By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,851 Members | 1,047 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,851 IT Pros & Developers. It's quick & easy.

Php Upload script not working

P: 35
hi,

I have found an upload script in hotscripts and have implemented it into the website, I followed the installation steps to 'give write permissions to php on the upload folder (which is _uploadedfiles_xxxx) (php must be allowed to move uploaded files to this folder' - uploadedfiles_xxxx.

I typed
Expand|Select|Wrap|Line Numbers
  1.  <?php chmod ('_uploadedfiles_xxxx',640); ?> 
into notepad and saved it as php in the uploaded_xxxx folder, when I went to test it, the error message I got was 'Error:invalid response received from server.'
This is the code which is quite long and thanks for any help received
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.     @set_time_limit(90); // try to change to maximum allowed execution time for this page
  3.     define('CFG_UPLOADFOLDER','_uploadedfiles_xxxx/'); 
  4.     $bSecure = (isset($_SERVER['HTTPS']))? true : false;
  5.  
  6.     include('inc.ErrorHandling.php');
  7.     include('inc.init.php');
  8.     include('class.DataException.php');
  9.     include('class.File.php');
  10.  
  11.  
  12.  
  13.  
  14. function ProduceJavaScriptResponse($aResponse){
  15. $response = <<<EOD
  16. <html><head>
  17. <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  18. <meta http-equiv="Cache-Control" content="no cache" >
  19. <meta http-equiv="Pragma" content="no_cache" >
  20. <meta name="language" content="en" >
  21. </head>
  22. <body>
  23. <script type="text/javascript">{code}</script>
  24. </body></html>
  25. EOD;
  26.  
  27.     // encode into JSON
  28.     $jsResponse = 'window.parent.'. $_REQUEST['callback'] .'('. json_encode($aResponse) .');';
  29.     $response = str_replace('{code}', $jsResponse, $response);
  30.     return $response;
  31. }
  32.  
  33.  
  34.  
  35.  
  36. // Upload file
  37. $errorMessage = '';
  38. $aResponse = array();
  39. if ($_SERVER['REQUEST_METHOD'] == 'POST'){
  40. ############################################################
  41.  
  42.     if (!headers_sent()){
  43.         Header("Pragma: no-cache");
  44.         Header("Cache-Control: no-cache");
  45.         Header('Expires: '. GMDate("D,d M Y H:i:s") .' GMT');
  46.     }
  47.  
  48.     $blacklist = array('.php', '.phtml', '.php3', '.php4');
  49.     foreach ($blacklist as $item) {
  50.        if (preg_match("/$item\$/i", $_FILES['_file']['name'])){
  51.            $errorMessage = 'Uploading PHP files is not allowed!';
  52.        }
  53.     }
  54.  
  55.     try{
  56.         if ($errorMessage == ''){
  57.             $maxAllowedSize = null; // no limit (see FAQ)
  58.             $aAllowedContenTypes = null; // any file (see FAQ)
  59.             $oFile = File::UploadFile('_file', CFG_UPLOADFOLDER, $maxAllowedSize, $aAllowedContenTypes);
  60.         }
  61.     }catch(Exception $e){
  62.         $errorMessage = 'An error occured:'. $e->getMessage();
  63.     }
  64.  
  65.  
  66.     // produce response
  67.     if (isset($_REQUEST['output']) && $_REQUEST['output'] == 'js'){
  68.         if (!isset($_REQUEST['callback']) || empty($_REQUEST['callback'])){
  69.         // ERROR: BAD AJAX call
  70.  
  71.             $errorMessage = "Bad Ajax call! URL argument \'callback\' was not specified.";
  72.             die('<script type="text/javascript">alert("'. $errorMessage .'");</script>');
  73.  
  74.         }else if(empty($errorMessage) && $oFile){
  75.         // SUCCESS (file was uploaded)
  76.  
  77.             $aResponse['result'] = 'success';
  78.             $aResponse['file'] = array('size'          => $oFile->getSize(),
  79.                                        'sizeFormatted' => $oFile->FormatFileSize($oFile->getSize()),
  80.                                        'name'          => $oFile->getName()
  81.                                       );
  82.  
  83.         }else{
  84.         // UPLOAD ERROR
  85.  
  86.             $aResponse['result'] = 'failure';
  87.             $aResponse['message'] = 'Upload error ('. $errorMessage .').';
  88.  
  89.         }
  90.  
  91.         $response = ProduceJavaScriptResponse($aResponse);
  92.  
  93.     }else{
  94.         $response = file_get_contents('fileUploaded.tpl.php');
  95.  
  96.         $aValues = array($oFile->getName(), $oFile->FormatFileSize($oFile->getSize()));
  97.         $aPlaceHolders = array('{filename}', '{filesize}');
  98.         $response = str_replace($aPlaceHolders,$aValues,$response,$count);
  99.  
  100.     }
  101.     die($response);
  102.  
  103.  
  104. ############################################################
  105. }
  106.  
  107.  
  108. ?>
  109. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  110.             "http://www.w3.org/TR/html4/loose.dtd">
  111. <html lang="en">
  112.     <head>
  113.         <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  114.         <meta name="language" content="en" >
  115.         <meta name="description" content="Secure file uploading : a page for uploading files securely">
  116.         <meta name="author" content="attila szabo (www.w3net.eu)" >
  117.         <meta name="robots" content="noindex,nofollow" >
  118.         <title><?php if($bSecure){echo 'Secure ';}?>File Upload form</title>
  119.         <link media="handheld" href="css/handheld.css" type="text/css" rel="stylesheet">
  120.         <link rel="stylesheet" type="text/css" media="all" href="css/main.css">
  121.         <script type="text/javascript" src="js/common.js"></script>
  122.         <script type="text/javascript" src="js/FileListing.js"></script>
  123.         <script type="text/javascript" src="js/PageController.js"></script>
  124.     </head>
  125. <body id="home">
  126. <table border="0" cellpadding="0" cellspacing="0" width="627" align="center">
  127. <tr>
  128.     <td>
  129.     <div id="logo">
  130.     <img src="../images/logoGreyPurple.gif" width="627" height="75" border="0" alt="" /></div>    </td>
  131. </tr>
  132. </table>
  133.  
  134.  
  135. <table border="0" cellpadding="0" cellspacing="0" width="627" align="center">
  136. <tr>
  137.     <td>
  138.     <div id="imgHeader">
  139.     <img src="../images/acounts.jpg"  width="627" height="33" border="0" alt="" /></div>
  140.  
  141.     <div id="nav">
  142.     <ul>
  143.         <li><a href="index.html">Home</a></li>
  144.         <li><a href="about.html">About</a></li>
  145.         <li><a href="HowWeWork.html">How we work</a></li>
  146.         <li><a href="requirementsForm.html">Requirements Form</a></li>
  147.         <li><a href="servicesAndRates.html">Services &amp; Rates</a></li>
  148.         <li><a href="contact.html">Contact</a></li>
  149.     </ul>
  150.  
  151. </div>
  152. </table>    
  153.  
  154. <div id="container">
  155.     <ul id="skip">
  156.         <li><a href="#main">Skip to main content</a></li>
  157.         <li><a href="#form">Skip to the upload form</a></li>
  158.     </ul>
  159. <iframe id="uploadIfr" src="blank.htm" name="uploadIfr" class="hiddenUploadIframe" title="ignore this frame"></iframe>
  160.  
  161.     <!-- @@@ listing of uploaded files -->
  162.     <div id="uploadedFiles">
  163.     </div>
  164.     <!-- end listing of uploaded files @@@ -->
  165.  
  166.     <a name="main"></a>
  167.     <h1><?php if($bSecure){echo 'Secure file';}else{echo 'File';}?> uploading</h1>
  168.     <?php 
  169.     if($bSecure){
  170.     ?>
  171.     <p class="message" id="annotationSecure">
  172.     Uploading files using this web page is secure. This webpage transmits the file using a high-level encryption so that 
  173.     only I will be able to access the information. 
  174.     Web pages beginning with &quot;https&quot; instead of &quot;http&quot; enable secure information transmission.
  175.     </p><?php
  176.     }else{
  177.         echo "<p></p>";
  178.     }
  179.     ?>
  180.  
  181.  
  182.     <div id="frmAttachFile_ErrorMessage" class="form_boxErrorMsg" style="display: none"></div>
  183.  
  184.     <!-- @@@ file upload form -->
  185.     <div id="fileuploadForm"><a name="form"></a>
  186.     <form name='frmUploadFile' id="frmUploadFile" action="index.php" method="post" enctype="multipart/form-data" > <!-- uploadIfr -->
  187.         <fieldset title="Choose the file to upload">
  188.             <legend> 1: Choose a file to upload</legend>
  189.             <p>Click the button to browse the file system of your computer. Find and select the file you want to upload.</p>
  190.  
  191.             <label for="fileInput" class="form_label">File:</label>
  192.             <input type="file" accept="" name="_file" id="fileInput" >
  193.         </fieldset>
  194.         <fieldset id="confirmation" title="Confirmation">
  195.             <legend> 2: Upload file</legend>
  196.             <p>When you have selected the file to upload, click on the <strong>Upload</strong> button.</p>
  197.             <div class="actionBar" id="submitBtnBox">
  198.                 <input type="submit" value="Upload" >
  199.             </div>
  200.  
  201.         </fieldset>
  202.     </form>
  203.     </div>
  204.     <!-- end file upload form @@@ -->
  205. </div>
  206. </div>
  207. </body></html>
  208.  
This is the css if you want to have a look

Expand|Select|Wrap|Line Numbers
  1. BODY {
  2.     margin: 50px 0px 0px 0px;      
  3.     padding: 0px 0px 0px 0px;
  4.     font-family: arial, helvetica, sans-serif;
  5.  
  6. /* part 1 of 2 centering hack */
  7.     color:#000;
  8.     background:#C2CACB;
  9.     font-family:  arial, helvetica, sans-serif;
  10.     font-size: x-small; /* for IE5/Win */
  11.     voice-family: "\"}\""; 
  12.     voice-family: inherit;
  13.     font-size: small; /* for compliant browsers */
  14. html>body {font-size:small;}
  15.  
  16. #container {
  17.     font-size: 110%;
  18.     margin-right: auto;
  19.     margin-left: auto;     /* opera does not like 'margin:20px auto' */
  20.     background: #fff;
  21.     border:solid 1px #FFFFFF;
  22.     text-align:left; /* part 2 of 2 centering hack */
  23.     width: 627px; /* ie5win fudge begins */
  24.     voice-family: "\"}\"";
  25.     voice-family:inherit;
  26.     width: 627px;
  27. }
  28.  
  29. form {
  30.     margin: 0;
  31. }
  32.  
  33. #skip {
  34.     display: none;
  35. }
  36.  
  37. h1 {
  38.     font-size: 170%;
  39.     background: transparent url(../imgs/green_up.gif) no-repeat right;
  40.     padding-right: 40px;
  41.     padding-right: 30px;
  42.     display: inline;
  43. }
  44.  
  45. #uploadedFiles {
  46.     margin-bottom: 20px;
  47. }
  48.  
  49. #fileuploadForm {
  50.     margin-right: auto;                                                         
  51.     margin-left: auto;     /* opera does not like 'margin:20px auto' */
  52.     background: #fff;
  53.     border:solid 1px #FFFFFF;
  54.     text-align:left; /* part 2 of 2 centering hack */
  55.     width: 625px; /* ie5win fudge begins */
  56.     voice-family: "\"}\"";
  57.     voice-family:inherit;
  58.     width: 627px;                           
  59. }
  60.  
  61. fieldset {
  62.     border-left:0;
  63.     border-right:0;
  64.     border-bottom:0;
  65.     padding: 0.5em;
  66. }
  67.  
  68. legend {
  69.     background-color:#B2CBE7;
  70.     color:#000;
  71.     font-weight:bold;
  72.     margin:0px;
  73.     padding:5px 10px;        
  74. }
  75.  
  76. #confirmation {
  77.     margin-top: 2em;
  78. }
  79.  
  80. .actionBar {
  81.     background-color:#B2CBE7;
  82.     padding: 0.6em;
  83.     text-align: center;
  84.  
  85. }
  86.  
  87. .actionBar input {
  88.     font-size: 110%;
  89. }
  90.  
  91. .hiddenUploadIframe {
  92.     width:0;
  93.     height:0;
  94.     border:0;
  95.     position: absolute;
  96.     top: -1000px;
  97. }
  98.  
  99.  
  100.  
  101. /* Msg boxes
  102. ------------------------------ */
  103. .message {
  104.     margin: 1.5em 0;
  105. /*    padding: 15px;*/
  106.     font-size: 90%;
  107.     line-height: 1.5em;    
  108.     border-left: none;
  109.     border-right: none;
  110. }
  111.  
  112. .success {
  113.     background-color: #A2D489;
  114.     border-top: 3px solid #339900;
  115.     border-bottom: 3px solid #339900;
  116. }
  117.  
  118. .error {
  119.     background-color: #FFDDCC;
  120.     border-top: 3px solid #DD0000;
  121.     border-bottom: 3px solid #DD0000;
  122. }
  123.  
  124. .alert {
  125.     background-color: #FFF3CE;
  126.     border-top: 3px solid #FDDC9A;
  127.     border-bottom: 3px solid #FDDC9A;
  128. }
  129.  
  130. #annotationSecure {
  131.     background: #FFFFAA ;
  132.     padding:2px;
  133. /*  padding-left: 15px;*/
  134. }
  135.  
  136.  
  137.  
  138. /* Uploaded files
  139. ------------------------------ */
  140. table {
  141.     border-collapse:collapse;
  142. }
  143. #uploadedFiles caption {
  144.     line-height: 2.1em;
  145.     text-align: left;
  146.     padding-left: 20px;
  147.     background: #fff url(../imgs/lock.png) no-repeat left;
  148. }
  149. #uploadedFiles th,
  150. #uploadedFiles td{
  151.     border:1px solid #CCCCCC;
  152.     padding:0.5em;
  153. }
  154.  
  155. #uploadedFiles thead{
  156.     background-color:#DDDDDD;
  157. }
  158.  
  159. #uploadedFiles tr.rowodd {
  160.     background-color:#FFFFFF;
  161. }
  162. #uploadedFiles tr.roweven {
  163.     background-color:#F2F2F2;
  164. }
  165.  
  166.  
  167. /* Busy page
  168. ------------------------------ */
  169. #dropSheet{
  170.   background-color/**/: #000000;
  171.   background-image: url(imgs/dots.gif);
  172.   background-image/**/: none;
  173.   opacity: 0.35;
  174.   filter: alpha(opacity=35);
  175. }
  176. div.busyDialog {
  177.     background-color: #ECB7B2;
  178.     font-size: 110%;
  179.     font-weight: bold;
  180.     margin: 0;
  181.     padding: 0;
  182. }
  183. div.busyDialog p {
  184.     margin:0;
  185.     padding: 5px;
  186. }
  187.  
  188. /*    Footer    */
  189.  
  190. #footer {
  191.     width:627px; 
  192.     height:20px;
  193.     background-color:#FFFFFF;
  194.     font-family:Arial, Helvetica, sans-serif;
  195.     font-size:0.8em;
  196.     color:black;
  197.     text-align:center;
  198.     font-weight:normal;
  199.     padding-top:1%;
  200. }
  201.  
  202. /*Links - a, a:visited*/    
  203. a {
  204.     text-decoration: none;
  205.     color:  #000000;
  206.     }
  207.  
  208. a:visited {
  209.     color:#000000;
  210.     text-decoration:none;
  211. }
  212.  
  213.  
  214. /*    Misc    */
  215.  
  216. .margin {  /*margin between content &amp; footer*/        
  217.     margin-top:1.5%;
  218. }    
  219.  
  220. #nav {
  221.     width:627px;        
  222.     float:left;
  223.     font-family:Arial, Helvetica, sans-serif;
  224.     font-size:1.0em;
  225.     color:#ffffff;
  226. }
  227.  
  228. #nav ul {
  229.     background-color:#ffffff;
  230.     text-align:left;
  231.     font-size:1.0em;
  232.     font-family:Arial, Helvetica, sans-serif;
  233.     margin-left:0.95%;
  234.     padding-left:0;
  235.     margin-top:-.55%;
  236. }
  237.  
  238. #nav li {
  239.     list-style-type:none;
  240.     padding:1.6em 1em;
  241.     display:inline;
  242.     color:#5F5E61;
  243. }
  244.  
  245. #imgHeader {
  246.     margin-top:2%;
  247. }
  248.  
May 24 '08 #1
Share this Question
Share on Google+
5 Replies


Markus
Expert 5K+
P: 6,050
The css is irrelevant :)

Quite a lengthy code as well.

At the moment I don't have time to check it out, but as a rule: don't use hotscripts. Have a look at this w3schools upload - well documented and cleaner.

Cheers
May 24 '08 #2

P: 35
thanks,

is there a way of making the upload script a bit more secure so only certain people can upload onto the server
May 24 '08 #3

Markus
Expert 5K+
P: 6,050
thanks,

is there a way of making the upload script a bit more secure so only certain people can upload onto the server
You'd need a registration system, which takes usernames, etc. Then a login system - once logged in, set a session which says "logged_in" = true.

Check for this session on your upload page, if it's set, allow the upload, else, don't.

:)
May 25 '08 #4

P: 35
thanks markusn00b,

Your help much appreciated, decided not to have login, anyway, I read through the W3Schools php file upload link which you provided, newbie to php, so found it easy to understand but when I uploaded the 'upload page' and checked on the server to see if the .xls (excel - only want this type of file) file was in the upload folder, it wasn't, don't know why?

Also if I want the .xls file to use a high-level encryption so that only I will be able to access the information would this be the correct php code
Expand|Select|Wrap|Line Numbers
  1. <?php if($bSecure){echo 'Secure file';}else{echo 'File';}?>
After the file has been uploaded how would I write 'thank you for uploading your file'

Expand|Select|Wrap|Line Numbers
  1. <?php
  2. if ((($_FILES["file"]["type"] == ".xls")
  3. || ($_FILES["file"]["type"] == ".xls")
  4. || ($_FILES["file"]["type"] == ".xls"))
  5. && ($_FILES["file"]["size"] ))
  6.   {
  7.   if ($_FILES["file"]["error"] > 0)
  8.     {
  9.     echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
  10.     }
  11.   else
  12.     {
  13.     echo "Upload: " . $_FILES["file"]["upload_file.php"] . "<br />";
  14.     echo "Type: " . $_FILES["file"][".xls"] . "<br />";
  15.     echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
  16.     echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
  17.  
  18.     if (file_exists("upload/" . $_FILES["file"]["name"]))
  19.       {
  20.       echo $_FILES["file"]["upload_file.php"] . " already exists. ";
  21.       }
  22.     else
  23.       {
  24.       move_uploaded_file($_FILES["file"]["upload"],
  25.       "upload/" . $_FILES["file"]["name"]);
  26.       echo "Stored in: " . "upload/" . $_FILES["file"]["upload"];
  27.       }
  28.     }
  29.   }
  30. else
  31.   {
  32.   echo "Invalid file";
  33.   }
  34. ?>
  35.  
May 28 '08 #5

Markus
Expert 5K+
P: 6,050
First question: you need to specify correct mime types for the ['type'] check.

HAve a look at this for mime types of xls

Second question: confused?

Third question: the else statement on line 22 is where the file is uploaded successfully.
So, in this statement echo "Thankyou..."

:)
May 28 '08 #6

Post your reply

Sign in to post your reply or Sign up for a free account.