Problems With File Upload Script

[bowlasoup2893]

Hi. I am building a website for some friends of mine, and i have an ideal site in mind. One of the features of this site, is for users to be able to upload photographs of whatever they want, and those photos are automatically put into a folder on the site. On the home page, i will put a link that leads to a little photo album where people can see all the pictures that have been uploaded. I browsed several forums looking for a code that would accomplish that, and uploaded them to my server, but none of them have worked. Obviously i must be doing something wrong, but i can't seem to figure out what. So if you have the time, please take a look at these files and tell me what is wrong with them-

upload.php

This is the file user's use to browse for their image.

CODE

<html>
<body>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="upload_ac.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td><strong>Single File Upload </strong></td>
</tr>
<tr>
<td>Select file
<input name="ufile" type="file" id="ufile" size="50" /></td>
</tr>
<tr>
<td align="center"><input type="submit" name="Submit" value="Upload" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>

</body>
</html>

upload_ac.php

This is where the picture is sent

CODE

<?php
//set where you want to store files
//in this example we keep file in folder upload
//$HTTP_POST_FILES['ufile']['name']; = upload file name
//for example upload file name cartoon.gif . $path will be upload/cartoon.gif
$path= "/upload/".$HTTP_POST_FILES['ufile']['name'];
if($ufile !=none)
{
if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path))
{
echo "Successful<BR/>";

//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
echo "File Name :".$HTTP_POST_FILES['ufile']['name']."<BR/>";
echo "File Size :".$HTTP_POST_FILES['ufile']['size']."<BR/>";
echo "File Type :".$HTTP_POST_FILES['ufile']['type']."<BR/>";
echo "<img src=\"$path\" width=\"150\" height=\"150\">";
}
else
{
echo "Error";
}
}
?>

upload (folder)

Where the images are finally stored


Some key points-

• All of the above files/folder are readable, writable, and executable.
• All of them are uploaded to the main directory. ie. the location of the folder is www.blahblah.vndv.com/upload

Whenever i try to upload something, it says-

CODE

Warning: copy() [function.copy]: SAFE MODE Restriction in effect. The script whose uid is 84661 is not allowed to access / owned by uid 0 in /www/vndv.com/f/a/r/farc-gaming/htdocs/upload_ac.php on line 9

Warning: copy(/upload/GEDC0052.JPG) [function.copy]: failed to open stream: No such file or directory in /www/vndv.com/f/a/r/farc-gaming/htdocs/upload_ac.php on line 9
Error

Note: The name of the file i was trying to upload is GEDC0052.JPG


Any suggestions are greatly appreciated.

[Ed]

CODE

$path= "/upload/".$HTTP_POST_FILES['ufile']['name'];

/upload means the upload directory in the root of the server, you don't have access to this, try:

CODE

$path= "./upload/".$HTTP_POST_FILES['ufile']['name'];

Notice the period at the beginning of the path, that then relates to the current directory, you would be better off specifying the entire path though.

[bowlasoup2893]

Ok i added it in, and tried uploading both a jpg image and a word document, but neither worked. I was browsing the forums earlier and noticed someone say that the the servers were in safe mode and that mail() was disabled. Does that have anything to do with this? Is copy() disabled too?



By the way, what do you mean "you would be better off specifying the entire path"?


Put...

CODE

http://www.blahblah.vndv.com/upload

?

[IamShipon1988]

What is is saying is that by placing the period at the beginning of the statement, you are telling the server to load all directories you list from that current folder in which you have the upload_ac.php file located. Without that statement, you would basically have to write out the entire location. So in your case, by adding that period in the front, you don't have to go through all that trouble.

The secondary method is something like this

CODE

$path = "/home/httpd/html/index.php";

Notice how you are starting off at the root directory.

[noxus]

CODE

if ( !empty( $_FILES['ufile']['name'] ) ) {

$path = "./uploads/";
$filename = $_FILES['ufile']['name'];

if ( move_uploaded_file( $path . $filename, $path . $filename )  && file_exists( $_FILES['ufile']['tmp_name'] ) ) {
            
unlink( $_FILES['ufile']['tmp_name'] );
            
}

}

php5 uses $_FILES

[kirandeore]

Didnt work for me either...basically the write permissions for the directory is disabled in safe mode and there is no way you enable it this sucks..

[Jetteh22]

Did you try:

$path = "/home/httpd/html/upload/".$HTTP_POST_FILES['ufile']['name'];

?

[KKStudios]

Warning: copy() [function.copy]: SAFE MODE Restriction in effect. The script whose uid is 84661 is not allowed to access / owned by uid 0 in /www/vndv.com/f/a/r/farc-gaming/htdocs/upload_ac.php on line 9

Warning: copy(/upload/GEDC0052.JPG) [function.copy]: failed to open stream: No such file or directory in /www/vndv.com/f/a/r/farc-gaming/htdocs/upload_ac.php on line 9
Error

The copy() function is turned off because safe mode is turned on.