Re: Help with Multipart file uploading

Fri, 28 Sep 2007 12:57:28 -0700 

Never mind, I think I found it in the php code.
Cole Kelley wrote:

I'm trying to upload files to a PHP script on my server.

Here's the java code:
/*
* UploadDialog.java
*
* Created on September 10, 2007, 11:42 AM
*/

package com.irishgrin.fileuploader;

import java.io.*;
import java.net.*;
import java.lang.Integer;
import java.lang.String;
import java.util.*;
import java.text.NumberFormat;

import org.apache.commons.httpclient.*;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.multipart.FilePart;
import org.apache.commons.httpclient.methods.multipart.MultipartRequestEntity; 
import org.apache.commons.httpclient.methods.multipart.Part;
import org.apache.commons.httpclient.params.HttpMethodParams;

/**
*
* @author  Cole
*/
public class UploadDialog extends javax.swing.JDialog
{
File[] files; 
  // Keep track of failed uploads
  ArrayList<String> failed_uploads = new ArrayList<String>();
long totalBytes = 0; 
  long totalBytesTransfered = 0;
private NumberFormat nf = NumberFormat.getInstance(); Thread m_thread; String url; 
  String filenameVarName;
Integer tempServerPort; 
  public void myError(String message)
  {
     System.out.println(message);
  }
/** Creates new form UploadDialog */ public UploadDialog(java.awt.Frame parent, boolean modal, File[] files, String url, String filenameVarName) 
  {
     super(parent, modal);
     this.files = files;
     initComponents();
         url = "http://www.irishgrin.com/javatest/upload.php";;
         m_thread = Thread.currentThread();
             m_status.setText("Calculating upload size: ");
     for(int i = 0; i < files.length; i++)
     {
        totalBytes += files[i].length();
        m_status.setText("Calculating upload size: " + totalBytes);
     }
         int kbytes = (int)(totalBytes/1024L);
     progressTotal.setMaximum(kbytes);
         this.filenameVarName = filenameVarName;
     this.url = url;
     //beginUpload(url, filenameVarName);
  }
public void upload() 
  {
     beginUpload();
  }
private void beginUpload() 
  {
     m_status.setText("Starting upload...");
         for(int i = 0; i < files.length; i++)
     {
        PostMethod filePost = new PostMethod(url);
filePost.getParams().setBooleanParameter(HttpMethodParams.USE_EXPECT_CONTINUE, false); 
               try
        {
           Part[] parts = {
              new FilePart("userfile", files[i])
           };
                     filePost.setRequestEntity(
new MultipartRequestEntity(parts, filePost.getParams()) 
                   );
                     HttpClient client = new HttpClient();
           client.getHttpConnectionManager().
                   getParams().setConnectionTimeout(5000);
           m_status.setText("Uploading " + files[i].getName());
           int status = client.executeMethod(filePost);
           if (status == HttpStatus.SC_OK)
           {
              System.out.println(
files[i].getName() + " - Upload complete, response=" + filePost.getResponseBodyAsString() 
                      );
//ta.append("Transfer resulted: " + filePost.getResponseBodyAsString() + "\n\n"); 
           }
           else
           {
              System.out.println(
files[i].getName() + " - Upload failed, response=" + HttpStatus.getStatusText(status) 
                      );
//ta.append("Transfer resulted: " + HttpStatus.getStatusText(status) + "\n\n"); 
           }
           totalBytesTransfered += files[i].length();
           progressTotal.setValue((int)(totalBytesTransfered/1024L));
                  }
        catch (Exception ex)
        {
System.out.println("ERROR: " + ex.getClass().getName() + " "+ ex.getMessage()); 
           ex.printStackTrace();
        }
        finally
        {
           filePost.releaseConnection();
        }
           }
  }

 ...              }

And the PHP:
<?php
  $uploaddir = '$_SERVER[DOCUMENT_ROOT]/javastuff/';

$logfile = fopen("$_SERVER[DOCUMENT_ROOT]/javastuff/written.html", "w+");
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) { 
       $content = "File is valid, and was successfully uploaded.\n";
   fwrite($logfile, $content);
   echo "OK";
} else {
   $content = "Possible file upload attack!\n";
   fwrite($logfile, $content);
   echo "ERROR";
}
fclose($logfile);

?>



When I upload a file, it returns this:
mountain.png - Upload complete, response=<br />
<b>Warning</b>: move_uploaded_file($_SERVER[DOCUMENT_ROOT]/javatest/mountain.png) [<a href='function.move-uploaded-file'>function.move-uploaded-file</a>]: failed to open stream: No such file or directory in <b>/home/irishgri/public_html/javatest/upload.php</b> on line <b>7</b><br /> 
<br />
<b>Warning</b>: move_uploaded_file() [<a href='function.move-uploaded-file'>function.move-uploaded-file</a>]: Unable to move '/tmp/phpxrtMEx' to '$_SERVER[DOCUMENT_ROOT]/javatest/mountain.png' in <b>/home/irishgri/public_html/javatest/upload.php</b> on line <b>7</b><br /> 
ERROR

And the log file naturally says: Possible file upload attack!


Is there something I am missing?

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to