A
Anonymous
Guest
the code is this, but still got error, i try to upload an .pdf file, can you check for me? thanks a lot
<?
session_start();
if (session_is_registered("valid_admin"))
{
echo "<p><span class=style1>You are logged in as <strong>$valid_admin</strong></span>.</p>";
echo "<p align=center class=style1><strong>Maintain Message</strong></p>";
}
?>
<style type="text/css">
</style>
<p class="style1">
<INPUT TYPE=HIDDEN NAME="story" VALUE="<?php print $file;?>">
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
if (!$title || !$message)
{
echo "Please fill in the fields to upload file!";
exit;
}
require_once("dbconnect.php");
dbconnect();
$myquery = "INSERT INTO message(UserID, Title, Message) ";
$myquery .= " VALUES ('$valid_admin', '$title', '$message')";
$result = mysql_query($myquery);
if (!$result)
{
$error = "cannot run query";
return $error;
}
else
{
}
if ($userfile)
{
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
{
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
require_once("dbconnect.php");
dbconnect();
$story = mysql_insert_id();
$filename = "uploads/".$userfile_name;
// After upload
// filename -> The name of the form field which carry the file
$file = $_FILES["userfile"]["tmp_name"];
$fp = fopen($file, "rb");
$content = fread($fp, filesize($file));
$content = addslashes($content);
fclose($fp);
mysql_query("update message message set file = '$content' where MessageID = $story");
$result = mysql_query("SELECT file FROM message where MessageID = $story");
$row = mysql_fetch_array($result);
header("Content-type: " . $row['type']);
print $row['file'];
$myUser = "UPDATE message set Path = '$filename', Type = '$userfile_type', Size = '$userfile_size', file = '$content' where MessageID = $story";
$result = mysql_query($myUser);
if (!$result)
{
$error = "cannot run query";
return $error;
}
else
{
echo "<p align=center class=style1>Your message had uploaded.</p>";
}
}
else
{
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
}
else
echo "<p align=center class=style1>Your message had uploaded.</p>";
?>
</p>
the error message is this:
Warning: fopen(C:\WINNT\TEMP\php6B.tmp): failed to open stream: No such file or directory in c:\inetpub\wwwroot\opbs\test.php on line 68
Warning: filesize(): Stat failed for C:\WINNT\TEMP\php6B.tmp (errno=2 - No such file or directory) in c:\inetpub\wwwroot\opbs\test.php on line 69
Warning: fread(): supplied argument is not a valid stream resource in c:\inetpub\wwwroot\opbs\test.php on line 69
Warning: fclose(): supplied argument is not a valid stream resource in c:\inetpub\wwwroot\opbs\test.php on line 71
Warning: Cannot modify header information - headers already sent by (output started at c:\inetpub\wwwroot\opbs\test.php:5) in c:\inetpub\wwwroot\opbs\test.php on line 78
<?
session_start();
if (session_is_registered("valid_admin"))
{
echo "<p><span class=style1>You are logged in as <strong>$valid_admin</strong></span>.</p>";
echo "<p align=center class=style1><strong>Maintain Message</strong></p>";
}
?>
<style type="text/css">
</style>
<p class="style1">
<INPUT TYPE=HIDDEN NAME="story" VALUE="<?php print $file;?>">
<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.
if (!$title || !$message)
{
echo "Please fill in the fields to upload file!";
exit;
}
require_once("dbconnect.php");
dbconnect();
$myquery = "INSERT INTO message(UserID, Title, Message) ";
$myquery .= " VALUES ('$valid_admin', '$title', '$message')";
$result = mysql_query($myquery);
if (!$result)
{
$error = "cannot run query";
return $error;
}
else
{
}
if ($userfile)
{
$uploaddir = 'uploads/';
$uploadfile = $uploaddir . $_FILES['userfile']['name'];
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile))
{
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
require_once("dbconnect.php");
dbconnect();
$story = mysql_insert_id();
$filename = "uploads/".$userfile_name;
// After upload
// filename -> The name of the form field which carry the file
$file = $_FILES["userfile"]["tmp_name"];
$fp = fopen($file, "rb");
$content = fread($fp, filesize($file));
$content = addslashes($content);
fclose($fp);
mysql_query("update message message set file = '$content' where MessageID = $story");
$result = mysql_query("SELECT file FROM message where MessageID = $story");
$row = mysql_fetch_array($result);
header("Content-type: " . $row['type']);
print $row['file'];
$myUser = "UPDATE message set Path = '$filename', Type = '$userfile_type', Size = '$userfile_size', file = '$content' where MessageID = $story";
$result = mysql_query($myUser);
if (!$result)
{
$error = "cannot run query";
return $error;
}
else
{
echo "<p align=center class=style1>Your message had uploaded.</p>";
}
}
else
{
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
}
else
echo "<p align=center class=style1>Your message had uploaded.</p>";
?>
</p>
the error message is this:
Warning: fopen(C:\WINNT\TEMP\php6B.tmp): failed to open stream: No such file or directory in c:\inetpub\wwwroot\opbs\test.php on line 68
Warning: filesize(): Stat failed for C:\WINNT\TEMP\php6B.tmp (errno=2 - No such file or directory) in c:\inetpub\wwwroot\opbs\test.php on line 69
Warning: fread(): supplied argument is not a valid stream resource in c:\inetpub\wwwroot\opbs\test.php on line 69
Warning: fclose(): supplied argument is not a valid stream resource in c:\inetpub\wwwroot\opbs\test.php on line 71
Warning: Cannot modify header information - headers already sent by (output started at c:\inetpub\wwwroot\opbs\test.php:5) in c:\inetpub\wwwroot\opbs\test.php on line 78