PHP: File Upload Error Msg

WebHelper Joined: 06 Apr 2002 Posts: 65

Greetings,

Anyone here able to provide the solution to my Qn posted at http://www.dtheatre.com/scripts/forums.php?action=displaythread&forum=help&id=38&forumstat=1&realm=default ?

I have read the document which addresses the "Warning: open_basedir restriction in effect. File is in wrong directory" issue at http://www.faqts.com/knowledge_base/view.phtml/aid/18472/fid/62
which states:
That is because the safe mode is turned on. Just use move_uploaded_file() instead of copy()

but I still not able to get the php script to work with move_uploaded_file(). After I have replaced copy() with move_uploaded_file() change, I get this error msg:

Warning: Unable to create '/usr/local/psa/home/vhosts/mydomainname/upload/pic01.jpg': No such file or directory in /usr/local/psa/home/vhosts/mydomainname/httpdocs/formmail.php on line 276

Warning: Unable to move '/tmp/phpnHlgla' to '/usr/local/psa/home/vhosts/mydomainname/upload/pic01.jpg' in /usr/local/psa/home/vhosts/mydomainname/httpdocs/formmail.php on line 276

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/mydomainname/httpdocs/formmail.php:276) in /usr/local/psa/home/vhosts/mydomainname/httpdocs/formmail.php on line 323

The original upload file portion code of the formmail.php in Qn is:

// prepare the content
$content = parse_form($HTTP_POST_VARS);

// check for a file if there is a file upload it
if ($file_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file_name;
if (file_exists($path_to_file.$file_name))
$location .= ".new";
copy($file,$location);
unlink($file);
$content .= "Uploaded File: ".$location."\n";
}
}

// second file.
if ($file2_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file2_name;
if (file_exists($path_to_file.$file2_name))
$location .= ".new";
copy($file2,$location);
unlink($file2);
$content .= "Uploaded File: ".$location."\n";
}
}

Pls advise on a solution. TIA.

Team Member Joined: 06 Jan 2002 Posts: 2564

Have you created the upload folder? Is it chmoded to 777?

WebHelper Joined: 06 Apr 2002 Posts: 65

Yes, I have created the upload folder in httpdocs and also chmoded to 777 from the original 644

Team Member Joined: 06 Jan 2002 Posts: 2564

Could you post the new version, just to check?

WebHelper Joined: 06 Apr 2002 Posts: 65

My script is hosted at 34SP, you may like to try the formmail.php if it works here.

OK, new version, replacing the original copy() with this move_uploaded_file():

// prepare the content
$content = parse_form($HTTP_POST_VARS);

// check for a file if there is a file upload it
if ($file_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file_name;
if (file_exists($path_to_file.$file_name))
$location .= ".new";
move_uploaded_file($file,$location);
unlink($file);
$content .= "Uploaded File: ".$location."\n";
}
}

// second file.
if ($file2_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file2_name;
if (file_exists($path_to_file.$file2_name))
$location .= ".new";
move_uploaded_file($file2,$location);
unlink($file2);
$content .= "Uploaded File: ".$location."\n";
}
}

Team Member Joined: 06 Jan 2002 Posts: 2564

The problem is that this path:

Quote:

Warning: Unable to create '/usr/local/psa/home/vhosts/mydomainname/upload/pic01.jpg'

is missing the "httpdocs" bit before the upload folder. Add that on and it should work! Wink

WebHelper Joined: 06 Apr 2002 Posts: 65

Did as you have suggested. This time error msg showed:

Warning: Unlink failed (No such file or directory) in /usr/local/psa/home/vhosts/mydomainname/httpdocs/formmail.php on line 277

Warning: Cannot add header information - headers already sent by (output started at /usr/local/psa/home/vhosts/mydomainname/httpdocs/formmail.php:277) in /usr/local/psa/home/vhosts/mydomainname/httpdocs/formmail.php on line 323

What's next?

Team Member Joined: 06 Jan 2002 Posts: 2564

What is on line 277? And what is the value of $file1 and $file2?

WebHelper Joined: 06 Apr 2002 Posts: 65

line 277:
$path_to_file = $path_to_file."/";

What is on line 277?

How do I check for value of $file1 and $file2?

I have extracted the relevant code (which include line 277) in my previous response.

Team Member Joined: 06 Jan 2002 Posts: 2564

OK, this is going nowhere. What does the error log have to say? Or could you just post/PM me the whole script?

WebHelper Joined: 06 Apr 2002 Posts: 65

Nothing of value is recorded on the server access_log and error_log for this script. Appended below is the original script. You may like to try it out and let me know if you can get it to work.

<?
/*
##############################################################################
# PLEASE DO NOT REMOVE THIS HEADER!!!
#
# COPYRIGHT NOTICE
#
# FormMail.php v4.1b
# Copyright 2000,2001 Ai Graphics and Joe Lumbroso (c) All rights reserved.
# Created 07/06/00 Last Modified 08/06/2001
# Joseph Lumbroso, http://www.aigraphics.com, http://www.dtheatre.com
# http://www.lumbroso.com/scripts/
##############################################################################
#
# This cannot and will not be inforced but I would appreciate a link back
# to any of these sites:
# http://www.dtheatre.com
# http://www.aigraphics.com
# http://www.lumbroso.com/scripts/
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
# THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
#
##############################################################################
*/

// formmail version (for debugging mostly)
$version = "4.1b";

// referers.. domains/ips that you will allow forms to
// reside on.
$referers = array ('yourdomain.com','www.yourdomain.com','216.64.145.194');

// banned emails, these will be email addresses of people
// who are blocked from using the script (requested)
$banlist = array ('*@somedomain.com', 'user@domain.com', 'etc@domains.com');

// our mighty error function..
function print_error($reason,$type = 0) {
global $version;
build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet);
// for missing required data
if ($type == "missing") {
?>
The form was not submitted for the following reasons:
<ul><?
echo $reason."\n";
?></ul>
Please use your browser's back button to return to the form and try again.<?
} else { // every other error
?>
The form was not submitted because of the following reasons:
<?
}
echo " \n";
echo "This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!</a>\n\n";
exit;
}

// function to check the banlist
// suggested by a whole lot of people.. Thanks
function check_banlist($banlist, $email) {
if (count($banlist)) {
$allow = true;
foreach($banlist as $banned) {
$temp = explode("@", $banned);
if ($temp[0] == "*") {
$temp2 = explode("@", $email);
if (trim(strtolower($temp2[1])) == trim(strtolower($temp[1])))
$allow = false;
} else {
if (trim(strtolower($email)) == trim(strtolower($banned)))
$allow = false;
}
}
}
if (!$allow) {
print_error("You are using from a banned email address.");
}
}

// function to check the referer for security reasons.
// contributed by some one who's name got lost.. Thanks
// goes out to him any way.
function check_referer($referers) {
if (count($referers)) {
$found = false;
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
for ($x=0; $x < count($referers); $x++) {
if (eregi ($referers[$x], $referer)) {
$found = true;
}
}
if (!getenv("HTTP_REFERER"))
$found = false;
if (!$found){
print_error("You are coming from an unauthorized domain.");
error_log("[FormMail.php] Illegal Referer. (".getenv("HTTP_REFERER").")", 0);
}
return $found;
} else {
return true; // not a good idea, if empty, it will allow it.
}
}
if ($referers)
check_referer($referers);

if ($banlist)
check_banlist($banlist, $email);

// parse the form and create the content string which we will send
function parse_form($array) {
// build reserved keyword array
$reserved_keys[] = "MAX_FILE_SIZE";
$reserved_keys[] = "required";
$reserved_keys[] = "redirect";
$reserved_keys[] = "email";
$reserved_keys[] = "require";
$reserved_keys[] = "path_to_file";
$reserved_keys[] = "recipient";
$reserved_keys[] = "subject";
$reserved_keys[] = "bgcolor";
$reserved_keys[] = "text_color";
$reserved_keys[] = "link_color";
$reserved_keys[] = "vlink_color";
$reserved_keys[] = "alink_color";
$reserved_keys[] = "title";
$reserved_keys[] = "missing_fields_redirect";
$reserved_keys[] = "env_report";
if (count($array)) {
while (list($key, $val) = each($array)) {
// exclude reserved keywords
$reserved_violation = 0;
for ($ri=0; $ri<count($reserved_keys); $ri++) {
if ($key == $reserved_keys[$ri]) {
$reserved_violation = 1;
}
}
// prepare content
if ($reserved_violation != 1) {
if (is_array($val)) {
for ($z=0;$z<count($val);$z++) {
$content .= "$key: $val[$z]\n";
}
} else {
$content .= "$key: $val\n";
}
}
}
}
return $content;
}

// mail the content we figure out in the following steps
function mail_it($content, $subject, $email, $recipient) {
mail($recipient, $subject, $content, "From: $email\r\nReply-To: $email\r\nX-Mailer: DT_formmail");
}

// take in the body building arguments and build the body tag for page display
function build_body($title, $bgcolor, $text_color, $link_color, $vlink_color, $alink_color, $style_sheet) {
if ($style_sheet)
echo "<LINK rel=STYLESHEET href=\"$style_sheet\" Type=\"text/css\">\n";
if ($title)
echo "<title>$title</title>\n";
if (!$bgcolor)
$bgcolor = "#FFFFFF";
if (!$text_color)
$text_color = "#000000";
if (!$link_color)
$link_color = "#0000FF";
if (!$vlink_color)
$vlink_color = "#FF0000";
if (!$alink_color)
$alink_color = "#000088";
if ($background)
$background = "background=\"$background\"";
echo "<body bgcolor=\"$bgcolor\" text=\"$text_color\" link=\"$link_color\" vlink=\"$vlink_color\" alink=\"$alink_color\" $background>\n\n";
}

// check for a recipient email address and check the validity of it
// Thanks to Bradley miller (bradmiller@accesszone.com) for pointing
// out the need for multiple recipient checking and providing the code.
$recipient_in = split(',',$recipient);
for ($i=0;$i<count($recipient_in);$i++) {
$recipient_to_test = trim($recipient_in[$i]);
if (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,3}$", $recipient_to_test)) {
print_error("I NEED VALID RECIPIENT EMAIL ADDRESS ($recipient_to_test) TO CONTINUE");
}
}

// This is because I originally had it require but too many people
// were used to Matt's Formmail.pl which used required instead.
if ($required)
$require = $required;
// handle the required fields
if ($require) {
// seperate at the commas
$require = ereg_replace( " +", "", $require);
$required = split(",",$require);
for ($i=0;$i<count($required);$i++) {
$string = trim($required[$i]);
// check if they exsist
if((!(${$string})) || (!(${$string}))) {
// if the missing_fields_redirect option is on: redirect them
if ($missing_fields_redirect) {
header ("Location: $missing_fields_redirect");
exit;
}
$require;
$missing_field_list .= "Missing: $required[$i] \n";
}
}
// send error to our mighty error function
if ($missing_field_list)
print_error($missing_field_list,"missing");
}

// check the email fields for validity
if (($email) || ($EMAIL)) {
$email = trim($email);
if ($EMAIL)
$email = trim($EMAIL);
if (!eregi("^[_\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\.)+[a-z]{2,3}$", $email)) {
print_error("your email address is invalid");
}
$EMAIL = $email;
}

// check zipcodes for validity
if (($ZIP_CODE) || ($zip_code)) {
$zip_code = trim($zip_code);
if ($ZIP_CODE)
$zip_code = trim($ZIP_CODE);
if (!ereg("(^[0-9]{5})-([0-9]{4}$)", trim($zip_code)) && (!ereg("^[a-zA-Z][0-9][a-zA-Z][[:space:]][0-9][a-zA-Z][0-9]$", trim($zip_code))) && (!ereg("(^[0-9]{5})", trim($zip_code)))) {
print_error("your zip/postal code is invalid");
}
}

// check phone for validity
if (($PHONE_NO) || ($phone_no)) {
$phone_no = trim($phone_no);
if ($PHONE_NO)
$phone_no = trim($PHONE_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $phone_no)) {
print_error("your phone number is invalid");
}
}

// check phone for validity
if (($FAX_NO) || ($fax_no)) {
$fax_no = trim($fax_no);
if ($FAX_NO)
$fax_no = trim($FAX_NO);
if (!ereg("(^(.*)[0-9]{3})(.*)([0-9]{3})(.*)([0-9]{4}$)", $fax_no)) {
print_error("your fax number is invalid");
}
}

// prepare the content
$content = parse_form($HTTP_POST_VARS);

// check for a file if there is a file upload it
if ($file_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file_name;
if (file_exists($path_to_file.$file_name))
$location .= ".new";
copy($file,$location);
unlink($file);
$content .= "Uploaded File: ".$location."\n";
}
}

// second file.
if ($file2_name) {
if ($file_size > 0) {
if (!ereg("/$", $path_to_file))
$path_to_file = $path_to_file."/";
$location = $path_to_file.$file2_name;
if (file_exists($path_to_file.$file2_name))
$location .= ".new";
copy($file2,$location);
unlink($file2);
$content .= "Uploaded File: ".$location."\n";
}
}

// if the env_report option is on: get eviromental variables
if ($env_report) {
$env_report = ereg_replace( " +", "", $env_report);
$env_reports = split(",",$env_report);
$content .= "\n------ eviromental variables ------\n";
for ($i=0;$i<count($env_reports);$i++) {
$string = trim($env_reports[$i]);
if ($env_reports[$i] == "REMOTE_HOST")
$content .= "REMOTE HOST: ".$REMOTE_HOST."\n";
else if ($env_reports[$i] == "REMOTE_USER")
$content .= "REMOTE USER: ". $REMOTE_USER."\n";
else if ($env_reports[$i] == "REMOTE_ADDR")
$content .= "REMOTE ADDR: ". $REMOTE_ADDR."\n";
else if ($env_reports[$i] == "HTTP_USER_AGENT")
$content .= "BROWSER: ". $HTTP_USER_AGENT."\n";
}
}

// if the subject option is not set: set the default
if (!$subject)
$subject = "Form submission";

// send it off
mail_it(stripslashes($content), stripslashes($subject), $email, $recipient);

// if the redirect option is set: redirect them
if ($redirect) {
header ("Location: $redirect");
exit;
} else {
print "Thank you for your submission\n";
echo " \n";
echo "This form is powered by <a href=\"http://www.lumbroso.com/scripts/\">Jack's Formmail.php $version!</a>\n\n";
exit;
}

// <---------- THE END ----------> //

Team Member Joined: 06 Jan 2002 Posts: 2564

I still don't see where $path_to_file is coming from... It isn't defined anywhere in the posted script...

WebHelper Joined: 06 Apr 2002 Posts: 65

The script can be downloaded at
http://www.dtheatre.com/scripts/formmail?PHPSESSID=6f2daec7d9c67d99985ce3a76dc3e611

Take a look at the above webpage.

Below is the extrected documentation on the file upload portion:

--------------------------------------------------------------------------------

Field: file

Description: Allows you to allow the user upload a file the sends you the file name.

REQUIRED

If you are using the file option it is crucial to include the ENCTYPE="multipart/form-data" in the form field.
Example Here

path_to_file - This is the path which the file will be uploaded to. Must be a direct path to your directory. ie: "/www/yourname/filedir/"

RECOMMENDED

MAX_FILE_SIZE - (case sensitive) hidden field must precede the file input field and it's value is the maximum filesize accepted. The value is in bytes.

Syntax: <input type="hidden" name="MAX_FILE_SIZE" value="1000000">

<input type="hidden" name="path_to_file" value="/www/dir_where_file_goes/">

<input type="file" name="file">

--------------------------------------------------------------------------------

Field: file2

Description: I received a lot of email asking how to handle additional file uploads, I added "file2" to show how easy it is:
Keep the same syntax as above, but append a "2" to the end of the file.

Advanced: to add addtional files copy the php functions (below) that handle the file upload for file2 and and change the "2"s to a "3" or anything else.

The PHP:

click here

--------------------------------------------------------------------------------

Team Member Joined: 06 Jan 2002 Posts: 2564

So what exactly have you set path_to_file to in your web page?

WebHelper Joined: 06 Apr 2002 Posts: 65