Hi all,

I know this topic get's covered all the time, but i've copied this code
direct from the online manual, and it still fails to work!!

My environment is PHP4.0.1, under FreeBSD.

To my knowledge, NONE of the php.ini file has been changed at all, and
the rest of PHP has been working finr for 6 months, although this is the
first time i've attempted file uploads.

This code is in the php manual:

The HTML form:
<FORM ENCTYPE="multipart/form-data" ACTION="upload.php" METHOD="POST">
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="5000">
Send this file: <INPUT NAME="userfile" TYPE="file"><BR>
<INPUT TYPE="submit" VALUE="Send File">

The PHP code (as I understand from the man page, PHP4 << 4.0.2 requires
different code.  Since i'm on 4.0.1, I've used this block of code, which
I believe is the correct code for my environment), copied accross line
for line.
/* Userland test for uploaded file. */ 
function is_uploaded_file($filename)    {
        if (!$tmp_file = get_cfg_var('upload_tmp_dir')) {
                $tmp_file = dirname(tempnam('', ''));
                $tmp_file .= '/' . basename($filename);
                /* User might have trailing slash in php.ini... */
                return (ereg_replace('/+', '/', $tmp_file) == $filename);

if (is_uploaded_file($userfile)) {
        copy($userfile, "/usr/local/share/doc/apache/tests/images");   
//changed this line for new file location
        echo "file uploaded successfully";                              //
added this line
        } else {
        echo "Possible file upload attack: filename '$userfile'.";

The Errors:
With the above code, I get this error when I submit:
Warning: Max file size exceeded - file [userfile] not saved in Unknown
on line 0
Possible file upload attack: filename 'none'. 

So I commented out <INPUT TYPE="hidden" name="MAX_FILE_SIZE"
value="5000"> in the HTML for the moment.  What does 5000 represent? 
Bytes?  KiloBytes?

With this line commented out, I get:
Possible file upload attack: filename '/var/tmp/phpzlv472'. 

The image i'm attempting to upload is a 44k GIF file from via Netscape
4.6 on a Mac, but I can't see that this is the problem, since I've never
been refused an upload at any website.

What I've tried:
I've read all the documentation I could find online
I've tried different permission settings for the target directory
I've looked for a simple upload script at all the usual PHP sites, but
couldn't find anything that wasn't mega complex.

I find it hard to believe it's the code that is the problem, since it's
copied striaght from the website, so maybe it's a problem on my server,
or something else i'm missing.  Any ideas?  What else SHOULD I add to
this code (once it's functional) to handle errors properly, etc etc.

Many thanks in advance
Justin French

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to