sk8er0i Posted June 15, 2006 Posted June 15, 2006 So I have setup an FTP script to allow a user to upload a file via a web browser to my server. It all works and the file appears on the screen and in the directory on the server the only problem is that there isn't any actual data in the file. It appears to be there, but when you open it it's just a 0kb file with no text or anything. Any ideas? Here is my code...Thanks! >if ($_POST["action"] == "add") { // Get all the POST data $ftp_server='ftp.jonkinney.com';//serverip $conn_id = ftp_connect($ftp_server); // login with username and password $user="username"; $passwd="password"; $login_result = ftp_login($conn_id, $user, $passwd); // check connection if ((!$conn_id) || (!$login_result)) { header("Location: http://www.jonkinney.com/stichabrossite/managedownloads.php?error=FTP connection has failed!<br />Attempted to connect to $ftp_server for user $ftp_user_name"); die; } else { //directory switching if (downloadtype_id == "1"){ $directory = "mixes"; } else { $directory = "files"; } ftp_chdir($conn_id, "public_html/stichabrossite/downloads/$artistname/$directory"); $destination_file= "$filename"; // upload the file $upload = ftp_put($conn_id, $destination_file, $source_file, FTP_BINARY); // check upload status if (!$upload) { header("Location: http://www.jonkinney.com/stichabrossite/managedownloads.php?error=Upload has failed!"); } else { mysql_query("INSERT INTO Downloads (Title, Description, DownloadType_id , Filename, Artist) VALUES ('$title', '$description', '$downloadtype_id', '$filename', '$artistname')", $connection); header("Location: http://www.jonkinney.com/stichabrossite/managedownloads.php?error=Uploaded local file to $ftp_server as $destination_file"); } // close the FTP stream ftp_close($conn_id); } Quote
TCH-Bruce Posted June 15, 2006 Posted June 15, 2006 Welcome to the forums sk8er0i. Sorry I don't have an answer for you but I do have to ask that you make sure if you are allowing uploads to your site that you test for extensions and only allow safe file types to be uploaded. Maybe one of our family members will have some ideas for you. Quote
carbonize Posted June 15, 2006 Posted June 15, 2006 Why use FTP and not just upload the file using HTTP ? Quote
Guest tohaet Posted June 15, 2006 Posted June 15, 2006 (edited) Welcome to the forums sk8er0i! And good day to ya. Are users just uploading from their PC to your TCH space? If so, this FTP script probably isn't the way you should be going about it. You should use the http file upload handling functions i would suggest: http://uk2.php.net/features.file-upload Regarding your FTP script, you are FTPing a local file (that is a file in your space) to the FTP server ftp.jonkinney.com, if they are the same, how is the user's file becoming a local file on TCH? If all the above is wrong, can you explain where $source_file is set and where it comes from. Edited June 15, 2006 by tohaet Quote
Steve Scrimpshire Posted June 16, 2006 Posted June 16, 2006 I actually created a simple image upload script some time ago using the http file upload functions of PHP. Here it is: ><?php echo "<html><body> <!--- # Copyright (C) 2003 Steve Scrimpshire # email: admin@omarserenity.com # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # http://www.gnu.org/copyleft/gpl.html#SEC1 # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -->" $uploaddir = 'uploads/'; // What is going to be the local file's name? $uploadfile = $uploaddir . basename($_FILES['image']['name']); $picture = $_FILES['image']['name']; // We can't handle files with a space in the name... if ($picture == ""){ echo "You tried to send a file with a space in the name, didn't you?!<br>"; die('Windows user!'); } // We told them PNG format only. See if they listened. if (!ereg('.png$', $picture)){ echo "I said PNG and here you go trying to send $picture!<br>"; die('Bad hacker!'); } // See if they tried to be sneaky and just change the file extension $whatever = $_FILES['image']['type']; $stuff = $_FILES['image']['tmp_name']; $size = getimagesize($stuff); if ($size['mime'] != "image/png") { echo 'You think you can change the extension and fool me?<br>'; die('Stupid hacker!'); } if ($_FILES['image']['type'] != "image/png"){ echo "You expect me to believe that is a PNG???"; die('Really bad hacker!'); } // We required a maximum size... $width = $size[0]; $height = $size[1]; if ($height > 500){ echo "That's $height pixels tall!<br>"; die('What do you expect me to do with an image that huge? It has to be smaller than 500 pixels high!'); } if ($width > 400){ echo "That's $height pixels wide!<br>"; die('What do you expect me to do with an image that huge? It has to be smaller than 400 pixels wide!'); } // They passed all our tests, so let's just upload the thing... echo '<pre>'; if (move_uploaded_file($_FILES['image']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo "</pre></body></html>" ?> And the HTML to post to this: ><html><body> <form enctype="multipart/form-data" action="upload.php" method="POST"> <!-- MAX_FILE_SIZE must precede the file input field --> <input type="hidden" name="MAX_FILE_SIZE" value="2200000" /> <!-- Name of input element determines name in $_FILES array --> PNG Image to Convert: <input name="image" type="file" /> <input type="submit" value="Send File" /> </form></body></html> Hope this gives you the idea. Quote
carbonize Posted June 16, 2006 Posted June 16, 2006 Are you going to impose any restrictions on whats uploaded? Security will be an issue for you though so I do recommend not allowing such files as php. If the files are just to be downloaded by users and not viewed you could use something like SMF where the file name has additional text added to change the file name. You could append a word to the end of the extension such as STOP (ie .php becomes .phpSTOP) then remove the word STOP when displaying the file listing and have all files downloaded via the PHP script. Quote
sk8er0i Posted June 16, 2006 Author Posted June 16, 2006 You should use the http file upload handling functions i would suggest: http://uk2.php.net/features.file-upload I have been trying to implement this http file upload and while testing I keep getting a permissions error... Warning: move_uploaded_file(/home/jdkistm/catspjsgigs.txt): failed to open stream: Permission denied in /home/jdkistm/public_html/httpupload.php on line 9 Warning: move_uploaded_file(): Unable to move '/tmp/phpLXwcAY' to '/home/jdkistm/catspjsgigs.txt' in /home/jdkistm/public_html/httpupload.php on line 9 Possible file upload attack! Here is some more debugging info:Array ( [userfile] => Array ( [name] => catspjsgigs.txt [type] => text/plain [tmp_name] => /tmp/phpLXwcAY [error] => 0 => 896 ) ) What do I need to put in the path for the tch server to play nice? Thanks for the help guys! -Jon Quote
carbonize Posted June 16, 2006 Posted June 16, 2006 Did you set the correct permissions on the target folder? Quote
sk8er0i Posted June 16, 2006 Author Posted June 16, 2006 (edited) Did you set the correct permissions on the target folder? Target folder is 777 does this look right? ><?php // In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead // of $_FILES. $uploaddir = '/home/jdkistm/public_html/stichabrossite/'; $uploadfile = $uploaddir . basename($_FILES['userfile']['name']); echo '<pre>'; ------------------------------------------------------------------------------------ if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) { ------------------------------------------------------------------------------------ echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo 'Here is some more debugging info:'; print_r($_FILES); print "</pre>"; ?> the isloated line by dashes in the code is what keeps giving me the permissions error in my previous post... >Warning: move_uploaded_file(/home/jdkistm/catspjsgigs.txt): failed to open stream: Permission denied in /home/jdkistm/public_html/httpupload.php on line 9 Warning: move_uploaded_file(): Unable to move '/tmp/phpLXwcAY' to '/home/jdkistm/catspjsgigs.txt' in /home/jdkistm/public_html/httpupload.php on line 9 Thanks again Edited June 16, 2006 by sk8er0i Quote
Guest tohaet Posted June 16, 2006 Posted June 16, 2006 /home/jdkistm/public_html/stichabrossite/ should be writable by all yes. However, in your warning, it misses out it all but /home/jdkistm/ ? Quote
sk8er0i Posted June 16, 2006 Author Posted June 16, 2006 /home/jdkistm/public_html/stichabrossite/ should be writable by all yes. However, in your warning, it misses out it all but /home/jdkistm/ ? the warning was copied from the previous post as just the general type of warning I get...here is exactly what is happening now. I have the the 2 php files in the same directory I'm trying to upload to and that directory has 777 permissions. So upload.php has the browse and send buttons and passes the data to the httpupload.php httpupload.php has the permissions error on line 9 that was shown in my previous post the error message with this configuration is: Warning: move_uploaded_file(/home/jdkistm/public_html/stichabrossite/catspjsgigs.txt): failed to open stream: Permission denied in /home/jdkistm/public_html/stichabrossite/httpupload.php on line 9 Warning: move_uploaded_file(): Unable to move '/tmp/phpQbpotH' to '/home/jdkistm/public_html/stichabrossite/catspjsgigs.txt' in /home/jdkistm/public_html/stichabrossite/httpupload.php on line 9 I'm puzzled... Thanks for looing at this! Quote
Steve Scrimpshire Posted June 17, 2006 Posted June 17, 2006 (edited) I have what may seem like a dumb question: Is there already a file called /home/jdkistm/public_html/stichabrossite/catspjsgigs.txt on your server? If so, that could be the error. The debugging info looks to me like there actually is no error: [error] => 0 And from your code and the permissions you say you have on the upload folder, it should work, unless there already is a file called catspjsgigs.txt in that upload folder. Edited June 17, 2006 by Steve Scrimpshire Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.