0

I have following html form:

<form enctype="multipart/form-data" method="post" action="image_upload_script.php?u=<?php echo $u; ?>">
<div id="dropzone">
    <div>Drop Files Here Or Click To Browse</div>
    <input name="upload" id="upload" class="button" type="file" />
</div>
<input type="submit" id="uplbtn" value="Upload"/>
</form>

and this is the relevant php section:

$fileName = $_FILES["upload"]["name"]; 
$u = $_GET['u'];
$fileTmpLoc = $_FILES["upload"]["tmp_name"];
$fileType = $_FILES["upload"]["type"]; 
$fileSize = $_FILES["upload"]["size"]; 
$fileErrorMsg = $_FILES["upload"]["error"]; 
$kaboom = explode(".", $fileName); 
$fileExt = end($kaboom); 

print_r($_FILES);
if (!$fileTmpLoc) { 
    echo "ERROR: Please browse for a file before clicking the upload button.";
    exit();
} else if($fileSize > 5242880) { 
    echo "ERROR: Your file was larger than 5 Megabytes in size.";
    unlink($fileTmpLoc); 
    exit();
} else if (!preg_match("/.(gif|jpg|png)$/i", $fileName) ) {
     echo "ERROR: Your image was not .gif, .jpg, or .png.";
     unlink($fileTmpLoc); 
     exit();
} else if ($fileErrorMsg == 1) { 
    echo "ERROR: An error occured while processing the file. Try again.";
    exit();
}
$moveResult = move_uploaded_file($fileTmpLoc, "/var/www/domain.com/public_html/static_domain/upload/Images/$fileName");
if ($moveResult != true) {
 $error = error_get_last();
    echo "ERROR: $error[message]";
    unlink($fileTmpLoc); 
    exit();
}

This delivers the following feedback from the php:

Array ( [upload] => Array ( [name] => 1961 Impala factory photo 3a.jpg [type] => image/jpeg [tmp_name] => /tmp/phpSOhr6N [error] => 0 [size] => 46396 ) ) ERROR: move_uploaded_file(): Unable to move '/tmp/phpSOhr6N' to '/var/www/domain.com/public_html/static_domain/upload/Images/1961 Impala factory photo 3a.jpg'

It just doesn't move it to the tmp - I tested this by commenting out the unlink in the php to see if it still would sit there if I checked, but no such luck :( All the involved folders have 0777 permission and www-data is the owner of each one of them and tmp is also fully free at 1777. It displays this behavior as well when the form file and the php file are living in the same folder on my https-static domain as well as in a subdomain without https (for now). What am I doing wrong here? Is there something I forgot? Your help would be greatly appreciated. Thanks!

Mare Gaea
  • 37
  • 1
  • 7
  • Who is the owner of the folder in the destination? You might want to change using `chown`. – Terry Nov 02 '16 at 23:35
  • Possible duplicate of [PHP Warning: move\_uploaded\_file() unable to move](http://stackoverflow.com/questions/13723174/php-warning-move-uploaded-file-unable-to-move) – Terry Nov 02 '16 at 23:36
  • I actually did try what it says in the post you refer to, but that didn't do the trick either. The owner of the destination folder is www-data (it's on a linux server) and has all the rights, ie 0777. Thanks! – Mare Gaea Nov 02 '16 at 23:49
  • NB: it was actually due to that article that I had my sysadmin change ownership of the destination file. Oh and I did comment out the unlink (tempfile) in order to prevent it being deleted straightaway, but in the /tmp folder there is no copy to be found. So my best guess is that it doesn't even move it to the temp folder. – Mare Gaea Nov 02 '16 at 23:52
  • what is the purpose of the in the file action of the form? for my solution below can you make sure that you change that to to be sure nothing related to that being empty is problematic please? – WEBjuju Nov 03 '16 at 00:08
  • maybe you should try to change file name to `something_without_space`. – Quy Truong Nov 03 '16 at 12:07
  • it's not an issue @quytruong i can use the code with a filename with spaces and it works fine outputting **Array ( [upload] => Array ( [name] => 1961 Impala factory photo 3a.png [type] => image/png [tmp_name] => /tmp/phpo35n3q [error] => 0 [size] => 7255 ) ) ** – WEBjuju Nov 03 '16 at 12:08

2 Answers2

2

Try changing 

$moveResult = move_uploaded_file($fileTmpLoc, "/var/www/domain.com/public_html/static_domain/upload/Images/$fileName");

to

$moveResult = move_uploaded_file($fileTmpLoc, $fileName);

to see if it moves it into the current folder. If it won't go in the current folder, try a relative path (assuming here that your image_upload_script.php is in public_html/static_domain)

$moveResult = move_uploaded_file($fileTmpLoc, 'upload/Images/'.$fileName);

update

try this just before the move_uploaded_file line:

if (! is_writable("/var/www/domain.com/public_html/static_domain/upload/Images/")) {
  die('sorry the web server does not have permission to write to /var/www/domain.com/public_html/static_domain/upload/Images/');
}
WEBjuju
  • 5,797
  • 4
  • 27
  • 36
  • Sorry for the late reply - the $u is for the username to be added somewhere else, not relevant to the actual file upload other than to determine to which folder the uploaded file has to go after being uploaded to the images folder. I did try both of your options and neither did the trick :( Thanks for your reply though! – Mare Gaea Nov 03 '16 at 06:43
  • i used your code snippet and it does upload the image. so, it's not your code. it could be permissions or it could be a hosting restriction. where do you host? – WEBjuju Nov 03 '16 at 12:02
  • btw, you don't have to unlink($fileTmpLoc); as php will clean that up for you – WEBjuju Nov 03 '16 at 12:07
  • Sorry for getting back so late at you guys, but it was rather busy at work, so I didn't get a chance to do so early. As for my hoster - I have 4 vps's at Digital Ocean, 1 prod, 1 dev, 1 db and 1 backup server. – Mare Gaea Nov 03 '16 at 15:48
  • Thanks a lot for your answers! – Mare Gaea Nov 03 '16 at 15:49
  • did you try the is_writable function before the move_uploaded_file call? – WEBjuju Nov 03 '16 at 16:40
  • Yes I did, and I also changed the code to Ali's suggestions, but it still is giving me the same bleeding error message :( I will try to catch my sys admin tonight and see if he can change permissions once more. Btw, I am using a tunnel to log into my dev server for security reasons - could this be blocking the whole circus? – Mare Gaea Nov 03 '16 at 20:40
  • Thanks a million guys, it's resolved! Turns out it was a typo in the path :/ I will upvote all of you guys as appreciation for trying to help me - very much appreciated! – Mare Gaea Nov 03 '16 at 21:48
  • @maregaea if the is_writable uncovered the file path error, please mark that as the solution to help others find their file path error, too. – WEBjuju Nov 04 '16 at 11:48
  • Ok, will do - sorry forgot in my enthousiasm that this is finally resolved :) Thanks a million from Ireland! – Mare Gaea Nov 04 '16 at 19:23
1

Your code should be as below.

$u                  = $_GET['u'];
$fileTmpLoc         = $_FILES["upload"]["tmp_name"];
$fileType           = $_FILES["upload"]["type"];
$fileSize           = $_FILES["upload"]["size"];
$fileErrorMsg       = $_FILES["upload"]["error"];
$kaboom             = explode(".", $fileName);
$fileExt            = end($kaboom);
$fileName           = uniqid() . ".$fileExt"; // $_FILES["upload"]["name"];
$strDestinationPath = "/var/www/domain.com/public_html/static_domain/upload/Images";
if (!$fileTmpLoc)
{
    echo "ERROR: Please browse for a file before clicking the upload button.";
    exit();
}
else if ($fileSize > 5242880)
{
    echo "ERROR: Your file was larger than 5 Megabytes in size.";
    unlink($fileTmpLoc);
    exit();
}
else if (!preg_match("/.(gif|jpg|png)$/i", $fileName))
{
    echo "ERROR: Your image was not .gif, .jpg, or .png.";
    exit();
}
else if ($fileErrorMsg == 1)
{
    echo "ERROR: An error occured while processing the file. Try again.";
    exit();
}
elseif (is_writable($strDestinationPath))
{
    $moveResult = move_uploaded_file($fileTmpLoc, "$strDestinationPath/$fileName");
    if ($moveResult != true)
    {
        $error = error_get_last();
        echo "ERROR: $error[message]";
        exit();
    }
}
else
{
    exit("Directory does not exist or it's not writable");
}
AsgarAli
  • 2,201
  • 1
  • 20
  • 32