File upload not working, can't figure out why...
-
Hi all, first attempt to set up a file upload on web page. Pretty basic stuff, but my first try so can't see why it isn't working. Firstly I'm running on apache2 on a VPS debian 10 install. /etc/php/7.4/apache2/php.ini contains the following:
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
;upload_tmp_dir =; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 2M; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20index.html looks like this:
Select image to upload:
upload.php as follows:
- {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
} else {
echo "Sorry, there was an error uploadi - {
-
Hi all, first attempt to set up a file upload on web page. Pretty basic stuff, but my first try so can't see why it isn't working. Firstly I'm running on apache2 on a VPS debian 10 install. /etc/php/7.4/apache2/php.ini contains the following:
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
;upload_tmp_dir =; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 2M; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20index.html looks like this:
Select image to upload:
upload.php as follows:
- {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". htmlspecialchars( basename( $_FILES["fileToUpload"]["name"])). " has been uploaded.";
} else {
echo "Sorry, there was an error uploadi(groan...) directory wasn't set to be writeable.
sudo chmod 777 ./uploads
did the trick.
- {
-
(groan...) directory wasn't set to be writeable.
sudo chmod 777 ./uploads
did the trick.
Congratulations - you've just opened up a potential security vulnerability. You allow users to upload files to a folder which is set to allow any user to execute any file in that folder. Guess how long it will take for someone to upload and execute a virus on your server? :doh: https://linuxize.com/post/what-does-chmod-777-mean/[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
(groan...) directory wasn't set to be writeable.
sudo chmod 777 ./uploads
did the trick.
:laugh:, glad you figured it out. But you shouldn't chmod 777. That directory should only be writable by the Apache process. Also, it should not live in your document root.
/var/www
- website.com
- html
- index.php
- uploads
- some_file.pdf
- html
Jeremy Falcon
- website.com
