anywhere on the web server, either creating a new file or replacing any existing file, not just in the folder that you want it to be put.
    16. You must either validate the name and check for duplicates or more simply just generate your own unique name for the file on the server.
    17. After successfully processing the form data, you should execute a redirect to the exact same url of the current page to cause a get request for that page. This will prevent the browser from trying to resubmit the form data should the page get reloaded or browsed away from and back to.

      I created the uploads folder in this path '/var/www/html/php-books/php_and-mysql-web-development/chapter17/uploads/

      chown albert tmp

      I am learning from a book of php I am beginner

      chcon -R -t httpd_sys_content_t uploads
      chcon -t httpd_sys_content_t uploads
      maytbe is the selinux fedora 38

      [root@fedora chapter17]# ls -Z
      unconfined_u:object_r:httpd_sys_content_t:s0 uploads

      chmod 777 uploads

        After looking more closely at each character in the path you have in $uploaded_file, you have a typo right before the 'and' part.

        I already change in this path '/var/www/html/php-books/php-and-mysql-web-development/chapter17/uploads/

        Warning: move_uploaded_file(/var/www/html/php-books/php-and-mysql-web-development/chapter17/uploads/php.png): Failed to open stream: Permission denied in /var/www/html/php-books/php-and-mysql-web-development/chapter17/writing-the-php-to-deal-with-the-file-pag-382/upload.php on line 50

        Warning: move_uploaded_file(): Unable to move "/tmp/phpS87JHd" to "/var/www/html/php-books/php-and-mysql-web-development/chapter17/uploads/php.png" in /var/www/html/php-books/php-and-mysql-web-development/chapter17/writing-the-php-to-deal-with-the-file-pag-382/upload.php on line 50
        Problem: Could not move file to destination directory.

        I think is a problem SELINUX

          Write a Reply...