PHP Upload Script not Functioning Properly with New Host

Question

I have set up a php script which creates a directory and uploads a file to that directory. My issue is that when I use the script to create the directory, the file will not upload entirely. I ran the exact same script on a different host and the upload process works just fine. Plus, if I manually create the upload directory and apply chmod 777 via ftp then the transfer works just fine. Could there be some sort of a setting with the hosting provider that needs to be altered to allow the function to work just right?

Here is the upload form:

<form action="/uploadFile.php" method="post"
enctype="multipart/form-data">
<label for="img_preview">Preview Image:</label>
<input type="file" name="img_preview" id="img_preview" />
<br />

<input type="hidden" name="id" value="newDirectory" />
<input type="submit" name="submit" value="Upload Flyer" />
</form>

Here is my PHP script (uploadFile.php):

$thisdir = getcwd(); 
$new_dir = $_POST['id'];
$full_dir = $thisdir . "/upload/" . $new_dir;

function chk_dir($full_dir) {
if(is_dir($full_dir)) {
    echo 'welcome back';
} else {
    return mkdir($full_dir);
}

}
chk_dir($full_dir);
chmod($full_dir, 0777);
?>

<?php
//upload image

if ($_FILES["file"]["error"] > 0)
  {
  echo "Error: " . $_FILES["img_preview"]["error"] . "<br />";
  }
else
  {

  }
  //set image restrictions
?> 

<?php
if ((($_FILES["img_preview"]["type"] == "image/gif")
|| ($_FILES["img_preview"]["type"] == "image/jpeg")
|| ($_FILES["img_preview"]["type"] == "image/pjpeg"))
&& ($_FILES["img_preview"]["size"] < 80000))
  {
  if ($_FILES["img_preview"]["error"] > 0)
    {
echo "Please only upload an image for previewing (jpg or gif)...<br>
Also, check to         make     sure the filesize is less than 8MB" .          $_FILES["img_preview"]["error"] .     "<br />";
}
  else
{

//check the image into new directory
if (file_exists("upload/". $new_dir ."/". $_FILES["img_preview"]["name"]))
  {
  echo "It seems that " . $_FILES["img_preview"]["name"] . " already exists.";
  }
else
  {
  move_uploaded_file($_FILES["img_preview"]["tmp_name"],
  "upload/" . $_POST['id'] . "/" . $_FILES["img_preview"]["name"]);
  echo "image file has transferred successfully!";
      }
    }
  }
else
  {
  echo "Invalid file please contact for assistance.";
  }
?> 

Also, when I run the script no errors are produced and the file echos "image file has transferred successfully." but then when I check for the file in the new location it is completely void. Thank you for your time in this issue.

you have used move_uploaded_file() independently. If it returns false then also sucsess message will be printed.

Try

if ( move_uploaded_file($_FILES["img_preview"]["tmp_name"],
  "upload/" . $_POST['id'] . "/" . $_FILES["img_preview"]["name"])) {
echo "sucess";
}else{
echo "fail";
}

After that you will get what is the main problem. Also use debugging point by print_r($_FILES) before move_uploaded_file() .

This may not be the answer to your question, but still it's worth your attention, I hope. Don't rely on the type of the file sent via $_FILES , this is just the mime-type sent by the browser as far as I remember, it can be easily compromized. Use getimagesize() function to get true image type as well as height/width.

Same goes for the source file name, but that shouldn't pose a security hole.

Looks like your question already contains the answer(the upload works when you create the directory via FTP).

I guess the new server has safe_mode enabled, so it will check the UID of the fileowners on file-operations.

What happens:

1. your script creates a directory, owner will be the webserver
2. your script(owner of the script usually is the ftp-user) tries to chmod the directory

the script(owner:ftp) cannot chmod the directory(owner:webserver), because the UIDs are different.

solution: use ftp_mkdir() for creation of directories.