[PHP] Image upload form
Hi, After a disastrous first attempt (which uploaded images but only by chance) it was suggested I rework the entire thing. This one seems to check the file against getimagesize and if that doesn't prove false, check the type and make the extension then rename the file. But the moving part is not working, and it does not kick back any error, it just fails. Can anyone tell me what I am doing wrong, and also if this is sufficient to a) upload images safely and b) protect against tampering? Thanks in advance, JJ ?php error_reporting(E_ALL); $uploaddir = images/jpg/test/; // print_r($_FILES); $local_file = $_FILES['userfile']['tmp_name']; if (sizeof($local_file)) { //try to get image size; this returns false if this is not an actual image file. $image_test = getimagesize($local_file); if ($image_test !== false) { $mime_type = $_FILES['userfile']['type']; switch($mime_type) { case image/jpeg: $pext = 'jpg'; break; case image/tiff: $pext = 'tif'; break; default: echo The file you are trying to upload is an image, but it is not a tif or jpeg and therefore unacceptable.; } } else { echo The file you are trying to upload is not a valid image file; } $main_image = md5(date(l-F-j-Y i:s)).'.'.$pext; move_uploaded_file($main_image,$uploaddir); } ? form enctype=multipart/form-data action=?php echo $_SERVER['PHP_SELF']; ? method=POST input type=hidden name=MAX_FILE_SIZE value=30 / !-- Name of input element determines name in $_FILES array -- Cartoon: input name=userfile type=file / input type=submit value=Upload File / /form -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
Okay, I started seeing some of my mistakes. I am still having a great deal of trouble: newfile returns: 0fdae2e9e6aa43f067a9dd780a5a36a6.jpg image_file returns: images/jpg/test/0fdae2e9e6aa43f067a9dd780a5a36a6.jpg images/jpg/test is set to 777 but I still get (Could not move file to destination). What am I missing? Thanks! ?php error_reporting(E_ALL); $uploaddir = images/jpg/test/; print_r($_FILES); $local_file = $_FILES['userfile']['tmp_name']; if (sizeof($local_file)) { //try to get image size; this returns false if this is not an actual image file. $image_test = getimagesize($local_file); if ($image_test !== false) { $mime_type = $_FILES['userfile']['type']; switch($mime_type) { case image/jpeg: $pext = 'jpg'; break; case image/tiff: $pext = 'tif'; break; default: echo The file you are trying to upload is an image, but it is not a tif or jpeg and therefore unacceptable.; } } else { echo The file you are trying to upload is not a valid image file; } $newfile = md5(date(l-F-j-Y i:s)).'.'.$pext; $image_file = $uploaddir . $newfile; // print_r($newfile); // print_r($image_file); if(!move_uploaded_file($newfile,$image_file)) { echo 'Could not move file to destination'; exit; } else { echo 'image file ?php echo $newfile ? uploaded.'; } } ? form enctype=multipart/form-data action=?php echo $_SERVER['PHP_SELF']; ? method=POST input type=hidden name=MAX_FILE_SIZE value=30 / !-- Name of input element determines name in $_FILES array -- Cartoon: input name=userfile type=file / input type=submit value=Upload File / /form -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] Image upload form
Hello Jack, Wednesday, June 15, 2005, 5:38:11 PM, you wrote: JJ newfile returns: 0fdae2e9e6aa43f067a9dd780a5a36a6.jpg JJ image_file returns: JJ images/jpg/test/0fdae2e9e6aa43f067a9dd780a5a36a6.jpg JJ images/jpg/test is set to 777 but I still get (Could not move file to JJ destination). What am I missing? Thanks! This directory needs to be absolute - i.e. the COMPLETE path: /usr/home/jack/images/jpg/test Or similar - whatever it needs to be on your server. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
Richard Davey wrote: Hello Jack, Wednesday, June 15, 2005, 5:38:11 PM, you wrote: JJ newfile returns: 0fdae2e9e6aa43f067a9dd780a5a36a6.jpg JJ image_file returns: JJ images/jpg/test/0fdae2e9e6aa43f067a9dd780a5a36a6.jpg JJ images/jpg/test is set to 777 but I still get (Could not move file to JJ destination). What am I missing? Thanks! This directory needs to be absolute - i.e. the COMPLETE path: /usr/home/jack/images/jpg/test Thanks, Richard, Still no soap: I changed $uploaddir = /home/jack/public_html/amyportnoy/images/jpg/test; and $image_file = $uploaddir . '/' . $newfile; Now $image_file returns the valid path of: /home/jack/public_html/amyportnoy/images/jpg/test/09992d5379dd0a0cf376aab82241a66d.jpg but it still does not copy the file to that location. However the error has changed: if (is_uploaded_file($newfile)) { if(!move_uploaded_file($newfile,$image_file)) { echo 'Could not move file to destination'; exit; } else { echo 'image file ?php echo $newfile ? uploaded.'; } } else { echo 'Problem with ' . $newfile; } } And I'm getting an error message of Problem with 6a26590fb45fd86e58954ba91d5580a4.jpg So i guess it's not uploading for some reason? Here's the whole thing I have so far once again, with several mods: ?php error_reporting(E_ALL); $uploaddir = /home/jack/public_html/amyportnoy/images/jpg/test; print_r($_FILES); if ($_FILES['userfile']['error'] 0) { echo 'Problem: '; switch ($_FILES['userfile']['error']) { case 1: echo 'File exceeds maximum upload size limit (upload_max_filesize).'; break; case 2: echo 'File exceeds maximum size limit (max_file_size).'; break; case 3: echo 'File was only partially uploaded.'; break; case 4: echo 'No file was uploaded.'; break; }//end switch }//end if error 0 $local_file = $_FILES['userfile']['tmp_name']; if (sizeof($local_file)) { //try to get image size; this returns false if this is not an actual image file. $image_test = getimagesize($local_file); if ($image_test !== false) { $mime_type = $_FILES['userfile']['type']; switch($mime_type) { case image/jpeg: $pext = 'jpg'; break; case image/tiff: $pext = 'tif'; break; default: echo The file you are trying to upload is an image, but it is not a tif or jpeg and therefore unacceptable.; } } else { echo The file you are trying to upload is not a valid image file; } $newfile = md5(date(l-F-j-Y i:s)).'.'.$pext; $image_file = $uploaddir . '/' . $newfile; // print_r($newfile); print_r($image_file); if (is_uploaded_file($newfile)) { if(!move_uploaded_file($newfile,$image_file)) { echo 'Could not move file to destination'; exit; } else { echo 'image file ' . $newfile . 'uploaded.'; } } else { echo 'Problem with ' . $newfile; } } ? form enctype=multipart/form-data action=?php echo $_SERVER['PHP_SELF']; ? method=POST input type=hidden name=MAX_FILE_SIZE value=30 / !-- Name of input element determines name in $_FILES array -- Cartoon: input name=userfile type=file / input type=submit value=Upload File / /form -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
On Thursday 16 June 2005 00:38, Jack Jackson wrote: //try to get image size; this returns false if this is not an actual image file. $image_test = getimagesize($local_file); if ($image_test !== false) { $mime_type = $_FILES['userfile']['type']; $_FILES['userfile']['type'] contains the mime-type that is provided by the browser and will vary depending on browser and hence extremely unreliable. In fact the returned value from getimagesize() already has mime-type info, use that instead. $newfile = md5(date(l-F-j-Y i:s)).'.'.$pext; $image_file = $uploaddir . $newfile; // print_r($newfile); // print_r($image_file); if(!move_uploaded_file($newfile,$image_file)) { echo 'Could not move file to destination'; exit; } The file pointed to by $newfile doesn't exist. You need to move ... $local_file = $_FILES['userfile']['tmp_name']; ... $localfile -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
Yes, Jason, Those did it! Thanks so much for the help! Jason Wong wrote: On Thursday 16 June 2005 00:38, Jack Jackson wrote: //try to get image size; this returns false if this is not an actual image file. $image_test = getimagesize($local_file); if ($image_test !== false) { $mime_type = $_FILES['userfile']['type']; $_FILES['userfile']['type'] contains the mime-type that is provided by the browser and will vary depending on browser and hence extremely unreliable. In fact the returned value from getimagesize() already has mime-type info, use that instead. $newfile = md5(date(l-F-j-Y i:s)).'.'.$pext; $image_file = $uploaddir . $newfile; // print_r($newfile); // print_r($image_file); if(!move_uploaded_file($newfile,$image_file)) { echo 'Could not move file to destination'; exit; } The file pointed to by $newfile doesn't exist. You need to move ... $local_file = $_FILES['userfile']['tmp_name']; ... $localfile -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php