move_uploaded_file() malfunctions!

@site-developerFeb 21.2019

Folks, Why my code not moving uploaded vid file to permanent directory ?
If you check the comments then you’ll see which line is failing to do what I want.

[code] <?php //Required PHP Files. include ‘header_account.php’; //Required on all webpages of the Site. ?>

<?php

if (!$conn) { $error = mysqli_connect_error(); $errno = mysqli_connect_errno(); print “$errno: $errorn”; exit(); }

if($_SERVER[“REQUEST_METHOD”] == “POST”) { //Check whether the file was uploaded or not without any errors. if(!isset($_FILES[“id_verification_video_file”]) && $_FILES[“id_verification_video_file”][“Error”] == 0) { $Errors = Array(); $Errors[] = “Error: ” . $_FILES[“id_verification_video_file”] [“ERROR”]; print_r($_FILES); ?><br><?php print_r($_ERRORS); exit(); } else { //Feed Id Verification Video File Upload Directory path. $directory_path = “uploads/videos/id_verifications/”; //Make Directory under $user in ‘uploads/videos/id_verifications’ Folder. if(!is_dir($directory_path . $user)) //IS THIS LINE CORRECT ? { $mode = “0777”; mkdir($directory_path . $user, “$mode”, TRUE); //IS THIS LINE CORRECT ? }

//Grab Uploading File details. $Errors = Array(); //SHOULD I KEEP THIS LINE OR NOT ? $file_name = $_FILES[“id_verification_video_file”][“name”]; $file_tmp = $_FILES[“id_verification_video_file”][“tmp_name”]; $file_type = $_FILES[“id_verification_video_file”][“type”]; $file_size = $_FILES[“id_verification_video_file”][“size”]; $file_error = $_FILES[‘id_verification_video_file’][‘error’]; //Grab Uploading File Extension details. $file_extension = pathinfo($file_name, PATHINFO_EXTENSION); if(file_exists(“$directory_path . $user/ . $file_name”)) //THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD GIVES THE ECHO THAT IS 26 LINES BELOW HERE: “Your Video File “$file_name” has been uploaded successfully!” //if(file_exists($directory_path . $user . ‘/’ . $file_name)) //THIS LINE IS NOT GIVING THE ERROR THAT FILE HAS ALREADY BEEN UPLOADED. INSTEAD SHOWING BLANK WHITE PAGE. { $Errors[] = “Error: You have already uploaded a video file to verify your ID!”; exit(); } else { //Feed allowed File Extensions List. $allowed_file_extensions = array(“mp4” => “video/mp4”); //Feed allowed File Size. $max_file_size_allowed_in_bytes = 1024*1024*1; //Allowed limit: 1MB. $max_file_size_allowed_in_kilobytes = 1024*1; $max_file_size_allowed_in_megabytes = 1; $max_file_size_allowed = “$max_file_size_allowed_in_bytes”; //Verify File Extension. if(!array_key_exists($file_extension, $allowed_file_extensions)) die(“Error: Select a valid video file format. Select an Mp4 file.”); //Verify MIME Type of the File. elseif(!in_array($file_type, $allowed_file_extensions)) { $Errors[] = “Error: There was a problem uploading your file $file_name! Make sure your file is an MP4 video file. You may try again.”; //IS THIS LINE CORRECT ? } //Verify File Type by CHECKING File MIME type. $finfo = finfo_open(); $fileinfo = finfo_file($finfo, $file_name, FILEINFO_MIME); finfo_close($finfo); echo “$finfo”;?><br><?php echo “$fileinfo”;?><br><?php if($fileinfo != ‘video/mp4; charset=binary’) { $Errors[] = “Error: There was a problem uploading your file $file_name! Make sure your file is an MP4 video file. You may try again.”; //IS THIS LINE CORRECT ? exit; } //Verify File Size. Allowed Max Limit: 1MB. elseif($file_size>$max_file_size_allowed) die(“Error: Your Video File Size is larger than the allowed limit of: $max_file_size_allowed_in_megabytes.”); //Move uploaded File to newly created directory on the server. move_uploaded_file(“$file_tmp”, “$directory_path” . “$user/” . “$file_name”); //why is this line not uploading the file to permanent “upload” directory ? //Notify user their Id Verification Video File was uploaded successfully. echo “Your Video File “$file_name” has been uploaded successfully!”; exit(); } } } ?>

<form METHOD=”POST” ACTION=”” enctype=”multipart/form-data”> <fieldset> <p align=”left”><h3><?php $site_name ?> ID Video Verification Form</h3></p> <div class=”form-group”> <p align=”left”<label>Video File: </label> <input type=”file” name=”id_verification_video_file” id=”id_verification_video_file” value=”uploaded ‘Id Verification Video File.'”></p> </div> </fieldset> <p align=”left”><button type=”submit” class=”btn btn-default” name=”id_verification_video_file_submit”>Submit!</button></p> </form>

</body> </html>

<?php include ‘footer_account.php’; //Required on all webpages of the Site. ?>

[/code]

This line is the problem:

[code] move_uploaded_file(“$file_tmp”, “$directory_path” . “$user/” . “$file_name”); //why is this line not uploading the file to permanent “upload” directory ? [/code]

to post a comment

PHP

6 Comments(s) _↴

@NogDogFeb 23.2019 — #Start by making sure PHP is telling you everything it knows:

[code=php]
 <?php 
 ini_set('dispaly_errors', true); // change to false in production
 error_reporting(E_ALL);
 
 // if this is required, then require() it:
 require 'header_account.php'; //Required on all webpages of the Site.
 
 // rest of script...
 [/code]

Tell us what errors are reported, what unexpected output you get, etc.

Also, consistent and correct indenting is a plus if you want people to read your code.

@rootFeb 24.2019 — #What the ....

if(!is_dir($directory_path . $user)) //IS THIS LINE CORRECT ?
 { 
 $mode = "0777"; 
 mkdir($directory_path . $user, "$mode", TRUE); //IS THIS LINE CORRECT ?
 }

You are giving a video file FULL ADMIN PRIVILEGES... ARE YOU UTTERLY STUPID?

All it takes is for someone to embed some exploit in to a file and call it a video but I have yet to see that you are actually checking the file type.

$type = mime_content_type( $filename ); will return for example, video/quicktime or video/3gp and so on if $filename was the path to the file, like the temporary upload location before the move command is issued.

WHAT YOU NEVER DO is give an uploaded file the ability to take over your server.

@site-developerauthorFeb 26.2019 — #@NogDog#1601207

I dont get any error. The file just not gets uploaded.

Error reporting is on in one of the included files:

<i>
 </i>//Required PHP Files. 
 include 'header_account.php'; //Required on all webpages of the Site.

@site-developerauthorFeb 26.2019 — #@root#1601208

Thanks. I have not got these file permissions memnorised. Probly copied the 0777 from some tutorial.

Anyway, I believe you want me to set it to 755. Right ?

https://www.dummies.com/web-design-development/wordpress/navigation-customization/how-to-change-file-permissions-using-filezilla-on-your-ftp-site/

As for this yo not like:

<i>
 </i>$type = mime_content_type( $filename );

Show me how you would code it.

I copied these codes from file upload tutorials. Good thing I brought the codes here as I now believe you guys are hinting the tutorial is outdated.

Anyway, still ....Show me how you would code it. Then, I can learn from you an updated snippet.

Cheers!

@rootFeb 27.2019 — #No, unless a file needs to, then a permission lower will be safer, like the owner has 100% access or in your case, the server which can create, read and write.

The users, as in your case, the scripts, have access to read / write but not create.

Others, or in your case, the visitors to your site, have read only access.

A file with a permission of 0644 will be readable, writable by the scripts and the server but if the directory was listed, it would be invisible.

In certain circumstances, this is helpful in adding some security to files AND FOLDERS as you apply that setting to a folder, it means anything in it, including the folder is invisible to anyone but the scripts and server.

SO USE THIS WISELY as you can run in to problems very quickly if you apply the wrong permission in the wrong way and you could lock yourself out of your site root and the hosting company will have to reset you and that might set you back a fair bit of billing as thats open season on people bricking their accounts.

YOU HAVE BEEN WARNED.

@site-developerauthorMar 14.2019 — #@root#1601293

Cheers!

But, I did not understand this last phrase: "open season on people bricking their accounts".

And, you suggest I set all my folders to 0644 (read & write only) permission ? That way, they stay invisible to humans but not to my scripts (localhost). Will they be invisible to remote scripts too such as .php scripts on my other websites or .exe softwares that need to access the folders for reading and writing ? Good question. Yes ?

Imagine, I have a .exe bot that conencts to my webserver's (vpn) port 3306 to dump data onto my website's mysql or files in those folders who's permission I just set to 0644. Would these folders be able to serve the files to my .exe bot and remote website scripts ? Same question the other way round (would my .exe bots and other remote website scripts be able to write to the files in these concerned folders) ?

Don't worry. My .exe bots will not be malicious. They'd be web browsers who dump your browsing histories onto my websites' databases (with your permission ofcourse).

Also in #PHP _↴

php not working on ubuntu month/year with concat/date_format in mysql query what is PHP.exe for???

Success!

Help @site-developer spread the word by sharing this article on Twitter...

Tweet This

move_uploaded_file() malfunctions!

6 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

move_uploaded_file() malfunctions!

6 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

6 Comments(s) _↴

Also in #PHP _↴