Php Upload script not working | Member | | Join Date: Sep 2006
Posts: 35
| |
hi,
I have found an upload script in hotscripts and have implemented it into the website, I followed the installation steps to 'give write permissions to php on the upload folder (which is _uploadedfiles_xxxx) (php must be allowed to move uploaded files to this folder' - uploadedfiles_xxxx.
I typed - <?php chmod ('_uploadedfiles_xxxx',640); ?>
into notepad and saved it as php in the uploaded_xxxx folder, when I went to test it, the error message I got was 'Error:invalid response received from server.'
This is the code which is quite long and thanks for any help received -
<?php
-
@set_time_limit(90); // try to change to maximum allowed execution time for this page
-
define('CFG_UPLOADFOLDER','_uploadedfiles_xxxx/');
-
$bSecure = (isset($_SERVER['HTTPS']))? true : false;
-
-
include('inc.ErrorHandling.php');
-
include('inc.init.php');
-
include('class.DataException.php');
-
include('class.File.php');
-
-
-
-
-
function ProduceJavaScriptResponse($aResponse){
-
$response = <<<EOD
-
<html><head>
-
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-
<meta http-equiv="Cache-Control" content="no cache" >
-
<meta http-equiv="Pragma" content="no_cache" >
-
<meta name="language" content="en" >
-
</head>
-
<body>
-
<script type="text/javascript">{code}</script>
-
</body></html>
-
EOD;
-
-
// encode into JSON
-
$jsResponse = 'window.parent.'. $_REQUEST['callback'] .'('. json_encode($aResponse) .');';
-
$response = str_replace('{code}', $jsResponse, $response);
-
return $response;
-
}
-
-
-
-
-
// Upload file
-
$errorMessage = '';
-
$aResponse = array();
-
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
-
############################################################
-
-
if (!headers_sent()){
-
Header("Pragma: no-cache");
-
Header("Cache-Control: no-cache");
-
Header('Expires: '. GMDate("D,d M Y H:i:s") .' GMT');
-
}
-
-
$blacklist = array('.php', '.phtml', '.php3', '.php4');
-
foreach ($blacklist as $item) {
-
if (preg_match("/$item\$/i", $_FILES['_file']['name'])){
-
$errorMessage = 'Uploading PHP files is not allowed!';
-
}
-
}
-
-
try{
-
if ($errorMessage == ''){
-
$maxAllowedSize = null; // no limit (see FAQ)
-
$aAllowedContenTypes = null; // any file (see FAQ)
-
$oFile = File::UploadFile('_file', CFG_UPLOADFOLDER, $maxAllowedSize, $aAllowedContenTypes);
-
}
-
}catch(Exception $e){
-
$errorMessage = 'An error occured:'. $e->getMessage();
-
}
-
-
-
// produce response
-
if (isset($_REQUEST['output']) && $_REQUEST['output'] == 'js'){
-
if (!isset($_REQUEST['callback']) || empty($_REQUEST['callback'])){
-
// ERROR: BAD AJAX call
-
-
$errorMessage = "Bad Ajax call! URL argument \'callback\' was not specified.";
-
die('<script type="text/javascript">alert("'. $errorMessage .'");</script>');
-
-
}else if(empty($errorMessage) && $oFile){
-
// SUCCESS (file was uploaded)
-
-
$aResponse['result'] = 'success';
-
$aResponse['file'] = array('size' => $oFile->getSize(),
-
'sizeFormatted' => $oFile->FormatFileSize($oFile->getSize()),
-
'name' => $oFile->getName()
-
);
-
-
}else{
-
// UPLOAD ERROR
-
-
$aResponse['result'] = 'failure';
-
$aResponse['message'] = 'Upload error ('. $errorMessage .').';
-
-
}
-
-
$response = ProduceJavaScriptResponse($aResponse);
-
-
}else{
-
$response = file_get_contents('fileUploaded.tpl.php');
-
-
$aValues = array($oFile->getName(), $oFile->FormatFileSize($oFile->getSize()));
-
$aPlaceHolders = array('{filename}', '{filesize}');
-
$response = str_replace($aPlaceHolders,$aValues,$response,$count);
-
-
}
-
die($response);
-
-
-
############################################################
-
}
-
-
-
?>
-
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
-
"http://www.w3.org/TR/html4/loose.dtd">
-
<html lang="en">
-
<head>
-
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-
<meta name="language" content="en" >
-
<meta name="description" content="Secure file uploading : a page for uploading files securely">
-
<meta name="author" content="attila szabo (www.w3net.eu)" >
-
<meta name="robots" content="noindex,nofollow" >
-
<title><?php if($bSecure){echo 'Secure ';}?>File Upload form</title>
-
<link media="handheld" href="css/handheld.css" type="text/css" rel="stylesheet">
-
<link rel="stylesheet" type="text/css" media="all" href="css/main.css">
-
<script type="text/javascript" src="js/common.js"></script>
-
<script type="text/javascript" src="js/FileListing.js"></script>
-
<script type="text/javascript" src="js/PageController.js"></script>
-
</head>
-
<body id="home">
-
<table border="0" cellpadding="0" cellspacing="0" width="627" align="center">
-
<tr>
-
<td>
-
<div id="logo">
-
<img src="../images/logoGreyPurple.gif" width="627" height="75" border="0" alt="" /></div> </td>
-
</tr>
-
</table>
-
-
-
<table border="0" cellpadding="0" cellspacing="0" width="627" align="center">
-
<tr>
-
<td>
-
<div id="imgHeader">
-
<img src="../images/acounts.jpg" width="627" height="33" border="0" alt="" /></div>
-
-
<div id="nav">
-
<ul>
-
<li><a href="index.html">Home</a></li>
-
<li><a href="about.html">About</a></li>
-
<li><a href="HowWeWork.html">How we work</a></li>
-
<li><a href="requirementsForm.html">Requirements Form</a></li>
-
<li><a href="servicesAndRates.html">Services & Rates</a></li>
-
<li><a href="contact.html">Contact</a></li>
-
</ul>
-
-
</div>
-
</table>
-
-
<div id="container">
-
<ul id="skip">
-
<li><a href="#main">Skip to main content</a></li>
-
<li><a href="#form">Skip to the upload form</a></li>
-
</ul>
-
<iframe id="uploadIfr" src="blank.htm" name="uploadIfr" class="hiddenUploadIframe" title="ignore this frame"></iframe>
-
-
<!-- @@@ listing of uploaded files -->
-
<div id="uploadedFiles">
-
</div>
-
<!-- end listing of uploaded files @@@ -->
-
-
<a name="main"></a>
-
<h1><?php if($bSecure){echo 'Secure file';}else{echo 'File';}?> uploading</h1>
-
<?php
-
if($bSecure){
-
?>
-
<p class="message" id="annotationSecure">
-
Uploading files using this web page is secure. This webpage transmits the file using a high-level encryption so that
-
only I will be able to access the information.
-
Web pages beginning with "https" instead of "http" enable secure information transmission.
-
</p><?php
-
}else{
-
echo "<p></p>";
-
}
-
?>
-
-
-
<div id="frmAttachFile_ErrorMessage" class="form_boxErrorMsg" style="display: none"></div>
-
-
<!-- @@@ file upload form -->
-
<div id="fileuploadForm"><a name="form"></a>
-
<form name='frmUploadFile' id="frmUploadFile" action="index.php" method="post" enctype="multipart/form-data" > <!-- uploadIfr -->
-
<fieldset title="Choose the file to upload">
-
<legend> 1: Choose a file to upload</legend>
-
<p>Click the button to browse the file system of your computer. Find and select the file you want to upload.</p>
-
-
<label for="fileInput" class="form_label">File:</label>
-
<input type="file" accept="" name="_file" id="fileInput" >
-
</fieldset>
-
<fieldset id="confirmation" title="Confirmation">
-
<legend> 2: Upload file</legend>
-
<p>When you have selected the file to upload, click on the <strong>Upload</strong> button.</p>
-
<div class="actionBar" id="submitBtnBox">
-
<input type="submit" value="Upload" >
-
</div>
-
-
</fieldset>
-
</form>
-
</div>
-
<!-- end file upload form @@@ -->
-
</div>
-
</div>
-
</body></html>
-
This is the css if you want to have a look -
BODY {
-
margin: 50px 0px 0px 0px;
-
padding: 0px 0px 0px 0px;
-
font-family: arial, helvetica, sans-serif;
-
-
/* part 1 of 2 centering hack */
-
color:#000;
-
background:#C2CACB;
-
font-family: arial, helvetica, sans-serif;
-
font-size: x-small; /* for IE5/Win */
-
voice-family: "\"}\"";
-
voice-family: inherit;
-
font-size: small; /* for compliant browsers */
-
}
-
html>body {font-size:small;}
-
-
#container {
-
font-size: 110%;
-
margin-right: auto;
-
margin-left: auto; /* opera does not like 'margin:20px auto' */
-
background: #fff;
-
border:solid 1px #FFFFFF;
-
text-align:left; /* part 2 of 2 centering hack */
-
width: 627px; /* ie5win fudge begins */
-
voice-family: "\"}\"";
-
voice-family:inherit;
-
width: 627px;
-
}
-
-
form {
-
margin: 0;
-
}
-
-
#skip {
-
display: none;
-
}
-
-
h1 {
-
font-size: 170%;
-
background: transparent url(../imgs/green_up.gif) no-repeat right;
-
padding-right: 40px;
-
padding-right: 30px;
-
display: inline;
-
}
-
-
#uploadedFiles {
-
margin-bottom: 20px;
-
}
-
-
#fileuploadForm {
-
margin-right: auto;
-
margin-left: auto; /* opera does not like 'margin:20px auto' */
-
background: #fff;
-
border:solid 1px #FFFFFF;
-
text-align:left; /* part 2 of 2 centering hack */
-
width: 625px; /* ie5win fudge begins */
-
voice-family: "\"}\"";
-
voice-family:inherit;
-
width: 627px;
-
}
-
-
fieldset {
-
border-left:0;
-
border-right:0;
-
border-bottom:0;
-
padding: 0.5em;
-
}
-
-
legend {
-
background-color:#B2CBE7;
-
color:#000;
-
font-weight:bold;
-
margin:0px;
-
padding:5px 10px;
-
}
-
-
#confirmation {
-
margin-top: 2em;
-
}
-
-
.actionBar {
-
background-color:#B2CBE7;
-
padding: 0.6em;
-
text-align: center;
-
-
}
-
-
.actionBar input {
-
font-size: 110%;
-
}
-
-
.hiddenUploadIframe {
-
width:0;
-
height:0;
-
border:0;
-
position: absolute;
-
top: -1000px;
-
}
-
-
-
-
/* Msg boxes
-
------------------------------ */
-
.message {
-
margin: 1.5em 0;
-
/* padding: 15px;*/
-
font-size: 90%;
-
line-height: 1.5em;
-
border-left: none;
-
border-right: none;
-
}
-
-
.success {
-
background-color: #A2D489;
-
border-top: 3px solid #339900;
-
border-bottom: 3px solid #339900;
-
}
-
-
.error {
-
background-color: #FFDDCC;
-
border-top: 3px solid #DD0000;
-
border-bottom: 3px solid #DD0000;
-
}
-
-
.alert {
-
background-color: #FFF3CE;
-
border-top: 3px solid #FDDC9A;
-
border-bottom: 3px solid #FDDC9A;
-
}
-
-
#annotationSecure {
-
background: #FFFFAA ;
-
padding:2px;
-
/* padding-left: 15px;*/
-
}
-
-
-
-
/* Uploaded files
-
------------------------------ */
-
table {
-
border-collapse:collapse;
-
}
-
#uploadedFiles caption {
-
line-height: 2.1em;
-
text-align: left;
-
padding-left: 20px;
-
background: #fff url(../imgs/lock.png) no-repeat left;
-
}
-
#uploadedFiles th,
-
#uploadedFiles td{
-
border:1px solid #CCCCCC;
-
padding:0.5em;
-
}
-
-
#uploadedFiles thead{
-
background-color:#DDDDDD;
-
}
-
-
#uploadedFiles tr.rowodd {
-
background-color:#FFFFFF;
-
}
-
#uploadedFiles tr.roweven {
-
background-color:#F2F2F2;
-
}
-
-
-
/* Busy page
-
------------------------------ */
-
#dropSheet{
-
background-color/**/: #000000;
-
background-image: url(imgs/dots.gif);
-
background-image/**/: none;
-
opacity: 0.35;
-
filter: alpha(opacity=35);
-
}
-
div.busyDialog {
-
background-color: #ECB7B2;
-
font-size: 110%;
-
font-weight: bold;
-
margin: 0;
-
padding: 0;
-
}
-
div.busyDialog p {
-
margin:0;
-
padding: 5px;
-
}
-
-
/* Footer */
-
-
#footer {
-
width:627px;
-
height:20px;
-
background-color:#FFFFFF;
-
font-family:Arial, Helvetica, sans-serif;
-
font-size:0.8em;
-
color:black;
-
text-align:center;
-
font-weight:normal;
-
padding-top:1%;
-
}
-
-
/*Links - a, a:visited*/
-
a {
-
text-decoration: none;
-
color: #000000;
-
}
-
-
a:visited {
-
color:#000000;
-
text-decoration:none;
-
}
-
-
-
/* Misc */
-
-
.margin { /*margin between content & footer*/
-
margin-top:1.5%;
-
}
-
-
#nav {
-
width:627px;
-
float:left;
-
font-family:Arial, Helvetica, sans-serif;
-
font-size:1.0em;
-
color:#ffffff;
-
}
-
-
#nav ul {
-
background-color:#ffffff;
-
text-align:left;
-
font-size:1.0em;
-
font-family:Arial, Helvetica, sans-serif;
-
margin-left:0.95%;
-
padding-left:0;
-
margin-top:-.55%;
-
}
-
-
#nav li {
-
list-style-type:none;
-
padding:1.6em 1em;
-
display:inline;
-
color:#5F5E61;
-
}
-
-
#imgHeader {
-
margin-top:2%;
-
}
-
|  | Moderator | | Join Date: Jun 2007 Location: York, England, with wolves.
Posts: 4,936
| | | re: Php Upload script not working
The css is irrelevant :)
Quite a lengthy code as well.
At the moment I don't have time to check it out, but as a rule: don't use hotscripts. Have a look at this w3schools upload - well documented and cleaner.
Cheers
| | Member | | Join Date: Sep 2006
Posts: 35
| | | re: Php Upload script not working
thanks,
is there a way of making the upload script a bit more secure so only certain people can upload onto the server
| | Moderator | | Join Date: Jun 2007 Location: York, England, with wolves.
Posts: 4,936
| | | re: Php Upload script not working
Quote:
Originally Posted by camphor thanks,
is there a way of making the upload script a bit more secure so only certain people can upload onto the server You'd need a registration system, which takes usernames, etc. Then a login system - once logged in, set a session which says "logged_in" = true.
Check for this session on your upload page, if it's set, allow the upload, else, don't.
:)
| | Member | | Join Date: Sep 2006
Posts: 35
| | | re: Php Upload script not working
thanks markusn00b,
Your help much appreciated, decided not to have login, anyway, I read through the W3Schools php file upload link which you provided, newbie to php, so found it easy to understand but when I uploaded the 'upload page' and checked on the server to see if the .xls (excel - only want this type of file) file was in the upload folder, it wasn't, don't know why?
Also if I want the .xls file to use a high-level encryption so that only I will be able to access the information would this be the correct php code - <?php if($bSecure){echo 'Secure file';}else{echo 'File';}?>
After the file has been uploaded how would I write 'thank you for uploading your file' -
<?php
-
if ((($_FILES["file"]["type"] == ".xls")
-
|| ($_FILES["file"]["type"] == ".xls")
-
|| ($_FILES["file"]["type"] == ".xls"))
-
&& ($_FILES["file"]["size"] ))
-
{
-
if ($_FILES["file"]["error"] > 0)
-
{
-
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
-
}
-
else
-
{
-
echo "Upload: " . $_FILES["file"]["upload_file.php"] . "<br />";
-
echo "Type: " . $_FILES["file"][".xls"] . "<br />";
-
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
-
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
-
-
if (file_exists("upload/" . $_FILES["file"]["name"]))
-
{
-
echo $_FILES["file"]["upload_file.php"] . " already exists. ";
-
}
-
else
-
{
-
move_uploaded_file($_FILES["file"]["upload"],
-
"upload/" . $_FILES["file"]["name"]);
-
echo "Stored in: " . "upload/" . $_FILES["file"]["upload"];
-
}
-
}
-
}
-
else
-
{
-
echo "Invalid file";
-
}
-
?>
-
| | Moderator | | Join Date: Jun 2007 Location: York, England, with wolves.
Posts: 4,936
| | | re: Php Upload script not working
First question: you need to specify correct mime types for the ['type'] check.
HAve a look at this for mime types of xls
Second question: confused?
Third question: the else statement on line 22 is where the file is uploaded successfully.
So, in this statement echo "Thankyou..."
:)
|  |
| | |  /bytes/about
We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights.
Get the best answers to your questions from over 226,223 network members.
|
