Problems uploading files in PHP

Question

Problems uploading files in PHP

Hi, I am trying to upload an image using php script. And that is really strange, I get the following error only in Internet Explorer everywhere. script works fine:

Warning: move_uploaded_file(pictures/) [function.move-uploaded-file]: failed to open stream: Is a directory in /home/tntauto1/public_html/admin_add1.php on line 59 Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/tmp/phpcJnHZE' to 'pictures/' in /home/tntauto1/public_html/admin_add1.php on line 59 Warning: copy() [function.copy]: The first argument to copy() function cannot be a directory in /home/tntauto1/public_html/admin_add1.php on line 60

Here is the Script:

 if(is_uploaded_file($_FILES['image']['tmp_name'])){ if($_FILES['image']['type'] == 'image/jpeg'){ $original = 'original_'.$v_id.'.jpg'; $large = 'large_'.$v_id.'.jpg'; $small = 'small_'.$v_id.'.jpg'; }elseif($_FILES['image']['type'] == 'image/gif'){ $original = 'original_'.$v_id.'.gif'; $large = 'large_'.$v_id.'.gif'; $small = 'small_'.$v_id.'.gif'; }else{ $error = 'Error: The image could not be uploaded. It must be in .jpg, .jpeg or .gif format.'; } if(move_uploaded_file($_FILES['image']['tmp_name'],'pictures/'.$large)){} copy('pictures/'.$large,'pictures/'.$small); $imgsize = getimagesize('pictures/'.$large); //>>>>>>>>>>>>>>>>>>>>>>>>>>>>---- Resize to 480 X 360 $width = $imgsize[0]; $height = $imgsize[1]; if(($width > 480) || ($height > 360)){//resize the image $ratio = $width / $height; if(100 / $ratio >= 80){//calculates if height of uploaded image is too large $new_width = floor(360 * $ratio); $new_height = 360; }elseif(150 * $ratio > 100){// calculate if width of uploaded image is too large $new_width = 480; $new_height = floor(480 / $ratio); } if($_FILES['image']['type'] == 'image/jpeg'){ $img = imagecreatefromjpeg('pictures/'.$large); $img_copy = imagecreatetruecolor($new_width,$new_height); imagecopyresampled($img_copy,$img,0,0,0,0,$new_width,$new_height,$width,$height); imagejpeg($img_copy,'pictures/'.$large,100); } if($_FILES['image']['type'] == 'image/gif'){ $img = imagecreatefromjpeg('pictures/'.$large); $img_copy = imagecreatetruecolor($new_width,$new_height); imagecopyresampled($img_copy,$img,0,0,0,0,$new_width,$new_height,$width,$height); imagejpeg($img_copy,'pictures/'.$large,100); } }

+1

php file-upload

Ross Oct 23 '09 at 17:21

source share

3 answers

 if($FILES['image']['type'] == 'image/jpeg'){

The variable containing the data for downloading files should be $_FILES . Since $FILES is an empty (only used) variable, your $large variable is also empty, so you move the file to pictures/ , which is a directory, just like PHP told you. Your $error should also contain an error message, since none of the ifs characters is true.

One way to avoid such errors is to develop with error_reporting set to E_ALL , which would display a notification that your variable $FILES (typo) is undefined.

+3

Marko Oct 23 '09 at 5:30 p.m.

source share

You cannot move the directory because $ large does not matter or reset.

0

CodeJoust Oct 23 '09 at 17:27

source share

bobince · Accepted Answer · 2009-10-23 17:53

 if($_FILES['image']['type'] == 'image/jpeg'){

Never rely on the MIME type sent by the browser.

In this case, your problem is that David refers to: IE usually (erroneously) supplies image/pjpeg for JPEG, so you discover an unknown file type and set $ error to Error: The image could not be uploaded. It must be in .jpg, .jpeg or .gif format. Error: The image could not be uploaded. It must be in .jpg, .jpeg or .gif format. ... but then, despite this, you still try to move the file anyway, despite the fact that the value is not set to $ small or $ large.

But more than that, the type passed by the browser is likely to be completely wrong. You cannot trust the downloaded file name or media type to make them suitable, so don't even bother checking them. Instead, look at $imgsize[2] after your call to getimagesize to see what type of PHP is considered an image.

And ... if you accept image downloads from regular users, you have a security issue. It is entirely possible to create a valid GIF (or other type of file) containing HTML tags. Then, when the bloody-dumb-IE arrives to access the GIF as a page on its own, it will detect the HTML tags, decide that the Content-Type you said should be wrong, and instead interpret it as an HTML page, including any javascript that then runs in the security context of your site.

If you need to allow downloading files from an untrusted source and you don’t process the images yourself (which is usually due to the side effect of removing unwanted HTML), you usually have to display your images from a different host name, avoid scripting them on your site.

Problems uploading files in PHP

More articles: