Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
Uploading an image

Posted by enquirer (enquirer), 14 September 2003
I have a problem with uploading an image to the database.  I've tried bits of code from various sources but to no avail.  Would be grateful if you could help.

and later ...
I've worked out that the problem is to do with where PHP uploads the file too.
 
PHP has a temp directory that it puts uploaded files into.  However, the problem I am getting is that although the file is uploaded ok and PHP will return information about the file , such as type, size, etc., it won't let me touch the file in any way, i.e., copy it, fopen it, etc.
 
This would seem to be an issue of permissions on the directory that PHP uses.
 
I note from looking at various forums, scripts and so on, that everyone is saying make sure the directory you are uploading too is chmod 777.  But if PHP is setting the temp directory to use, the people managing the servers seem reluctant to do this for security reasons.
 
Any thoughts?
 


Posted by admin (Graham Ellis), 14 September 2003
I've been looking at uploads - I did a sanity check for myself / wrote a test routine that works on my ISP's system - it follows at the end of this post.  Testable at http://www.wellho.net/demo/upload.php4.

I did note that you used $_FILE (singular) in the code you sent me by email, but the global variable is $_FILES ( plural), and I wondered - in spite of your further analysis that points at the ISP - whether this is something to do with the problem?  You might like to try my code, which should be domain and directory independent, to see if it works on your ISP; you would need to set the directory from which you run it as writable by the webserver, or create files called demopic.jpg, demopic.gif and demopic.png which are writable by the webserver.

I'm a little doubtful that the problem really is your ISP in the way you describe; if the file can be written to /tmp but not read back, that's a very odd set of permissions.  You are correct, though, that ISPs are very wary about giving public access to /tmp and it can often be an area that they're unwilling to support in PHP even if they support everything else.   As far as I can see, the file content does NOT turn up in your PHP in any global variables (it would ruin the whole point of the temporary file if it did), so IF your ISP really is the problem, I can't hold out much hope unless you can persuade them to make a change.    They might be happier to change their php.ini so that the upload_tmp_dir is somewhere else on their system and doesn't share with the systemwide /tmp directory, but they would still need to give it pretty public permisssions.   Just a thought.

Code:
<html>
<head><title>Upload file demo!</title></head>
<body bgcolor=white><h1>Upload file demo</h1>
<?php

// FORM COMPLETED - save uploaded file
//////////////////////////////////////

if ($_REQUEST[callid] == 2) {
       $userfile = $_FILES[uploadedimage][tmp_name];
       $filetype = $_FILES[uploadedimage][type];

       $upfile = fopen($userfile,"r");
       $picture = fread($upfile,filesize($userfile));
       if (ereg('^image/(gif|jpeg|pjpeg|png)$',$filetype,$ftype)) {
               $extn = array( "gif" => "gif", "jpeg" => "jpg",
                               "pjpeg" => "jpg", "png" => "png");
               $fho = fopen($fname = "demopic.".$extn[$ftype[1]],"w");
               fwrite ($fho,$picture);
               print ("Written <a href=$fname>$fname</a>");
       } else {
               print ("Not an image file");
       }
} else {

// OFFER FORM
/////////////

?>
Please select an image to upload:<br>
<form method="post" enctype="multipart/form-data">
Image name: <input type="file" name="uploadedimage" size="40"><br>
Image keywords <input size="40" name="keys"><br>
<input type=hidden name=callid value=2><input type=submit>
</form>
<?php } ?>

<hr>
Graham Ellis, <?php print(date("Y")); ?>
</body>
</html>




Posted by admin (Graham Ellis), 14 September 2003
(further question by email ...)

The code being run reports the file as having been uploaded to /var/tmp i.e., the master temp directory.  Do you think this is an issue?

(My Answer)

I don't think there's any way of you to override the temporary settings;  the master one is the one that comes with PHP and the local one is as set from the php.ini file.   The manual says

Quote:
Files will by default be stored in the server's default temporary directory, unless another location has been given with the upload_tmp_dir directive in php.ini. The server's default directory can be changed by setting the environment variable TMPDIR in the environment in which PHP runs. Setting it using putenv() from within a PHP script will not work. This environment variable can also be used to make sure that other operations are working on uploaded files, as well.


which doesn't point to any ways at all that gives you control ...

When you think of it, it's pretty unlikely that you could control from a .php page where the upload is to; after all, the upload is done before you script starts to run .... so  ini_set is of no help (and its manual confirms that you can set the variable in php.ini and httpd.conf only.)

Whether the files are in /tmp or /var/tmp won't make a huge difference as long as you can get the right permissions, and you're trying to access the right file in the right place (i.e. they're not mixed up in the code).   Perhaps your ISP would like to provide a /phpupload directory to keep uploads away from /tmp and /var/tmp, and run a cron job to clear any rubbish (files over 30 minutes old) out of that directory every hour or so.   You may pass on my suggestion.





This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho