Reputation: 127
php upload script issue
The following form is on my page html page
<form action="upload_file.php" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
This is the script for the php
<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 200000000000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("pics/2012/Blackhall Primary/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"pics/2012/Blackhall Primary/" . $_FILES["file"]["name"]);
echo "Stored in: " . "pics/2012/Blackhall Primary/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
When I press select on the form, nothing. It was working fine. The page with the form is called upload pictuture.html and the scriptt is called upload_file.php they are both on the root and the folder pics/2012/blackhall primary does exist and the pics dir is on the root also.
This was working but is not, can anyone see any errors I've made.
Thanks Ross
Upvotes: 0
Views: 72
Answers (1)
Reputation: 980
Change your privileges and by whom script is executed (usually www-data or apache2) - this account must has write and probably read access to directory, where pictures are uploaded.
Anyway, checking file type based on $_FILES["file"]["type"] isn't safe. This can be easily falsified by hacker.
Upvotes: 1