|
PHP - Script Won't Upload The Image! Permission Denied
Hi
I have an image uploading script that won't upload images... It worked at one point when i had folder permission at 0777 but i was told that is risky so i changed it to 0775 Now it won't work and i can't use 0777. Any one know what i need to do to get it to work? This is my script: Code: [Select] <?php $salt = 35322232414; $name = $salt.$safe; $name = md5($name); if(isset($_POST['submit'])){ if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 1000000)) { if ($_FILES["file"]["error"] > 0) { echo $_FILES["file"]["error"]; } else { $filename = md5(serverdate()) . $_FILES["file"]["name"]; if (file_exists("userimages/".$name."/".$filename)) { echo "Image already uploaded!"; } else { if (is_dir("userimages/".$name) == FALSE){ mkdir("userimages/".$name, 0775); //permissions } move_uploaded_file($_FILES["file"]["tmp_name"], "userimages/".$name."/" . $filename); echo "Image has been uploaded!"; } Error i get: Quote Warning: move_uploaded_file(images/73640de25b7d656733ce2f808a330f18/7fc9cb9cf5ae1f7a5dd9105d3f9559fb_63.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in uploadfile.php on line 41 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpjrX3SO' to 'images/73640de25b7d656733ce2f808a330f18/7fc9cb9cf5ae1f7a5dd9105d3f9559fb_63.jpg' in uploadfile.php on line 4 Similar TutorialsSo i am on a shared host and it seems that only 777 allows me to upload images on a certain folder , not 755 , just 777... is it because of the shared host or thats how it works? PS: i really didnt know where to post it so if a mod can move it , i'd appreciate it. Hi. I'm trying to make my folder management tool able to remove stuff. Problem is, I get permission denied.
I've checked the NFTS perms for the share and for the folder. It's also not read only. I logged into my other workstation as the service account the web server is using and opened a DOS window and did "rd \\server\share\folder" and it removed it no problem. It just fails in PHP. Any idea what I should be looking at? Thanks!
Edited by Strahan, 02 August 2014 - 05:06 PM. I want to delete an image file from a folder using unlink. The code is : Code: [Select] $movie_id = $checkbox[$i]; $sql = "DELETE from movie_basic_details where `movie_id` = '$movie_id'"; $result = mysql_query($sql) or die(mysql_error()); $sql1 = "DELETE from movie_details where `movie_id` = '$movie_id'"; $result = mysql_query($sql1) or die(mysql_error()); $sql2 = "DELETE from movie_stars where `movie_id` = '$movie_id'"; $result = mysql_query($sql2) or die(mysql_error()); $query = "select movie_name from movie_basic_details where movie_id = '$movie_id'"; $res = mysql_query($query) or die(mysql_error()); $data = mysql_fetch_array($res); unlink("upload/movies/".$data['movie_name']); } The entries in the database have been deleted but only the image corresponds to that entry do not get deleted. The following warning comes up : Warning: unlink(upload/movies/) [function.unlink]: Permission denied in C:\wamp\www\ContentPanel\deletemovies.php on line 23 I have uploaded the files using $_FILES server variable and move_uploaded_file function. I am running this script on windows 7. Please Help. Hmm, hello everyone, i'm running my php in an ubuntu server and I'm trying to run a command using exec (i.e. 'echo 1 > /var/www/test.txt') but I always get a permission denied issue, although i've already changed the permissions to 777 (read-write-execute) Any solution? I am getting this error Warning: ftp_put() [function.ftp-put]: Can't open that file: Permission denied in /home/chris/public_html/site-name/wp-content/setup.php on line 62 Code: [Select] $conn_id = ftp_connect($host, 21) or die ("Cannot connect to host"); ftp_login($conn_id, $usr, $pwd) or die("Cannot login"); // turn on passive mode transfers (some servers need this) // ftp_pasv ($conn_id, true); $upload = ftp_put($conn_id, $file[0], $file[1], FTP_ASCII); print (!$upload) ? die('Cannot upload') : 'Upload complete'; print "\n"; The permissions to the file is 0644, if I change it to 0777 ftp_put complains and says the file is not found. How can I ftp this file? What is going on? Thanks, Chris Hi, On login page load, (even before submitting user name and pass) Debugger finds "permission denied error", can see it he goldpharm.co.il/authentication.php Now, when a user submit's user name and pass, nothing happens, it stays on the login page. I am not sure in what code the bug is , can you tell by the bug error in this page: goldpharm.co.il/authentication.php ? and how can it be fixed? , should I post the code? Thanks. I'm getting this error when I try to fwrite to a directory: Quote failed to open stream: Permission denied I have added the user www-data to the group which has permission to the directory? The directory is this: /home/directory1/documents directory1 = drwxr-x--- documents = drwxrwx--- Does anyone know whats going on? I have a PHP web system that store in a windows server. In the system, there is a function for user to upload files to another server (Shared server in Unix). When i try to upload a file, it gives warning: Warning: move_uploaded_file(\\unixserver/sharedfolder/upload/test.txt) [function.move-uploaded-file]: failed to open stream: Permission denied in C:\wamp\www\upload\index.php on line 40 For your information, my username has been assigned in xxx's group that has access to read and write on that folder. Besides, i'm able to open,create and delete files on that folder's server manually (samba). The safe mode setting is off. Does anybody has any idea why this thing happen? I'm trying to open a URL using fopen() and I keep getting this error: Code: [Select] Failed to open stream: Permission deniedI can not work out what is wrong, it's not a firewall as far as I can tell. I am using apache web server on linux. I am using PHP for web designing. On web server, i want to show the configuration data by reading the ini file. I am creating this ini file from one php code itself. If this php code i run through linux terminal, the file is created with file and group owner as root.(i am having sudo rights on machine) Then if i try to read the ini file from my apache web server, it gives warning as failed to open stream: permission denied. I have tried changing the owner, and permissions to 777 of the file. Still it is not readable.
On the other hand, if i run the php code of ini file creation through web server, ini file is created with file and group owner as apche. and web server is able to read/ write the file.
But i want to create that file from root or some other user and later read/written by apache.
How to give this access permission?
this script is supposed to save my $csvfile to a .sql file name $ouputfile into a folder called files/ $csvfile = $_FILES['file']['name']; //form from another folder $save = 1; $outputfile = "output.sql"; here is the save script if($save) { chmod($csvfile, 0777); if(!is_writable($outputfile)) { echo "File is not writable, check permissions.\n"; //when i execute this script, it goes in here } else { $file2 = fopen($outputfile,"w"); if(!$file2) { echo "Error writing to the output file.\n"; } else { fwrite($file2,$queries); fclose($file2); } } I am trying to run the following code to upload a file. (WAMP using Win XP). Once I select the file and click submit I get the error: "Forbidden... You don't have permission to access /< on this server." with URL http://localhost/<?=$PHP_SELF?> Code is below: <form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data"> <br/><br/> Choose a file to upload:<br/> <input type="file" name="upload_file"> <br/> <input type="submit" name="submit" value="submit"> </form> TIA Hi All Not so much help as here is a handy class for uploading images Please feel free to find security bugs and let me know. Also feel free to use it if you want. http://onlyican.com/test_samples/bl_upload_img.phps To use the class, simply use the following require_once('bl_upload_img.php'); $objUploadImg = new UploadImg(); //Set values here if you wish such as $objUploadImg->setFormField('myFormField'); // The Name from <input type="file" name="myFormField" /> $objUploadImg->setSaveDirMain($_SERVER['DOCUMENT_ROOT'].'/MyImageFolder'; //Make sure to set the permissions //You can change most settings, just look at the function setDetaultValues() to get the function name //Now upload the image if($objUploadImg->uploadImage()){ $strFileName = $objUploadImg->getFileNameMain(); }else{ echo 'Error uploading Image<br />'.$objUploadImg->getErrorMessage(); } hello i am adding an image upload script, so users can upload a image with the recipe they are adding, but my script seems to not work, these are the files. add_recipe.php <?php // Start_session, check if user is logged in or not, and connect to the database all in one included file include_once("scripts/checkuserlog.php"); // Include the class files for auto making links out of full URLs and for Time Ago date formatting include_once("wi_class_files/autoMakeLinks.php"); include_once ("wi_class_files/agoTimeFormat.php"); // Create the two objects before we can use them below in this script $activeLinkObject = new autoActiveLink; $myObject = new convertToAgo; ?> <?php // Include this script for random member display on home page include_once "scripts/homePage_randomMembers.php"; ?> <?php $sql_blabs = mysql_query("SELECT id, mem_id, the_blab, blab_date FROM blabbing ORDER BY blab_date DESC LIMIT 30"); $blabberDisplayList = ""; // Initialize the variable here while($row = mysql_fetch_array($sql_blabs)){ $blabid = $row["id"]; $uid = $row["mem_id"]; $the_blab = $row["the_blab"]; $notokinarray = array("fag", "gay", "shit", "fuck", "stupid", "idiot", "asshole", "cunt", "douche"); $okinarray = array("sorcerer", "grey", "shug", "farg", "smart", "awesome guy", "asshole", "cake", "dude"); $the_blab = str_replace($notokinarray, $okinarray, $the_blab); $the_blab = ($activeLinkObject -> makeActiveLink($the_blab)); $blab_date = $row["blab_date"]; $convertedTime = ($myObject -> convert_datetime($blab_date)); $whenBlab = ($myObject -> makeAgo($convertedTime)); //$blab_date = strftime("%b %d, %Y %I:%M:%S %p", strtotime($blab_date)); // Inner sql query $sql_mem_data = mysql_query("SELECT id, username, firstname, lastname FROM myMembers WHERE id='$uid' LIMIT 1"); while($row = mysql_fetch_array($sql_mem_data)){ $uid = $row["id"]; $username = $row["username"]; $firstname = $row["firstname"]; if ($firstname != "") {$username = $firstname; } // (I added usernames late in my system, this line is not needed for you) /////// Mechanism to Display Pic. See if they have uploaded a pic or not ////////////////////////// $ucheck_pic = "members/$uid/image01.jpg"; $udefault_pic = "members/0/image01.jpg"; if (file_exists($ucheck_pic)) { $blabber_pic = '<div style="overflow:hidden; width:40px; height:40px;"><img src="' . $ucheck_pic . '" width="40px" border="0" /></div>'; // forces picture to be 100px wide and no more } else { $blabber_pic = "<img src=\"$udefault_pic\" width=\"40px\" height=\"40px\" border=\"0\" />"; // forces default picture to be 100px wide and no more } $blabberDisplayList .= ' <table width="100%" align="center" cellpadding="4" bgcolor="#CCCCCC"> <tr> <td width="7%" bgcolor="#FFFFFF" valign="top"><a href="profile.php?id=' . $uid . '">' . $blabber_pic . '</a> </td> <td width="93%" bgcolor="#EFEFEF" style="line-height:1.5em;" valign="top"><span class="greenColor textsize10">' . $whenBlab . ' <a href="profile.php?id=' . $uid . '">' . $username . '</a> said: </span><br /> ' . $the_blab . '</td> </tr> </table>'; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <meta name="Description" content="Web Intersect is a deft combination of powerful free open source software for social networking, mixed with insider guidance and tutorials as to how it is made at its core for maximum adaptability. The goal is to give you a free website system that has a network or community integrated into it to allow people to join and interact with your website when you have the need." /> <meta name="Keywords" content="web intersect, how to build community, build social network, how to build website, learn free online, php and mysql, internet crossroads, directory, friend, business, update, profile, connect, all, website, blog, social network, connecting people, youtube, myspace, facebook, twitter, dynamic, portal, community, technical, expert, professional, personal, find, school, build, join, combine, marketing, optimization, spider, search, engine, seo, script" /> <title>CookBookers</title> <link href="style/main.css" rel="stylesheet" type="text/css" /> <link rel="icon" href="favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" /> <script src="js/jquery-1.4.2.js" type="text/javascript"></script> <style type="text/css"> #Layer1 { height:210px; } body { background-color: #3c60a4; } .style4 {font-size: 36px} </style> </head> <body> <p> <?php include_once "header_template.php"; ?> </head> <body style="margin:0px;"> <center> </p> <p> </p> <table border="0" align="center" cellpadding="0" cellspacing="0" class="mainBodyTable"> <tr> <td width="124" valign="top"> <td width="776" colspan="2" align="left" valign="top" style="background-color:#EFEFEF; border:#999 0px; padding:10px;"> <table border="0" cellpadding="6"> </table> <table width="574" border="0"> <form enctype="multipart/form-data" action="include/recipe.php" method="post"> <span class="style4">Add Recipie</span> <tr> <th width="232" scope="col"></th> <th width="332" scope="col"> </th> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Public:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input name="Pub" value="1" type="checkbox" id="Pub"/> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Title:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input type="text" name="title" /> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Prep time:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input type="text" name="prep" /> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Cooking time:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input type="text" name="cook" /> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Makes:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <input type="text" name="make" /> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Ingrediants:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <textarea rows="5" name="ingr" cols="40"></textarea> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Method: </span></td> <td><span style="margin-bottom:5px; color:brown;"> <textarea rows="5" name="desc" cols="40"></textarea> </span></td> </tr> <tr> <td><span style="margin-bottom:5px; color:brown;">Notes:</span></td> <td><span style="margin-bottom:5px; color:brown;"> <textarea rows="5" name="note" cols="40"></textarea> </span></td> </tr> <tr> <td><input type="hidden" name="MAX_FILE_SIZE" value="1000000" /> Choose a picture to upload: <input name="uploaded_file" type="file" /></td> </tr> <tr> <td><input name="submit" type="submit" style="padding:5px 10px;" value="Submit" /></td> </tr> <tr> <td> </td> </tr> </table> </tr> </table> </td> </tr> </table> <?php include_once "footer_template.php"; ?> </body> recipe.php (upload form script) <?php //include("session.php"); include("database.php"); @session_start(); $user = $_SESSION['username']; mysql_real_escape_string($user); //die($user); $Pub=$_POST['Pub']; $title=$_POST['title']; $prep=$_POST['prep']; $cook=$_POST['cook']; $make=$_POST['make']; $ingr=$_POST['ingr']; $desc=$_POST['desc']; $note=$_POST['note']; //if($user=="Guest"||$user==""){ //header("Location: ../index.php"); //} //else{ $database->AddRecipe($user,$Pub,$title,$prep,$cook,$make,$ingr,$desc,$note); $uploaded_file=$_POST['files']['uploaded_file'] //Сheck that we have a file if ((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) { //Check if the file is JPEG image and it's size is less than 350Kb $filename = basename($_FILES['uploaded_file']['name']); $ext = substr($filename, strrpos($filename, '.') + 1); if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") && ($_FILES["uploaded_file"]["size"] < 350000)) { //Determine the path to which we want to save this file $newname = dirname(__FILE__).'/upload/'.$filename; //Check if the file with the same name is already exists on the server if (!file_exists($newname)) { //Attempt to move the uploaded file to it's new place if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) { echo "It's done! The file has been saved as: ".$newname; } else { echo "Error: A problem occurred during file upload!"; } } else { echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists"; } } else { echo "Error: Only .jpg images under 350Kb are accepted for upload"; } } else { echo "Error: No file uploaded"; } header("Location: ../recipe_added.php"); //} ?> Hey guys!! i'm after a bit of help with a script i am using for simple image upload to server. At the moment the script works fine and will allow upload of JPG files, i want to extend on this to allow GIF and PNG files to be uploaded aswell. This is the script i am using... <?php //?heck that we have a file if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) { //Check if the file is JPEG image and it's size is less than 600Kb $filename = basename($_FILES['uploaded_file']['name']); $ext = substr($filename, strrpos($filename, '.') + 1); if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") && ($_FILES["uploaded_file"]["size"] < 600000)) { //Determine the path to which we want to save this file $newname = dirname(__FILE__).'/uploads/'.$filename; //Check if the file with the same name is already exists on the server if (!file_exists($newname)) { //Attempt to move the uploaded file to it's new place if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) { echo "Upload Complete! You can use the following link in the IMS:" .$newname; } else { echo "Error: A problem occurred during file upload!"; } } else { echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists"; } } else { echo "Error: Only .jpg images under 600Kb are accepted for upload"; } } else { echo "Error: No file uploaded"; } // $sessionid=session_id() //$newname=$_SESSION['session_name'] header( 'Location: success.php?newname1='.$filename ) ; ?> Any help would be appriciated!! ta!! jonny Hi guys, I've got an image uploader based on Uploadify, first let me set out what I want the script to do and what it currently does/doesn't do: Upload files of various types into folders named with the Order ID - OK Process the files by checking the file type and acting accordingly - OK Create thumbnails of the images in the /thumbs subdirectory - OK If the file is a PDF, create JPEG images of all pages and subsequent thumbnails - OK If the file is a ZIP, unzip and re-process the contents based on the above rules - FAIL As you can see I'm nearly at the end of my wishlist with this script, currently when it receives a ZIP file is unzip's it correctly placing the contents in the parent (Order-ID) directory however I'm then left with the same situation I have at the very beginning of the script, for example: File in -> "What kind of file are you?" -> Process file based on the answer. What I need to do is: File in -> "What kind of file are you? Oh! a Zip File, let's unzip and ask the same question of the contents!" -> Process contents. So basically I need to ask the same question twice, once of the zip and once of the contents of the unzipped file. This is where I'm struggling, someone told me to use a function which I tried but it kept breaking and I wasn't sure why. Therefore I have attached 2 files. 1 which currently works 99% except for "asking the question again" and one which doesn't work but I was told is the right way to do it File 1: Works 99%. Code: [Select] <?php /* TomBigFile v2.0 Based on Uploadify v2.1.4 Automatic folder creation dependant on order number with a thumbnail subdirectory. All files in are subject to a process which determines their type and acts accordingly. PDF's are automatically converted on the fly to 2 sets of JPEG's and stored accordingly to be accessed by Customer Accounts and Sales Order details area. Revised May 2011 */ // RECEIVE THE DATA FROM THE UPLOAD AND ASSIGN THE VARIABLES if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/'; $targetFile = str_replace('//','/',$targetPath) . $_FILES['Filedata']['name']; // $fileTypes = str_replace('*.','',$_REQUEST['fileext']); // $fileTypes = str_replace(';','|',$fileTypes); // $typesArray = split('\|',$fileTypes); // $fileParts = pathinfo($_FILES['Filedata']['name']); // if (in_array($fileParts['extension'],$typesArray)) { // CREATE THE PARENT DIRECTORY BASED ON ORDER ID AND THE THUMBS SUBDIRECTORY mkdir(str_replace('//','/',$targetPath), 0755, true); mkdir($targetPath . "thumbs", 0755, true); // create thumbs dir move_uploaded_file($tempFile,$targetFile); echo str_replace($_SERVER['DOCUMENT_ROOT'],'',$targetFile); // } else { // echo 'Invalid file type.'; // } } // BEGIN CHECKING THE IMAGE LOOKING AT THE FILE TYPE AND ACTING ACCORDINGLY $imgsize = getimagesize($targetFile); switch(strtolower(substr($targetFile, -3))){ case "pdf": $large = substr_replace($targetFile , 'jpg', strrpos($targetFile , '.') +1); $thumbnail = dirname($large).'/thumbs/'.basename(substr($large, 0, -4)."_thumb".strtolower(substr($large, -4))); $cmd = "$targetFile -write $large -thumbnail 64x64 $thumbnail "; exec("convert $cmd "); exit; break; case "jpg": $image = imagecreatefromjpeg($targetFile); break; case "png": $image = imagecreatefrompng($targetFile); break; case "gif": $image = imagecreatefromgif($targetFile); break; case "zip": $zip = new ZipArchive(); $zip->open($targetFile); $zip->extractTo($targetPath); $zip->close(); break; default: exit; break; } $width = 60; //New width of image $height = $imgsize[1]/$imgsize[0]*$width; //This maintains proportions $src_w = $imgsize[0]; $src_h = $imgsize[1]; $picture = imagecreatetruecolor($width, $height); imagealphablending($picture, false); imagesavealpha($picture, true); $bool = imagecopyresampled($picture, $image, 0, 0, 0, 0, $width, $height, $src_w, $src_h); // SAVE THE IMAGE(S) if($bool){ switch(strtolower(substr($targetFile, -3))){ case "jpg": //header("Content-Type: image/jpeg"); $bool2 = imagejpeg($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); break; case "png": //header("Content-Type: image/png"); imagepng($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); break; case "gif": //header("Content-Type: image/gif"); imagegif($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); break; } } imagedestroy($picture); imagedestroy($image); echo '1'; // Important so upload will work on OSX ?> File 2: Doesn't work for me but I was told is correct method(s). Code: [Select] <?php /* TomBigFile v2.0 Based on Uploadify v2.1.4 Automatic folder creation dependant on order number with a thumbnail subdirectory. All files in are subject to a process which determines their type and acts accordingly. PDF's are automatically converted on the fly to 2 sets of JPEG's and stored accordingly to be accessed by Customer Accounts and Sales Order details area. Revised May 2011 */ if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $_REQUEST['folder'] . '/'; $targetFile = str_replace('//','/',$targetPath) . $_FILES['Filedata']['name']; // $fileTypes = str_replace('*.','',$_REQUEST['fileext']); // $fileTypes = str_replace(';','|',$fileTypes); // $typesArray = split('\|',$fileTypes); // $fileParts = pathinfo($_FILES['Filedata']['name']); // if (in_array($fileParts['extension'],$typesArray)) { // Uncomment the following line if you want to make the directory if it doesn't exist mkdir(str_replace('//','/',$targetPath), 0755, true); mkdir($targetPath . "thumbs", 0755, true); // create thumbs dir move_uploaded_file($tempFile,$targetFile); echo str_replace($_SERVER['DOCUMENT_ROOT'],'',$targetFile); // } else { // echo 'Invalid file type.'; // } } // start again here after ZIP!!!! function fileScanner($targetFile, $targetPath) { $imgsize = getimagesize($targetFile); $width = 60; //New width of image $height = $imgsize[1]/$imgsize[0]*$width; //This maintains proportions $src_w = $imgsize[0]; $src_h = $imgsize[1]; $picture = imagecreatetruecolor($width, $height); imagealphablending($picture, false); imagesavealpha($picture, true); $bool = imagecopyresampled($picture, $image, 0, 0, 0, 0, $width, $height, $src_w, $src_h); if($bool){ switch(strtolower(substr($targetFile, -3))){ case "jpg": //header("Content-Type: image/jpeg"); $bool2 = imagejpeg($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); break; case "png": //header("Content-Type: image/png"); imagepng($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); break; case "gif": //header("Content-Type: image/gif"); imagegif($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); break; } } imagedestroy($picture); imagedestroy($image); } $imgsize = getimagesize($targetFile); switch(strtolower(substr($targetFile, -3))){ case "pdf": $large = substr_replace($targetFile , 'jpg', strrpos($targetFile , '.') +1); $thumbnail = dirname($large).'/thumbs/'.basename(substr($large, 0, -4)."_thumb".strtolower(substr($large, -4))); $cmd = "$targetFile -write $large -thumbnail 64x64 $thumbnail "; exec("convert $cmd "); exit; break; case "jpg": $image = imagecreatefromjpeg($targetFile); break; case "png": $image = imagecreatefrompng($targetFile); break; case "gif": $image = imagecreatefromgif($targetFile); break; case "zip": $zip = new ZipArchive(); $zip->open($targetFile); $zip->extractTo($targetPath); $zip->close(); fileScanner($targetFile, $targetPath); break; default: exit; break; } fileScanner($targetFile, $targetPath); // $width = 60; //New width of image // $height = $imgsize[1]/$imgsize[0]*$width; //This maintains proportions // // $src_w = $imgsize[0]; // $src_h = $imgsize[1]; // // // $picture = imagecreatetruecolor($width, $height); // imagealphablending($picture, false); // imagesavealpha($picture, true); // $bool = imagecopyresampled($picture, $image, 0, 0, 0, 0, $width, $height, $src_w, $src_h); // // if($bool){ // switch(strtolower(substr($targetFile, -3))){ // case "jpg": // //header("Content-Type: image/jpeg"); // $bool2 = imagejpeg($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); // break; // case "png": // //header("Content-Type: image/png"); // imagepng($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); // break; // case "gif": // //header("Content-Type: image/gif"); // imagegif($picture,$targetPath."thumbs/".substr($_FILES['Filedata']['name'], 0, -4)."_thumb".strtolower(substr($targetFile, -4))); // break; // } // } // // imagedestroy($picture); // imagedestroy($image); echo '1'; // Important so upload will work on OSX ?> If anyone could help me with this I'd greatly appreciate it, I've been reading so many guides on functions and arguments my brain is fried and I fear I've strayed from the subject of what I want to do! Many thanks. I'm new to programming so take it easy on me but I wrote this script for php and it's not complete yet but I could use some advice on file upload security. Besides recreating the image, checking token/request and setting apache settings what else can I do to secure this application. Here's my code:
header('Content-Type: application/json');
$uploaded = array();
if(!empty($_FILES['file']['name'][0])) {
$allowedExts = array("gif", "jpeg", "pjpeg", "x-png", "jpg", "png");
foreach ($_FILES['file']['tmp_name'] as $k => $v) {
$name = $_FILES['file']['name'][$k];
$type = $_FILES['file']['type'][$k];
$error = $_FILES["file"]["error"][$k];
$size = $_FILES["file"]["size"][$k];
$tempDir = $_FILES["file"]["tmp_name"][$k];
$lowerName = strtolower($name);
$temp = explode(".", $lowerName);
$extension = end($temp);
if ((($type == "image/gif")
|| ($type == "image/jpeg")
|| ($type == "image/jpg")
|| ($type == "image/pjpeg")
|| ($type == "image/x-png")
|| ($type == "image/png"))
&& ($size < 20000)
&& in_array($extension, $allowedExts)) {
if ($error > 0) {
echo "Return Code: " . $error . "<br>";
} else {
$imageInfo = getimagesize($tempDir);
if($imageInfo['mime'] != 'image/gif' && $imageInfo['mime'] != 'image/jpeg' && $imageInfo['mime'] != 'image/jpg' &&
$imageInfo['mime'] != 'image/pjpeg' && $imageInfo['mime'] != 'image/x-png' && $imageInfo['mime'] != 'image/png') {
echo 'Sorry we only accept GIF, JPEG, JPG, PJPEG, X-PNG, PNG image files!';
}else {
switch($type) {
case 'image/gif':
$newName = md5(uniqid()). '.' .time(). '.gif';
break;
case 'image/jpeg':
$newName = md5(uniqid()). '.' .time(). '.jpeg';
break;
case 'image/jpg':
$newName = md5(uniqid()). '.' .time(). '.jpg';
break;
case 'image/pjpeg':
$newName = md5(uniqid()). '.' .time(). '.pjpeg';
break;
case 'image/x-png':
$newName = md5(uniqid()). '.' .time(). '.x-png';
break;
case 'image/png':
$newName = md5(uniqid()). '.' .time(). '.png';
break;
}
if (file_exists('images/' .Session::get(Config::get('session/session_name')). '/' .$newName)) {
echo escape($name) . " already exists. ";
} else {
if(move_uploaded_file($tempDir, 'images/' .Session::get(Config::get('session/session_name')). '/' .$newName)) {
$uploaded[] = array(
'name' => $name,
'file' => 'images/' .Session::get(Config::get('session/session_name')). '/' .$newName
);
}
}
}
}
} else {
echo 'Sorry we only accept GIF, JPEG, JPG, PJPEG, X-PNG, PNG image files!';
}
}
}
I've been researching apache Mod_mime but can't find enough info to wrap my mind around it.
Edited by Millertime1, 12 August 2014 - 01:00 PM. Hello, My upload script is working for the most part and while I know that I need a couple of little fixes and will need help with those I also wouldn't mind some tips on how I could have written it better in the first place. The 2 problems I am having. 1. If the copy image fails the script doesn't and still creates a database entry. I would like to stop it from doing that but can't seem to work it out. 2. My mate is getting file type errors even though he is trying to upload small .jpg files. I can't seem to recreate the problem. Maybe someone can see something that might be problematic?? Code: [Select] <? $idir = "../rosysartworks/gallery/"; // Path To Images Directory $tdir = "../rosysartworks/gallery/thumbs/"; // Path To Thumbnails Directory $iwidth = "600"; // Maximum Width For Thumbnail Images $iheight = "600"; // Maximum Height For Thumbnail Images $twidth = "233"; // Maximum Width For Thumbnail Images $theight = "178"; // Maximum Height For Thumbnail Images ?> <? // Catching the inputs $title = Trim(stripslashes($_POST['title'])); $paypal = Trim(stripslashes($_POST['paypal'])); // Check if the form has been submitted. if (isset ($_POST['submit'])) { $problems = FALSE; // No problems so far. // Check for each value. if (empty ($title)) { $problem = TRUE; $problems = 'You forgot to enter a title!<br />'; } if (empty ($paypal)) { $problem = TRUE; $problems = 'You forgot to enter a paypal link!<br />'; } if (!$problem) { // If there are no problems... // Uploading/Resizing Script $url = $_FILES['imagefile']['name']; // Set $url To Equal The Filename For Later Use if ($_FILES['imagefile']['type'] == "image/jpg" || $_FILES['imagefile']['type'] == "image/jpeg" || $_FILES['imagefile']['type'] == "image/pjpeg" || $_FILES['imagefile']['type'] == "image/JPG") { $file_ext = strrchr($_FILES['imagefile']['name'], '.'); // Get The File Extention In The Format Of , For Instance, .jpg, .gif or .php $copy = copy($_FILES['imagefile']['tmp_name'], "$idir" . $_FILES['imagefile']['name']); // Move Image From Temporary Location To Permanent Location if ($copy) { // If The Script Was Able To Copy The Image To It's Permanent Location // Resize for preview image. $simg = imagecreatefromjpeg("$idir" . $url); // Make A New Temporary Image To Create The Thumbanil From $currwidth = imagesx($simg); // Current Image Width $currheight = imagesy($simg); // Current Image Height if ($currwidth > $iwidth && $currheight > $iheight) { $newwidth = $iwidth; $newheight = $newwidth * $currheight / $currwidth; if ($newheight > $iheight) { $newheight = $iheight; $newwidth = $newheight * $currwidth / $currheight; } $dimg = imagecreatetruecolor($newwidth, $newheight); // Make New Image For Preview imagetruecolortopalette($simg, false, 256); // Create New Color Pallete $palsize = ImageColorsTotal($simg); for ($i = 0; $i < $palsize; $i++) { // Counting Colors In The Image $colors = ImageColorsForIndex($simg, $i); // Number Of Colors Used ImageColorAllocate($dimg, $colors['red'], $colors['green'], $colors['blue']); // Tell The Server What Colors This Image Will Use } imagecopyresampled($dimg, $simg, 0, 0, 0, 0, $newwidth, $newheight, $currwidth, $currheight); // Copy Resized Image To The New Image (So We Can Save It) $success = imagejpeg($dimg, "$idir" . $url, 100); // Saving The Image imagedestroy($simg); // Destroying The Temporary Image imagedestroy($dimg); // Destroying The Other Temporary Image if ($success) { print 'Preview image '.$url.' width: '.$newwidth.' height: '.$newheight.' created successfully.<br />'; // Resize successful for preview image unset($success); } } else { unset($simg, $currwidth, $currheight); } // Resize for thumbnail $simg = imagecreatefromjpeg("$idir" . $url); // Make A New Temporary Image To Create The Thumbanil From $currwidth = imagesx($simg); // Current Image Width $currheight = imagesy($simg); // Current Image Height $newwidth = $twidth; $newheight = $newwidth * $currheight / $currwidth; if ($newheight > $theight) { $newheight = $theight; $newwidth = $newheight * $currwidth / $currheight; } // maxWidth: mw, maxHeight: mh, oldHeight: oh, oldWidth: ow, newHeight: nh, newWidth: nw. // nw = mw; nh = nw * oh / ow; // if (nh > mh) { nh = mh; nw = nh * ow / oh } $dimg = imagecreatetruecolor($newwidth, $newheight); // Make New Image For Thumbnail imagetruecolortopalette($simg, false, 256); // Create New Color Pallete $palsize = ImageColorsTotal($simg); for ($i = 0; $i < $palsize; $i++) { // Counting Colors In The Image $colors = ImageColorsForIndex($simg, $i); // Number Of Colors Used ImageColorAllocate($dimg, $colors['red'], $colors['green'], $colors['blue']); // Tell The Server What Colors This Image Will Use } imagecopyresampled($dimg, $simg, 0, 0, 0, 0, $newwidth, $newheight, $currwidth, $currheight); // Copy Resized Image To The New Image (So We Can Save It) $success = imagejpeg($dimg, "$tdir" . $url, 100); // Saving The Image imagedestroy($simg); // Destroying The Temporary Image imagedestroy($dimg); // Destroying The Other Temporary Image if ($success) { print 'Image thumbnail '.$url.' width: '.$newwidth.' height: '.$newheight.' created successfully.'; // Thumbnail created successfully } } else { print '<font color="#FF0000">ERROR: Unable to upload image.</font>'; // Error Message If Upload Failed } // End upload at copy failure } else { print 'Failed to copy image to temp location.'; } } else { print '<font color="#FF0000">ERROR: Wrong filetype (has to be a .jpg or .jpeg. Yours is '; // Error Message If Filetype Is Wrong print $file_ext; // Show The Invalid File's Extention print '.</font>'; } // End upload script // Define the query. $add_new_session = $sql = "INSERT INTO `gallery` ( `id` , `title` , `image` , `thumb` , `width` , `height` , `paypal` , `date_entered` ) VALUES ( 0, '".mysql_real_escape_string(($title))."', '".mysql_real_escape_string(($url))."', '".mysql_real_escape_string(($url))."', '".mysql_real_escape_string(($newwidth))."', '".mysql_real_escape_string(($newheight))."', '".mysql_real_escape_string(($paypal))."', NOW() )"; // execute the query. if (@mysql_query ($add_new_session)) { print "<p>The new gallery image $url has been added.</p>"; unset($sessionName, $maxAttendees, $newwidth, $newheight); $hidden = 'hidden'; } else{ print '<a name="formTop"></a>'.'<p class="error">Your session has failed to upload. Please contact website support.</p>'; echo $add_new_session; } } else { // Forgot a field. // print '<p>Please try again!</p>'; $problems .= '<a name="formTop"></a>'.'Please try again!<br />'; if ($problem) { print '<p class="error">' . $problems . '</p>'; } } // End of handle form IF // Display the form print '<h2>Upload New Image</h2>' . '<p>Please only try uploading .jpg images</p>' . '<form method="post" action="index.php" enctype="multipart/form-data">' . '<label>Title:</label>' . '<input type="text" name="title" class="form">' . '<br />' . '<label>Image:</label>' . '<input type="file" name="imagefile" class="form">' . '<br />' . '<label>Paypal Link:</label>' . '<input type="text" name="paypal" class="form" size="50">' . '<br /><br />' . '<input name="submit" type="submit" value="Sumbit" class="form">' . '<input type="reset" value="Clear" class="form">' . '</form>'; ?> I've been creating my own image upload script which takes in several parameters to style an image, however when the function is used new width and new height are specified but I need to use these values to determine cropping coordinates. What I want is when a new width and height is specified, if it is squared i.e. new width is equal to new height AND the original image is not squared i.e. it is a vertical or horizontal rectangle then the central part of that image will be taken. So for example if the user uploads an image 500px high and 100px wide and sets the new width and height both at 100px the new image should be a 100px by 100px square which is taken 200px from the top of the original image. Here is the functions I currently use so far. It's just the coordinates function I can't seem to figure out. Can anyone please help me out:- Code: [Select] //gets the extension of an uploaded file function getExtension($file) { $i = strrpos($file,".");//Gets the position of the "." in the filename if (!$i) { return ""; }//If there is no "." the function ends and returns "" $l = strlen($file) - $i; $ext = substr($file,$i+1,$l); $ext = strtolower($ext); return $ext; } //checks image dimensions and scales both sizes by ratio if it exceeds the max //$w = width, $mw = max width, $h = height, $mh = max height, function checkSize($w, $mw, $h, $mh){ if($w > $mw){//Checks if width is greater than max width $ratio = $mw / $w; $h = $h * $ratio; $h = round($h); $w = $mw; } if($h > $mh){//Checks if height is greater than max height $ratio = $mh / $h; $w = $w * $ratio; $w = round($w); $h = $mh; } return array($w, $h); } //Used to get the coordinates to resize an image by function getCoords(){ } //$f = the file, $ext = file extension, $nw = new width, $nh = new height, $mw = max width, $mh = max height, $nf = new filename, $fo = folder, $des = file size description, $q = quality function imageUpload($f, $ext, $nw, $nh, $mw, $mh, $nf, $fo, $des, $q){ //create image from uploaded file type if($ext=="jpg" || $ext=="jpeg" ){ $src = imagecreatefromjpeg($f); }else if($ext=="png"){ $src = imagecreatefrompng($f); }else{ $src = imagecreatefromgif($f); } //creates a list of the width and height of the image list($w,$h)=getimagesize($f); //sets the coordinates for resizing to 0 by default $dx = $dy = $sx = $sy = 0; //if new width and height are both 0 then a resize is not required so original dimensions need to be validated in case they exceed their max if($nw == 0 && $nh == 0){ if($w > $mw || $h > $mh){//checks if width or height are greater than their max list($w, $h) = checkSize($w, $mw, $h, $mh); } $nw = $w; $nh = $h; }else if($nw == $nh && $w !== $h){//this is for if the resized image needs to be squared but the original image is not a square //COORDS FUNCTION NEEDED HERE } $desext = "";//sets the description extension to "" by default if($des !== 0){//Checks if $des is set or not $desext .= "_".$des;//appends des to $desext ready to be appended to the filename } $foext = "";//sets the folder extension to "" by default if($fo !== 0){//Checks if $fo is set or not $foext .= $fo."/";//appends folder to $foext ready to be appended to the filename } $qv = 100;//sets the quality value to 100 percent by default if($q !== 0){//Checks if $q is set or not $qv .= $q;//sets the quality value to the passed value } $tmp=imagecreatetruecolor($nw,$nh); imagecopyresampled($tmp,$src,$dx,$dy,$sx,$sy,$nw,$nh,$w,$h); $fn = "images/".$foext.$nf.$desext.".jpg";//sets the final filename for upload imagejpeg($tmp,$fn,$qv);//uploads the file //empty variables and clear image imagedestroy($src); imagedestroy($tmp); } |
|||||||