#6 bug with php script

[Anonymous]

Hi,

The script doesn't work on PHP Version 4.3.1 platforme.
I think the problem is the new method to get parameters
with this platform.

thank U by advance,

dehix

[Ain Tohvri]

Logged In: YES
user_id=1165755

This is a register_globals issue on 4.2 and above default
install. You can either turn that on from php conf file or
Re the PHP code yourself.

This is all pretty trivial, eg the file being uploaded is at
$_FILES['fichier']['tmp_name'] and if you refer to
http://ee.php.net/manual/en/features.file-upload.php#features.file-upload.post-method
you'll get the idea.
$dataLC (and $browseLC) you can easily retrieve with
$_REQUEST['dataLC']. This must be it ;)

[Nobody/Anonymous]

Logged In: NO

This script is good? (up.php) I've translated it a little bit.
________________________________________________________________________________
<?php

//
/*
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date du passé
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // toujours modifié
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache"); // HTTP/1.0
*/
$max_size = 20000; // 20ko
$max_width = 2000;
$max_height = 2000;
$dirname = 'img'; // folder where the files are stored

/*
0 no errors, file loaded up with succes!
-1 file format is incorrect
-2 file size is incorrect
-3 image format is incorrect
-4 image width is incorrect
-5 image height is incorrect

*/

//
if (isset($_FILES['fichier'])) $tab = GetImageSize($_FILES['fichier']);

// look for errors about the file size
if ($_FILES['fichier']['size'] > $max_size || $_FILES['fichier']['size'] == 0) $status=-2;
// look for errors about the variable $_FILES['fichier'] (fichier means file)
else if (!$_FILES['fichier'] || $_FILES['fichier'] == "none") $status=-1;
else if (strpos($_FILES['fichier']['name'],"\\") || strpos($_FILES['fichier']['name'], "/")) $status=-1;
// you can only upload jpg and jpeg
else if (!stristr($_FILES['fichier']['name'], ".jpg")) $status=-1;
// cancel upload when file isn't a jpg or jpeg
else if (!$tab[0]) $status=-3;
// image format is incorrect
else if (!stristr($_FILES['fichier']['type'], "jpeg")) $status=-1;
else if ($tab[0] > $max_width) $status=-4;
else if($tab[1] > $max_height) $status=-5;
else {
// all is ok, start uploading with a copy of the file
copy($_FILES['fichier'], $dirname."/".$_FILES['fichier']['name']);
$status=0;
}

// do some javascript actions (from example.html)
echo "<HTML><BODY><script>window.top.upLoadEnd('$_REQUEST['browseLC']',$status,'$_FILES['fichier']['name']','$_REQUEST['dataLC']')</script></HTML>";

?>

[Nobody/Anonymous]

Logged In: NO

Oh sorry I've made some wrongs in the new php script (one message down).
script to change:
______________________________________
copy($_FILES['fichier'], $dirname."/".$_FILES['fichier']['name']);
$status=0;
______________________________________
change in:
______________________________________
$browseLC=$_REQUEST['browseLC'];
$dataLC=$_REQUEST['dataLC'];
$fName=$_FILES['fichier']['name'];
echo"<HTML><BODY><script>window.top.upLoadEnd('$browseLC',$status,'$fName','$dataLC')</script></HTML>";
_______________________________________

[Nobody/Anonymous]

Logged In: NO

Oh, I've made another mistake:
The new GOOD script:
________________________________________________________________
<?php

/*
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date when it's ...
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // today
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Pragma: no-cache"); // HTTP/1.0
*/
$max_size = 20000; // 20ko
$max_width = 2000;
$max_height = 2000;
$dirname = 'img'; // folder where the files are stored

/*
0 no errors, file loaded up with succes!
-1 file format is incorrect
-2 file size is incorrect
-3 image format is incorrect
-4 image width is incorrect
-5 image height is incorrect
*/

if (isset($_FILES['fichier']['tmp_name'])) $tab = GetImageSize($_FILES['fichier']['tmp_name']);

// look for errors about the file size
if ($_FILES['fichier']['size'] > $max_size || $_FILES['fichier']['size'] == 0) $status=-2;
// look for errors about the variable $_FILES
else if (!$_FILES['fichier'] || $_FILES['fichier'] == "none") $status=-1;
else if (strpos($_FILES['fichier']['name'],"\\") || strpos($_FILES['fichier']['name'], "/")) $status=-1;
// filename can't contain \\ or /
else if (!stristr($_FILES['fichier']['type'], "image/pjpeg")) $status=-10;
// cancel upload when file isn't a jpg or jpeg
else if (!$tab[0]) $status=-3;
// image format is incorrect
else if (!stristr($_FILES['fichier']['type'], "image/jpeg")) $status=-2;
else if ($tab[0] > $max_width) $status=-4;
else if($tab[1] > $max_height) $status=-5;
else {
// all is ok, start uploading with a copy of the file
copy($_FILES['fichier']['tmp_name'], $dirname."/".$_FILES['fichier']['name']);
$status=0;
}

// do some javascript actions (from example.html)
$browseLC=$_REQUEST['browseLC'];
$dataLC=$_REQUEST['dataLC'];
$serverdata='Orginal filename: '.$_FILES['fichier']['name'].', Location at your cache-memory: '.$_FILES['fichier']['tmp_name'].',Filetype: '.$_FILES['fichier']['type'];
echo"<HTML><BODY><script>window.top.upLoadEnd('$browseLC',$status,'$serverdata','$dataLC')</script></HTML>";

?>

// do some javascript actions (from example.html)
$browseLC=$_REQUEST['browseLC'];
$dataLC=$_REQUEST['dataLC'];
$serverdata='Orginal filename: '.$_FILES['fichier']['name'].', Location at your cache-memory: '.$_FILES['fichier']['tmp_name'].',Filetype: '.$_FILES['fichier']['type'];
echo"<HTML><BODY><script>window.top.upLoadEnd('$browseLC',$status,'$serverdata','$dataLC')</script></HTML>";

?>