Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PHP Help


  • Please log in to reply
10 replies to this topic

#1 KamakaZ

KamakaZ

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:03:02 AM

Posted 02 February 2009 - 09:14 PM

Found this script on the web:

Upload.php
<?php
 
if ((($_FILES["file"]["type"] == "image/gif")
 
|| ($_FILES["file"]["type"] == "image/jpeg")
 
|| ($_FILES["file"]["type"] == "image/pjpeg"))
 
&& ($_FILES["file"]["size"] < 20000))
 
  {
 
  if ($_FILES["file"]["error"] > 0)
 
	{
 
	echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
 
	}
 
  else
 
	{
 
	echo "Upload: " . $_FILES["file"]["name"] . "<br />";
 
	echo "Type: " . $_FILES["file"]["type"] . "<br />";
 
	echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
 
	echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";	if (file_exists("uploads/" . $_FILES["file"]["name"]))
 
	  {
 
	  echo $_FILES["file"]["name"] . " already exists. ";
 
	  }
 
	else
 
	  {
 
	  move_uploaded_file($_FILES["file"]["tmp_name"],
 
	  "upload/" . $_FILES["file"]["name"]);
 
	  echo "Stored in: " . "uploads/" . $_FILES["file"]["name"];
 
	  }
 
	}
 
  }
 
else
 
  {
 
  echo "Invalid file";
 
  }
 
?>

But no matter what I upload it always errors with the “invalid file” message.

This is the form i'm using to call the upload.php file


<form enctype="multipart/form-data" action="upload.php" method="POST">
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


BC AdBot (Login to Remove)

 


#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:02 AM

Posted 02 February 2009 - 09:50 PM

Just to be clear, the "Invalid file" message is not an error; it is a signal that the initial 'if' condition is not being met. So do you mean that you are just getting the "Invalid file" message, or are you truly getting an error?

The way to troubleshoot that is to simply echo the type of file before it goes into the for loop just to see what is really going on. It might not be what you think. So borrowing another snippet pf code from the same place, add this code before the 'if' statement:
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
	echo "Type: " . $_FILES["file"]["type"] . "<br />";

My guess is that the type may be different than what you are checking.

#3 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:03:02 AM

Posted 02 February 2009 - 09:54 PM

Your right, the IF statment is not being met. That is the message i am getting when trying to upload a file.

Inserted the echo statements mentioned above, this is the output:

Upload: Blue hills.jpg
Type: image/pjpeg
Invalid file

any idea's?

I added var_dump($FILES) to the end of the file and it came back with the result NULL

Where do i go from here?

Edited by KamakaZ, 02 February 2009 - 10:49 PM.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:02 AM

Posted 03 February 2009 - 07:24 AM

You need to figure out why the conditional is not being met, and it could be something as simple as a space being included after the file type. Start with a much simpler 'if' statement that only checks for 1 file type and see if you can get that to work.

#5 InterestinglyAverage

InterestinglyAverage

  • Members
  • 111 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:12:02 PM

Posted 03 February 2009 - 09:11 AM

Also note that the initial conditional which gives the "invalid file" message is checking the file size as well. You may want to add this line to the the beginning after the two checks groovicus had you add:
echo "Size: " . $_FILES["file"]["size"] . "(should be less than 20000)<br />";

The only way to learn anything is to question everything.

#6 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:02 AM

Posted 03 February 2009 - 10:25 AM

Good point. 20K is pretty small.

#7 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:03:02 AM

Posted 03 February 2009 - 05:25 PM

Good point with the file size, i put the extra line in there that echoed the file size. returned this result

Upload: background.gif
Type: image/pjpeg
Size: 25243(should be less than 20000)
Invalid file
NULL

which does show that the condition was not being met. But, even if i changed the file size in the if to 30000, i still get the invalid file message. Now i think of it, isn't there a setting in php.ini for max size of a uploaded file? Maybe that is set really small.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#8 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:02 AM

Posted 03 February 2009 - 05:35 PM

Good thought, but if that were the case, then it wouldn't be making it to your script at all.

#9 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:03:02 AM

Posted 03 February 2009 - 06:03 PM

bugger...

so is it safe to say that the file size is causing the problem? I tried taking out the line so all i had was

<?php

if ($_FILES["file"]["type"] == "image/gif")

  {

  if ($_FILES["file"]["error"] > 0)

...
...

but it still gave me the invalid file message. And before anyone asks the obvious, yes i did try upload a *.gif file.

Edited by KamakaZ, 03 February 2009 - 06:06 PM.

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.


#10 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:10:02 AM

Posted 03 February 2009 - 06:47 PM

Then obviously whatever is being returned is not comparable like the code sample expects.Try this before the for loop:
echo "Type: " . $_FILES["file"]["type"] . "<--<br />";
If there is a space after teh file type is returned, then you know that is the problem. If that fails, then then another thing to try is to try this:
$fileType = $_FILES["file"]["type"];
Then in your if statement, do the following:
if($fileType == "image/gif")

Or of that doesn't work, you can use the strstr function to see if the string contains "gif", "jpg", etc., or better yet, see if the string contains 'image', since that is common in all three cases.
http://us.php.net/strstr

Or you can rewrite the function to get the extension from the file name and see if it matches one of the three cases. Or you can put a javascript function on the web page (which is a better idea anyway), and use it to validate the file upload.


There are dozens of different ways to go about this.

#11 KamakaZ

KamakaZ
  • Topic Starter

  • Members
  • 739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria
  • Local time:03:02 AM

Posted 03 February 2009 - 08:37 PM

Ok, the first option we had already put in the php file, which did not show a space after the file type.

now i have changed the if totally to:

if (($fileType == "image/gif")
|| ($fileType == "image/pjpeg")
|| ($fileType == "image/jpeg"))

how would i add in an exception for .zip files?

Do you know where i could go to find a list like this?

There's no place like 127.0.0.1
There are 10 types of people in the world, those that can read binary, and those who can't.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users