PHP upload

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • scotter86
    New Member
    • Aug 2008
    • 21
    #1

    PHP upload

    Hi, I'm trying to make an upload page. I found some sample code that kind of works, I can upload pictures, most of the time but everytime I try to upload anything other than a picture(.xls, .doc, etc) I get an error that says "Possible file upload attack!". Now I know that it says that because its coded in the php, but I can't seem to figure out why its not uploading. Is there maybe something I have to change in the php configuration? Here is my code;

    Code:
    <?php
session_start();
if(!session_is_registered(myusername)){
header("location:index.php");
}
$un = $_SESSION['username'];
$uploaddir = "/opt/lampp/htdocs/scotts/user_folders/" . $un . "";
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>
    Tags: None
    • nitinpatel1117
      New Member
      • Jun 2007
      • 111
      #2
      can we see the HTML code

      Are you submitting using the correct enctype or limiting the upload file size, in html.


      If you don't supply your HTML code, we can only quess.

      It may also be a PHP configuration but we need to eliminated the HTML bit first.

        Comment

        • scotter86
          New Member
          • Aug 2008
          • 21
          #3
          Sorry, heres the html

          Code:
          echo "<form enctype=\"multipart/form-data\" action=\"upload.php\" method=\"POST\">\n";
echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"30000\" />\n";
echo "Send this file: <input name=\"userfile\" type=\"file\" size=\"50\" />\n<br />\n";
echo "<input type=\"submit\" value=\"Send File\" />\n";
echo "</form>";

            Comment

            • scotter86
              New Member
              • Aug 2008
              • 21
              #4
              Ok, I totally forgot to check the max upload size, I changed it to 2000000. That seems to fix a lot of the problem. I thought I read somewhere that the biggest size that php can upload is 2Mb, is that true and if so is it possible to change?

                Comment

                • Atli
                  Recognized Expert Expert
                  • Nov 2006
                  • 5062
                  #5
                  By default, PHP limits file upload size to 2M, and the size of a single POST to 8M.

                  You can change this by setting the upload_max_file size and post_max_size directives in the php.ini configuration file.

                  PHP does not limit the types of files you can upload. It treats them all the same, so it's up to you to figure out which once to allow and what to block.

                  One thing I noticed about your code. The path to your files doesn't seem right.
                  You set the path to the directory without a end slash, and then add the file name directly on to that.

                    Comment

                    • scotter86
                      New Member
                      • Aug 2008
                      • 21
                      #6
                      Ok, I looked through php.ini and changed those and i had to change the max_execution_t ime or something like that. And yes, that solved another problem of the missing "/". Everything seems to be working correct now.

                      thank you

                        Comment

                        Previous template Next
                        Working...