简体   繁体   English

PHP 上传脚本在新主机上无法正常运行

[英]PHP Upload Script not Functioning Properly with New Host

I have set up a php script which creates a directory and uploads a file to that directory.我设置了一个 php 脚本,它创建一个目录并将文件上传到该目录。 My issue is that when I use the script to create the directory, the file will not upload entirely.我的问题是,当我使用脚本创建目录时,文件不会完全上传。 I ran the exact same script on a different host and the upload process works just fine.我在不同的主机上运行了完全相同的脚本,上传过程运行良好。 Plus, if I manually create the upload directory and apply chmod 777 via ftp then the transfer works just fine.另外,如果我手动创建上传目录并通过 ftp 应用 chmod 777 则传输工作正常。 Could there be some sort of a setting with the hosting provider that needs to be altered to allow the function to work just right?是否需要更改托管服务提供商的某种设置以允许 function 正常工作?

Here is the upload form:这是上传表格:

<form action="/uploadFile.php" method="post"
enctype="multipart/form-data">
<label for="img_preview">Preview Image:</label>
<input type="file" name="img_preview" id="img_preview" />
<br />

<input type="hidden" name="id" value="newDirectory" />
<input type="submit" name="submit" value="Upload Flyer" />
</form>

Here is my PHP script (uploadFile.php):这是我的 PHP 脚本(uploadFile.php):

$thisdir = getcwd(); 
$new_dir = $_POST['id'];
$full_dir = $thisdir . "/upload/" . $new_dir;

function chk_dir($full_dir) {
if(is_dir($full_dir)) {
    echo 'welcome back';
} else {
    return mkdir($full_dir);
}

}
chk_dir($full_dir);
chmod($full_dir, 0777);
?>

<?php
//upload image

if ($_FILES["file"]["error"] > 0)
  {
  echo "Error: " . $_FILES["img_preview"]["error"] . "<br />";
  }
else
  {

  }
  //set image restrictions
?> 

<?php
if ((($_FILES["img_preview"]["type"] == "image/gif")
|| ($_FILES["img_preview"]["type"] == "image/jpeg")
|| ($_FILES["img_preview"]["type"] == "image/pjpeg"))
&& ($_FILES["img_preview"]["size"] < 80000))
  {
  if ($_FILES["img_preview"]["error"] > 0)
    {
echo "Please only upload an image for previewing (jpg or gif)...<br>
Also, check to         make     sure the filesize is less than 8MB" .          $_FILES["img_preview"]["error"] .     "<br />";
}
  else
{

//check the image into new directory
if (file_exists("upload/". $new_dir ."/". $_FILES["img_preview"]["name"]))
  {
  echo "It seems that " . $_FILES["img_preview"]["name"] . " already exists.";
  }
else
  {
  move_uploaded_file($_FILES["img_preview"]["tmp_name"],
  "upload/" . $_POST['id'] . "/" . $_FILES["img_preview"]["name"]);
  echo "image file has transferred successfully!";
      }
    }
  }
else
  {
  echo "Invalid file please contact for assistance.";
  }
?> 

Also, when I run the script no errors are produced and the file echos "image file has transferred successfully."此外,当我运行脚本时,不会产生错误,并且文件会回显“图像文件已成功传输”。 but then when I check for the file in the new location it is completely void.但是当我在新位置检查文件时,它是完全无效的。 Thank you for your time in this issue.感谢您在这个问题上的时间。

First of all, your script has a security hole.首先,您的脚本存在安全漏洞。 Never use passed $_POST data to create system directories.永远不要使用传递的 $_POST 数据来创建系统目录。 And never use 0777 for anything.永远不要将 0777 用于任何事情。

The move_uploaded_file() returns false on a failure and you would still get your success message even if it failed (in your code) move_uploaded_file() 在失败时返回 false ,即使失败(在您的代码中)您仍然会收到成功消息

Turn on display_errors and error logging and try again.打开 display_errors 和错误日志,然后重试。

you have used move_uploaded_file() independently.您已独立使用move_uploaded_file() If it returns false then also sucsess message will be printed.如果它返回 false,那么也会打印sucsess消息。

Try尝试

if ( move_uploaded_file($_FILES["img_preview"]["tmp_name"],
  "upload/" . $_POST['id'] . "/" . $_FILES["img_preview"]["name"])) {
echo "sucess";
}else{
echo "fail";
}

After that you will get what is the main problem.之后,您将得到主要问题。 Also use debugging point by print_r($_FILES) before move_uploaded_file() .还可以在move_uploaded_file()之前使用print_r($_FILES)的调试点。

This may not be the answer to your question, but still it's worth your attention, I hope.这可能不是您问题的答案,但我希望仍然值得您关注。 Don't rely on the type of the file sent via $_FILES , this is just the mime-type sent by the browser as far as I remember, it can be easily compromized.不要依赖通过$_FILES发送的文件的类型,据我所知,这只是浏览器发送的 mime 类型,很容易被破坏。 Use getimagesize() function to get true image type as well as height/width.使用getimagesize() function 获取真实的图像类型以及高度/宽度。

Same goes for the source file name, but that shouldn't pose a security hole.源文件名也是如此,但这不应构成安全漏洞。

Looks like your question already contains the answer(the upload works when you create the directory via FTP).看起来您的问题已经包含答案(当您通过 FTP 创建目录时上传有效)。

I guess the new server has safe_mode enabled, so it will check the UID of the fileowners on file-operations.我猜新服务器启用了安全模式,所以它会在文件操作中检查文件所有者的 UID。

What happens:怎么了:

  1. your script creates a directory, owner will be the webserver您的脚本创建一个目录,所有者将是网络服务器
  2. your script(owner of the script usually is the ftp-user) tries to chmod the directory您的脚本(脚本的所有者通常是 ftp 用户)尝试对目录进行 chmod

the script(owner:ftp) cannot chmod the directory(owner:webserver), because the UIDs are different.脚本(所有者:ftp)无法 chmod 目录(所有者:webserver),因为 UID 不同。

solution: use ftp_mkdir() for creation of directories.解决方案:使用ftp_mkdir()创建目录。

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM