Member Avatar for rcasinillo_s

Good day!

Could you check this I got error messages:

Warning: chmod() [function.chmod]: No such file or directory in /eort/www/httcs/nah/eng/testing/upload.php on line 21

Warning: move_uploaded_file(http://www.nwafh.med.sa/Uploads/DSC00197_mail.jpg) [function.move-uploaded-file]: failed to create stream: HTTP wrapper does not support writeable connections. in /eort/www/httcs/nah/eng/testing/upload.php on line 22

Warning: move_uploaded_file() [function.move-uploaded-file]: Unable to move '/var/tmp/php.haqFa' to 'http://www.nwafh.med.sa/Uploads/DSC00197_mail.jpg' in /eort/www/httcs/nah/eng/testing/upload.php on line 22

Here is my code:

<?php
print "Hello";
if($submit){

$uploaddir = "http://www.nwafh.med.sa/Uploads/";
$filename = trim($_FILES);
//$filename = substr($filename, -20);
$filename = ereg_replace(" ", "", $filename);
if((ereg(".jpg", $filename)) || (ereg(".gif", $filename))) {
$uploadfile = $uploaddir . $filename;
print("File to upload is: $filename<br>");
print("Upload DIR is: $uploadfile<br>");
chmod($uploadfile, 766); //0644
$ro = move_uploaded_file($_FILES, $uploadfile);
if($ro){


print("File upload was successful");
} else {
print("File upload failed");
}
} else {
print("Only images are allowed (.jpg and .gif), upload failed");
}}
?>
<form enctype="multipart/form-data" method="post" action="upload.php">
Select file:
<input type="file" name="upfile">
<input name="hidden" type="hidden" id="hidden" value="r">
<input type="submit" name="submit" value="Upload">
</form>

Is there any configuration in PHP server to modify?

Regards,

Roland

  • 3 Contributors
  • 4 Replies
  • 252 Views
  • 3 Weeks Discussion Span
  • Latest Post Latest Post by paradox814

Recommended Answers

All 4 Replies

Member Avatar for paradox814

ok I see several things that could be wrong, but I am not on my work computer to check it, so try step 1, if nothing then try step 2.

but first I want you to be aware of a big security issue you have going on:
chmod is a powerful command, 766 is a lot of power for a guest/internet user, heck it's awfully suspicious for even the owner to have a 766 (rwxrw-rw-) image. Images are not executable, they should only be read from the server, that's all. Image permissions should be 644 (rw-r--r--). Now let me tell you how the security violation comes in, suppose i upload a script my-virus.jpg, linux doesn't care about extensions, if it's an executable it may try and execute it. Another thing you have wrong is this line:
if((ereg(".jpg", $filename)) || (ereg(".gif", $filename))) {
that means if I have a file called myfile.jpg.exe it will also upload because it matches your specs. So now if a windows user downloads it, then you would be spreading viruses.


1.)
Some webhosts do not allow you to use http:// for security purposes, try usign an absoluate path name instead
$uploaddir = "http://www.nwafh.med.sa/Uploads/";
change that to:
$uploaddir = '/eort/www/httcs/nah/eng/Uploads/';
or whatever directory you want it in.

2.)
chmod($uploadfile, 766); //0644
$ro = move_uploaded_file($_FILES, $uploadfile);
it looks like you are trying to change the permissions of the file before you move it, try swapping those two lines

Member Avatar for rcasinillo_s

paradox814
Junior Poster
Thanks for your help, but another error message comes up:
Warning: move_uploaded_file'/eort/www/httcs/nah/eng/Uploads/community.gif) [function.move-uploaded-file]: failed to create stream: Permission denied in '/eort/www/httcs/nah/eng/Uploads/upload.php on line 18

What it does mean?

roland

Member Avatar for DanceInstructor

It means the webserver doesn't have permission to write to the "Uploads" folder that you created. The webserver runs as a different user, so you will need to change permissions on the folder or chown (change ownership) of the folder to the webserver.

Yay me 200 posts :lol:

Member Avatar for paradox814

yes, you will probably have to change the folder to chmod 777 when you upload the file. But do not make the mistake of changing the file permission to 777, only the folder.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.