Hi all, and thank you in advance for your time!

When running this code's upload form, uploaded a "Resume.txt." file, the code always jumps to printing "Invalid file" It does not do so if i remove all of the file type restrictions. I don't know what I am doing wrong, since it allows "text/plain" files.

When the restrictions are not even there though the output is :

Upload:
Type:
Size: 0 Kb
Temp file:
already exists.

But there is no file in the uploads folder already existing. I am quite confused. Any explanations for these would be most appreciated! Thank you.



if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg")
|| ($_FILES["file"]["type"] == "text/plain"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0) {
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else {
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"])) {
echo $_FILES["file"]["name"] . " already exists. ";
} else {

if (move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"])) {
echo "The file " . basename($_FILES['file']['name']) . " has been uploaded";
} else {

echo "There was an error uploading the file, please try again!";
}
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
} else {
echo "Invalid file";
}

Honestly I did not try to figure out your issue but from looking at the code I can tell you that it is completely insecure. Here is a link to a tutorial on how to do file upload safely and secured - http://www.youtube.com/phpacademy#p/u/21/DM0gjYVPZgE

Thank you very much for the tip, as obviously I am a PHP beginner.

This code is an alteration form tutorials found online. It just so happens that my next step in the tuts, after getting the upload to work is to learn to secure it, so thank you again for the link and I will be moving to that chapter immediately!

Before I move on to that I would love to figure this out and get the upload working. Are there any thoughts on it?

I will be sure to thoroughly learn the securing process after squaring this away, as it is clear that security is extremely important yet still overlooked concept.

Thank you again for you time!

Try this instead, you don't need to put each file check in (), just the group

(($_FILES["file"]["type"] == "image/gif"
|| $_FILES["file"]["type"] == "image/jpeg"
|| $_FILES["file"]["type"] == "image/pjpeg"
|| $_FILES["file"]["type"] == "text/plain")
&& ($_FILES["file"]["size"] < 20000))

Thank you, those were not necessary parentheses. Unfortunately I get the same result sill.

When i remove these 3 lines, it works. These 3 are not validating the tst file i am uploading, but they look correct.


|| $_FILES["file"]["type"] == "image/jpeg"
|| $_FILES["file"]["type"] == "image/pjpeg"
|| $_FILES["file"]["type"] == "text/plain")

If you are having issues with just the .txt file type, try echoing the file type to the page and make sure it's actually text/plain and not some other spelling or type. I have run into that with image types before cause IE would give it a different name than firefox.

what is your test file like? After uploading a gibberish .txt file to a copy of your (unaltered) script, I get the following output:

Upload: testfile.txt
Type: text/plain
Size: 0.611328125 Kb
Temp file: /tmp/phpkJ9c3n
The file testfile.txt has been uploadedStored in: upload/testfile.txt

What?! Well I suppose that's good, it means it's working. But I still don't get a successful upload!

I tried many files. txt files, php files, html files . None of them work. Tried in both chrome and firefox out of desperation.

How did you upload it without the html form? Did you hardcode the file to be uploaded? Perhaps the problem lies in the form I am using.

I just wrote my own form and named the file input according to your code. Looked like this:
<form enctype="multipart/form-data" method="POST">
<input type="file" name="file">
<input type="submit" value="submit">
</form>

Weird, it's still not working even with your code. This is my html, is there something wrong with it that has to do with the upload not working?


<!DOCTYPE html>
<html lang="en">

<head>
<meta charset="utf-8">

<meta http-equiv="x-ua-compatible" content="ie=edge">
<!--[if lt IE 9]>
<script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->

<title></title>
<meta name="description" content="">
<base href="/">

<!-- for mobile devices -->
<meta name="viewport" content="width=device-width, initial-scale=1.0">

<link rel="stylesheet" href="stylesheet/reset.css">
<link rel="stylesheet" href="stylesheet/stylesheet.css">
</head>

<body>
<h1>Registration</h1>
<h2>Enter your information below.</h2>
<form action="Slides03_ex1_process.php" method=post>
<table border = 0>
<tr>
<td>Name</td>
<td align="left"><input type="text" name="name" size="30" maxlength=30"></td>
</tr>
<tr>
<td>Email</td>
<td align="left"><input type="text" name="email" size="30" maxlength="30"></td>
</tr>

<td>
<form name="myform" enctype="multipart/form-data" action="Slides03_ex1_process.php">
<input name="upload" type="file">
</FORM>
</td>

<tr>
<td colspan="2" align="center"><input type="submit" value="Submit Order"></td>
</tr>
</table>
</form>


</body>

Weird, it's still not working even with your code. This is my html, is there something wrong with it that has to do with the upload not working?


<form name="myform" enctype="multipart/form-data" action="Slides03_ex1_process.php">
<input name="upload" type="file">
</FORM>

your form names the file "upload" while your php script is looking for a file named "file". (there's also no submit button, but I assume you're submitting it somehow.)

More importantly, your form is inside another form. This is invalid and will break in some browsers, and be (at best) unpredictable in others. Your file upload either needs to be part of the larger form, or you need to move the upload form outside of the larger form.

Originally Posted by traq

your form names the file "upload" while your php script is looking for a file named "file". (there's also no submit button, but I assume you're submitting it somehow.)

More importantly, your form is inside another form.

Thank you so much, that was exactly the problem! I learned a lot!

No problem.

If your question has been answered, please mark your thread "resolved":
On your original post (post #1), click [edit], then click [go advanced]. In the "thread prefix" box, select "Resolved". Click [save changes].