views:

82

answers:

1

Using this upload script and it was working ok a week ago but when i checked it today it fails. I have checked writ privileges on the folder and it is set to 777 so don't think that is the problem. Anyone have a idea of what the problem can be?

this is the error

Warning: move_uploaded_file() [function.move-uploaded-file]: 
Unable to access replays/1275389246.ruse in 
/usr/home/web/wno159003/systemio.net/ruse.systemio.net/scripts/upload.php on line 95

my script is

    <?php

   require($_SERVER['DOCUMENT_ROOT'].'/xxxx/xxxx');
   $connection = @mysql_connect($db_host, $db_user, $db_password) or die("error connecting");
   mysql_select_db($db_name, $connection);

   $name = basename($_FILES['uploaded']['name']);
   $comment = $_POST["comment"];
   $len = strlen($comment);
   $username = $_POST["username"];
   $typekamp = $_POST["typekamp"];
   $date = time();


   $target = "replays/";
   $target .= basename($_FILES['uploaded']['name']);
   $maxsize = 20971520; // 20mb Maximum size of the uploaded file in bytes

// File extension control
// Whilelisting takes preference over blacklisting, so if there is anything in the whilelist, the blacklist _will_ be ignored
// Fill either array as you see fit - eg. Array("zip", "exe", "php")
$fileextensionwhitelist = Array("ruse"); // Whilelist (allow only)
$fileextensionblacklist = Array("zip", "exe", "php", "asp", "txt"); // Blacklist (deny)
$ok = 1;

if ($_FILES['uploaded']['error'] == 4)

{
   echo "<html><head><title>php</title></head>";
   echo '<body bgcolor="#413839" text="#ffffff">
   <p><B>info</b></p>';
   die("No file was uploaded");
}

if ($_FILES['uploaded']['error'] !== 0)
{
   echo "<html><head><title>php</title></head>";
   echo '<body bgcolor="#413839" text="#ffffff">
   <p><B>info</b></p>';
   die("An unexpected upload error has occured.");
}

// This is our size condition
if ($_FILES['uploaded']['size'] > $maxsize)
{
   echo "<html><head><title>php</title></head>";
   echo '<body bgcolor="#413839" text="#ffffff">
   <p><B>info</b></p>';
   echo "Your file is too large.<br />\n";
   $ok = 0;
}

// This is our limit file type condition
if ((!empty($fileextensionwhitelist) && !in_array(substr(strrchr($_FILES['uploaded']['name'], "."), 1), $fileextensionwhitelist)) || (empty($fileextensionwhitelist) && !empty($fileextensionblacklist) && in_array(substr(strrchr($_FILES['uploaded']['name'], "."), 1), $fileextensionblacklist)))
{
   echo "<html><head><title>php</title></head>";
   echo '<body bgcolor="#413839" text="#ffffff">
   <p><B>info</b></p>';
   echo "This type of file has been disallowed.<br />\n";
   $ok = 0;
}

// Here we check that $ok was not set to 0 by an error
if ($ok == 0)
{
   echo "<html><head><title>php</title></head>";
   echo '<body bgcolor="#413839" text="#ffffff">
   <p><B>info</b></p>';
   echo "Sorry, your file was not uploaded. Refer to the errors above.";
}

// If everything is ok we try to upload it
else
{
   if($len > 0)
    {      
       $target = "replays/".time().'.'."ruse";
      $name = time().'.'."ruse";
      $query = "INSERT INTO RR_upload(ID, filename, username, comment, typekamp, date) VALUES (NULL, '$name', '$username','$comment', '$typekamp' ,'$date')";

      if (file_exists($target))
      {
         $target .= "_".time().'.'."ruse";
         echo "<html><head><title>php</title></head>";
         echo '<body bgcolor="#413839" text="#ffffff">
         <p><B>info</b></p>';
         echo "File already exists, will be uploaded as ".$target;
      }

      mysql_query($query, $connection) or die (mysql_error());

      echo "<html><head><title>php</title></head>";
      echo '<body bgcolor="#413839" text="#ffffff">
      <p><B>info</b></p>';
      echo (move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))

      ? "The file ".basename( $_FILES['uploaded']['name'])." has been uploaded. \n"
      : "Sorry, there was a problem uploading your file. <br>";
      echo "<br>Variable filename: ".$name;
      echo "<br>Variable name: ".$username;
      echo "<br>Variables comment: ".$comment;
      echo "<br>Variables date: ".$date;
      echo "<br>Var typekamp; ".$typekamp;
      echo "<br>Var target; ".$target;
      }
   else
   {
      echo "<html><head><title>php</title></head>";
      echo '<body bgcolor="#413839" text="#ffffff">
      <p><B>info</b></p>';
      echo"you have to put in comment/description";
   }

}
?>
+1  A: 

Assuming the "replays" directory is in the document root, does the warning persists if you replace this line :

$target = "replays/";

by this one :

$target = $_SERVER['DOCUMENT_ROOT']."replays/";

?

Benjamin Delichère
you made my day :) added $_SERVER['DOCUMENT_ROOT']."/replays/"; and all is good
Darkmage
glad to help, it also highlights the fact that we have to pay attention to the trailing slash's presence in the $_SERVER['DOCUMENT_ROOT'] environement variable
Benjamin Delichère