I having problems with the download code of this script, I have modified it and added other features to it that work. Just the download part of the script does not work, I will provide the full code for all the files.
upload.php
<?php
require_once 'dbc.php';
page_protect();
$client_ID = mysql_query("SELECT id
FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];
$uploadDir = 'uploads/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$date = date('Y-m-d H:i:s');
$sql = "INSERT INTO upload2 (name, client, size, type, path, date ) ".
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
echo "<br>File $fileName uploaded<br>";
}
?>
<html>
<head>
<title>Download File From MySQL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
$rows = mysql_fetch_assoc($result);
$total_rows = mysql_num_rows($result);
?>
Welcome <?php echo $_SESSION['user_name'];?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
<?php if($total_rows > 0) { ?>
<table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat">
<tr>
<th scope="col">FIle/Image Name</th>
<th scope="col" style="width:15%">Date</th>
<th scope="col" style="width:10%">Size</th>
<th scope="col" style="width:10%">Download</th>
</tr>
<?php do { ?>
<tr>
<td><?php echo $rows['name']; ?></td>
<td><?php echo $rows['date']; ?></td>
<td><?php echo $rows['size']; ?></td>
<td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td>
</tr>
<?php } while($rows = mysql_fetch_assoc($result)); ?>
</table>
<?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?>
<p><br />
<a href="logout.php">Logout </a></p>
</body>
</html>
This code works fine. The download code is: downloads.php
<?php
require_once 'dbc.php';
page_protect();
$client_ID = mysql_query("SELECT id
FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];
$uploadDir = 'uploads/';
if(isset($_POST['upload']))
{
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$filePath = $uploadDir . $fileName;
$result = move_uploaded_file($tmpName, $filePath);
if (!$result) {
echo "Error uploading file";
exit;
}
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "qaasim11";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
if(!get_magic_quotes_gpc())
{
$fileName = addslashes($fileName);
$filePath = addslashes($filePath);
}
$date = date('Y-m-d H:i:s');
$sql = "INSERT INTO upload2 (name, client, size, type, path, date ) ".
"VALUES ('$fileName', '$client_ID', '$fileSize', '$fileType', '$filePath', '$date')";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
echo "<br>File $fileName uploaded<br>";
}
?>
<html>
<head>
<title>Download File From MySQL</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<?php
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
$sql = "SELECT * FROM upload2 WHERE client='".$client_ID."' ORDER BY date DESC";
mysql_select_db($database_conndb, $conndb);
$result = mysql_query($sql, $conndb) or die(mysql_error());
$rows = mysql_fetch_assoc($result);
$total_rows = mysql_num_rows($result);
?>
Welcome <?php echo $_SESSION['user_name'];?>
<form method="post" enctype="multipart/form-data">
<table width="350" border="0" cellpadding="1" cellspacing="1" class="box">
<tr>
<td width="246">
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input name="userfile" type="file" id="userfile">
</td>
<td width="80"><input name="upload" type="submit" class="box" id="upload" value=" Upload "></td>
</tr>
</table>
</form>
<?php if($total_rows > 0) { ?>
<table border="0" cellpadding="0" cellspacing="0" id="tbl_repeat">
<tr>
<th scope="col">FIle/Image Name</th>
<th scope="col" style="width:15%">Date</th>
<th scope="col" style="width:10%">Size</th>
<th scope="col" style="width:10%">Download</th>
</tr>
<?php do { ?>
<tr>
<td><?php echo $rows['name']; ?></td>
<td><?php echo $rows['date']; ?></td>
<td><?php echo $rows['size']; ?></td>
<td><a href="downloads.php?id=<?php echo $rows['id']; ?>">Download</a></td>
</tr>
<?php } while($rows = mysql_fetch_assoc($result)); ?>
</table>
<?php } else { echo "<p class="warn">Sorry there are no records available.</p>"; } ?>
<p><br />
<a href="logout.php">Logout </a></p>
</body>
</html>
Also this the code for my database:
CREATE TABLE IF NOT EXISTS `upload2` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`client` int(11) NOT NULL,
`name` varchar(30) NOT NULL,
`type` varchar(30) NOT NULL,
`size` int(11) NOT NULL,
`path` varchar(60) NOT NULL,
`date` datetime NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=10 ;
--
-- Dumping data for table `upload2`
--
INSERT INTO `upload2` (`id`, `client`, `name`, `type`, `size`, `path`, `date`) VALUES
(1, 1, 'back.gif', 'image/gif', 1997, 'uploads/back.gif', '2010-09-19 12:17:05');
When i click the download link in upload.php i get the following error Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in downloads.php on line 17 the fileis non exist in
I am not sure if the code works to download files/images if this error was not their as I cannot figure out how to fix this pronlem.
You don't connect to database for the first query (to get $client_ID
)
$hostname_conndb = "localhost";
$database_conndb = "uploads";
$username_conndb = "root";
$password_conndb = "qaasim11";
$conndb = mysql_connect($hostname_conndb, $username_conndb, $password_conndb) or trigger_error(mysql_error(),E_USER_ERROR);
$client_ID = mysql_query("SELECT id
FROM clients WHERE user_name='".$_SESSION['user_name']."'")or die(mysql_error());
$client_ID = mysql_fetch_array($client_ID);
$client_ID = $client_ID['id'];
Some things to consider:
if()
, or the field is not submitted for some reason. A foolproof check is if ($_SERVER['REQUEST_METHOD'] == 'POST') { ... }
. That will be true anytime the script is executed in response to a POST request, regardless of what fields (if any) were submitted. ['error']
parameter in the $_FILES array is there for a reason. if ($_FILES['somefile']['error'] === UPLOAD_ERR_OK) { ... upload was successful ... }
['name']
parameter and blindly use it as part of the path in move_uploaded_file()
. The name is COMPLETELY under control of the user, so a malicious user can easily name their file ../../../../../../windows/system32/kernel32.dll
and your script will happily attempt to kill your machine addslashes()
on $filePath and $fileName, but you don't do the same for $fileType
- that's the MIME type as provided BY THE CLIENT - so again it's fully under control of the user, and a malicious one can therefore easily perform an SQL injection attack.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.