Latest Announcemnent
New thread

working on an upload script... but having problems...

Status
Not open for further replies.
M

Mr. Goodie2Shoes

Active Member
74
2012
11
0
okay, for example, this is my domain: mydomain.com and the upload is in mydomain.com/admin/upload.php and its password protected...
I'll be selecting a file and then from my database, the script will get the IP of a totally different server where the files will be uploaded... here's the part of the script:
PHP: 
if(isset($_FILES['file']) && isset($_REQUEST['subject']) && isset($_REQUEST['year'])){
    $subjectinfo = mysql_query("SELECT * FROM ~something~ where subject_code='".$_REQUEST['subject']."'", DBH);
    $subjectinforow = mysql_fetch_array($subjectinfo);
    $filename = $_REQUEST['subject'].' - '.$subjectinforow['subject_name'].' - '.$_REQUEST['year'].'.zip';
    $checkiffileexist = mysql_query("SELECT * FROM ~something~ WHERE file_name='".$filename."'", DBH);
    if(mysql_num_rows($checkiffileexist)){
        $fileexists = TRUE;
    }else{
    $filesize = $_FILES['file']['size'];
    $newkey = generatekey($_SESSION['config']['file_key_length']);
    $checkkey = mysql_query("SELECT * FROM ~something~ WHERE file_key='".$newkey."'", DBH);
    while(mysql_num_rows($checkkey)){
        $newkey = generatekey($_SESSION['config']['file_key_length']);
    }
    $server = $subjectinforow['server_ip'];    
    $location = 'D:/downloadables/docs/'.$_REQUEST['subject'].'/'.$_REQUEST['year'].'.zip';
    $result = mysql_query("INSERT INTO ~something~ (file_key, file_name, server_ip, file_location, file_size, file_hits) VALUES ('".$newkey."', '".$filename."', '".$server."', '".$location."', '".$filesize."', '0')", DBH);
    $ch = curl_init('http://'.$server.'/~something~');
    $post = '&pass=~something~';
    $post = '&file='.$_FILES['file'];
    $post = '&subject'.$_POST['subject'];
    $post = '&year'.$_POST['year'];
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_exec($ch);
    curl_close($ch);
    }
}
I think this part of the code is working perfectly... and the upload script located in the server:
PHP: 
switch($_REQUEST['pass']){
    case '~something~':
        $maindir = 'D:/downloadables/docs/';
        $uploaddir = $maindir.$_POST['subject'];
        if (!file_exists($uploaddir))
            @mkdir($uploaddir);
        move_uploaded_file($_FILES['file']['tmp_name'], $uploaddir.'/'.$_POST['year'].'.zip');
        break;
    default:
        header('Location: http://~something~');
        break;
}
any kinda help will be really appreciated :)
 
4 comments
The first bug which i see from the code is this:
PHP: 
$post = '&pass=~something~';
    $post = '&file='.$_FILES['file'];
    $post = '&subject'.$_POST['subject'];
    $post = '&year'.$_POST['year'];
  • Assignment Operator
  • &year and &subject needs to have "=" after them
So those lines in your code to something like this and it should work:
PHP: 
$post = array(
   'file' => '@' . $_FILES['file']['tmp_name'],
   'subject' => $_POST['subject'],
   'year' => $_POST['year']
 );
 
Last edited:
Using '@' before a local file path generates a array of file with these details: name, type, tmp_name, error, size. Then curl process the data in the post request.
You can also try to use $_FILES['file'] instead of prefixing it like '@' . $_FILES['file']['tmp_name'] because the array created on the latter one is same.
 
okay... so I moved the scripts to my main server and the file server... the main server is working perfectly, sending the file and info vip cURL and adding a MySQL row... but there's no file in the file server... through phpinfo(), I found that suhosin is enabled... is that the problem?
 
Status
Not open for further replies.
Back
Top