CODEWITHSUNDEEP
phpwebservercpanel
Twonty2
Twonty2

Reputation: 51

Php move_uploaded_file server error

I am making a site that allows one user (the admin and owner of the site) to upload his own photos to a gallery on the site. The photo uploads fine and everything, but when I try to move it to the directory, I get an error. I've tried lots of things, even allowing all permissions on the cpanel on ecowebhosting.co.uk. But my script should be able to upload there anyway without group permissions. Here is my php script:

$target_dir = "/assets/collages/";
$target_file = $target_dir.basename($_FILES['image']['name']);
$uploadOk = 1;
$imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);

$upload_dir = $_SERVER['DOCUMENT_ROOT'] . "assets/collages/";

if (is_dir($upload_dir)) {
    // do upload logic here
} else {
    echo 'Upload directory is not writable, or does not exist.';
}

if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["image"]["tmp_name"]);
    if($check !== false) {
        $uploadOk = 1;
    } else {
        echo "File is not an image.<br>";
        $uploadOk = 0;
    }

    if (file_exists($target_file)) {
        echo "Sorry, file already exists.<br>";
        $uploadOk = 0;
    }

    // Check if $uploadOk is set to 0 by an error
    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.<br>";
    // if everything is ok, try to upload file
    } else {
        if (move_uploaded_file($_FILES["image"]["name"], $target_file)) {
            echo "The file ". basename( $_FILES["image"]["name"]). " has been uploaded.";
        } else {
            echo "Sorry, there was an error uploading your file.<br>";
        }
    }
}

And here is my form (using bootstrap):

<form method="post" enctype="multipart/form-data">
    <div class="row">
        <div class="col-md-2">
            <div class="form-group">
                <label for="year">Year</label>
                <input type="text" name="year" id="year" placeholder="Year" class="form-control" />
            </div>
        </div>
    </div>

    <div class="row">
        <div class="col-md-4">
            <div class="form-group">
                <label for="title">Title</label>
                <input type="text" name="title" id="title" placeholder="Title" class="form-control" />
            </div>
        </div>
    </div>

    <div class="form-group">
        <label for="image">Image File</label>
        <input name="image" type="file" id="image">
        <p class="help-block">Chose the collage image you would like to add.</p>
    </div>

    <button type="submit" class="btn btn-success" name="submit">Submit</button>
</form>

And lastly, it is on a hosting package, so I don't know if that would make a difference.

Upvotes: 1

Views: 256

Answers (1)

Marc B
Marc B

Reputation: 360842

Wrong parameter:

    if (move_uploaded_file($_FILES["image"]["name"], $target_file)) {
                                             ^^^^

You want tmp_name. Name is the filename as provided by the client, but that's only informational. The actual filename of wherever the server has stored the file temporarily is held in tmp_name. Therefore you're trying to move a file which doesn't exist on the server.

And note that you're just assuming the upload succeeded. While you are properly checking if the file is really an image, you really should be checking $_FILES['image']['error'] FIRST. There's plenty of ways for an upload to fail halfway through, yet still pass getimagesize - that function only looks at the first k-byte or so of the file to get the image magicnumbers/headers information.

Upvotes: 1

Related Questions