larger file upload problem with php

Question

I need to upload a csv file to a server. works fine for smaller files but when the file is 3-6 meg its not working.

$allowedExtensions = array("csv");
         foreach ($_FILES as $file) { 
            if ($file['tmp_name'] > '') { 
             if (!in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions)) { 

              die($file['name'].' is an invalid file type!<br/>'. '<a href="javascript:history.go(-1);">'. '&lt;&lt Go Back</a>'); 

             }
             if (move_uploaded_file($file['tmp_name'], $uploadfile)) {
                    echo "File is valid, and was successfully uploaded.\n";
                } else {
                    echo "Possible file upload attack!\n";
              }

             echo "File has been uploaded";



            } 

//upload form

 <form name="upload" enctype="multipart/form-data" action="<? echo $_SERVER['php_self'];?>?action=upload_process" method="POST">
                    <!-- MAX_FILE_SIZE must precede the file input field -->
                    <input type="hidden" name="MAX_FILE_SIZE" value="31457280" />
                    <!-- Name of input element determines name in $_FILES array -->
                    Send this file: <input name="userfile" type="file" />
                    <input type="submit" value="Send File" />
            </form>

I have also added this to htaccess

php_value upload_max_filesize 20M
php_value post_max_size 20M
php_value max_execution_time 200
php_value max_input_time 200

Where am i going wrong?

Answer 1

What is the value of $_FILES['userfile']['error']? Have a look here:

http://php.net/manual/en/features.file-upload.errors.php

Also, whats with this:

if ($file['tmp_name'] > '') { 

I don't think that's very healthy.

Answer 2

Check your php.ini file and see if upload_max_filesize in there is set higher than 3 MB, I don't know if the .htaccess has precedence over the php.ini.

The default upload limit on debian php5 is 2MB if I recall correctly, but I am not sure what system you are running on.

You can also check the php values if you create a file e.g. info.php and put it in the same directory as your "problem php script".

The file content should look like this <?php phpinfo(); ?>

This will give you all php relevant values referring to the directory you are in, hope it helps.

Answer 3

Just some suggestions to your code

• ($file['tmp_name'] > '') should be something like ( ! empty($file['tmp_name']))
• echoing "possible file upload attack" won't help anyone. If you believe it is a possible attack, log it to a file.
• The form action attribute, the $_SERVER['php_self'] should be capitalised because it is a constant, i.e. $_SERVER['PHP_SELF'].

Answer 4

Check your apache error logs and the error should be there?