Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Upload Restrictions For txt File Not working

  1. #1
    Join Date
    Sep 2011
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default Upload Restrictions For txt File Not working

    Hi all, and thank you in advance for your time!

    When running this code's upload form, uploaded a "Resume.txt." file, the code always jumps to printing "Invalid file" It does not do so if i remove all of the file type restrictions. I don't know what I am doing wrong, since it allows "text/plain" files.

    When the restrictions are not even there though the output is :

    Upload:
    Type:
    Size: 0 Kb
    Temp file:
    already exists.

    But there is no file in the uploads folder already existing. I am quite confused. Any explanations for these would be most appreciated! Thank you.

    Code:
    if ((($_FILES["file"]["type"] == "image/gif")
    		|| ($_FILES["file"]["type"] == "image/jpeg")
    		|| ($_FILES["file"]["type"] == "image/pjpeg")
    		|| ($_FILES["file"]["type"] == "text/plain"))
    		&& ($_FILES["file"]["size"] < 20000))
    	  {
          if ($_FILES["file"]["error"] > 0) {
              echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
          }
          else {
              echo "Upload: " . $_FILES["file"]["name"] . "<br />";
              echo "Type: " . $_FILES["file"]["type"] . "<br />";
              echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
              echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
             
              if (file_exists("upload/" . $_FILES["file"]["name"])) {
                  echo $_FILES["file"]["name"] . " already exists. ";
              } else {
                 
                  if (move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"])) {
                      echo "The file " . basename($_FILES['file']['name']) . " has been uploaded";
                  } else {
                      
                      echo "There was an error uploading the file, please try again!";
                  }
                  echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
              }
          }
      } else {
          echo "Invalid file";
      }

  2. #2
    Join Date
    Jul 2010
    Location
    Minnesota
    Posts
    256
    Thanks
    1
    Thanked 21 Times in 21 Posts

    Default

    Honestly I did not try to figure out your issue but from looking at the code I can tell you that it is completely insecure. Here is a link to a tutorial on how to do file upload safely and secured - http://www.youtube.com/phpacademy#p/u/21/DM0gjYVPZgE

  3. #3
    Join Date
    Sep 2011
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Thank you very much for the tip, as obviously I am a PHP beginner.

    This code is an alteration form tutorials found online. It just so happens that my next step in the tuts, after getting the upload to work is to learn to secure it, so thank you again for the link and I will be moving to that chapter immediately!

    Before I move on to that I would love to figure this out and get the upload working. Are there any thoughts on it?

    I will be sure to thoroughly learn the securing process after squaring this away, as it is clear that security is extremely important yet still overlooked concept.

    Thank you again for you time!

  4. #4
    Join Date
    Jul 2010
    Location
    Minnesota
    Posts
    256
    Thanks
    1
    Thanked 21 Times in 21 Posts

    Default

    Try this instead, you don't need to put each file check in (), just the group
    PHP Code:
    (($_FILES["file"]["type"] == "image/gif"
            
    || $_FILES["file"]["type"] == "image/jpeg"
            
    || $_FILES["file"]["type"] == "image/pjpeg"
            
    || $_FILES["file"]["type"] == "text/plain")
            && (
    $_FILES["file"]["size"] < 20000)) 

  5. #5
    Join Date
    Sep 2011
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Thank you, those were not necessary parentheses. Unfortunately I get the same result sill.

    When i remove these 3 lines, it works. These 3 are not validating the tst file i am uploading, but they look correct.
    Code:
    || $_FILES["file"]["type"] == "image/jpeg"
    || $_FILES["file"]["type"] == "image/pjpeg"
    || $_FILES["file"]["type"] == "text/plain")

  6. #6
    Join Date
    Jul 2010
    Location
    Minnesota
    Posts
    256
    Thanks
    1
    Thanked 21 Times in 21 Posts

    Default

    If you are having issues with just the .txt file type, try echoing the file type to the page and make sure it's actually text/plain and not some other spelling or type. I have run into that with image types before cause IE would give it a different name than firefox.

  7. #7
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    what is your test file like? After uploading a gibberish .txt file to a copy of your (unaltered) script, I get the following output:
    Code:
    Upload: testfile.txt
    Type: text/plain
    Size: 0.611328125 Kb
    Temp file: /tmp/phpkJ9c3n
    The file testfile.txt has been uploadedStored in: upload/testfile.txt

  8. #8
    Join Date
    Sep 2011
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    What?! Well I suppose that's good, it means it's working. But I still don't get a successful upload!

    I tried many files. txt files, php files, html files . None of them work. Tried in both chrome and firefox out of desperation.

    How did you upload it without the html form? Did you hardcode the file to be uploaded? Perhaps the problem lies in the form I am using.

  9. #9
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    I just wrote my own form and named the file input according to your code. Looked like this:
    HTML Code:
    <form enctype="multipart/form-data" method="POST">
        <input type="file" name="file">
        <input type="submit" value="submit">
    </form>
    Last edited by traq; 09-30-2011 at 04:31 PM.

  10. #10
    Join Date
    Sep 2011
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Default

    Weird, it's still not working even with your code. This is my html, is there something wrong with it that has to do with the upload not working?

    Code:
    <!DOCTYPE html>
    <html lang="en">
    
    <head>
    	<meta charset="utf-8">
    
    	<meta http-equiv="x-ua-compatible" content="ie=edge">
    	<!--[if lt IE 9]>
    	<script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script>
    	<![endif]-->
    
    	<title></title>
    	<meta name="description" content="">
    	<base href="/">
    
    	<!-- for mobile devices -->
    	<meta name="viewport" content="width=device-width, initial-scale=1.0">
    
    	<link rel="stylesheet" href="stylesheet/reset.css">
    	<link rel="stylesheet" href="stylesheet/stylesheet.css">
    </head>
    
    <body>
    <h1>Registration</h1>
    <h2>Enter your information below.</h2>
    <form action="Slides03_ex1_process.php" method=post>
    <table border = 0>
    <tr>
    	<td>Name</td>
    	<td align="left"><input type="text" name="name" size="30" maxlength=30"></td>
    </tr>
    <tr>
    	<td>Email</td>
    	<td align="left"><input type="text" name="email" size="30" maxlength="30"></td>
    </tr>
    
    <td>
    <form name="myform" enctype="multipart/form-data" action="Slides03_ex1_process.php">
    <input name="upload" type="file">
    </FORM>
    </td>
    
    <tr>
    	<td colspan="2" align="center"><input type="submit" value="Submit Order"></td>
    </tr>
    </table>
    </form>
    
    
    </body>

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •