Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts

    Wondering if I am using a dodgy snippit?

    I found code snippet off the net:
    http://snippets.dzone.com/posts/show/3729

    I have stripped everything I didn't need and tried to tailor it to my needs:

    PHP Code:
    $uploaddir "/var/www/https/test.com/products/'".$_POST['fordir']."/'".$_POST['category']."/'".$_POST['id']."'";
    $uploadfile $uploaddir basename($_FILES['front']['name']); 
    I have only been using PHP for a month now, but it seems this code is very very wrong.
    To me, all its doing is declaring foo equals bar!
    Wheres the actual function in it?
    Last edited by Democrazy; 09-19-2011 at 04:00 PM.

  • #2
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    Double

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Its not 'wrong', but it sure is insecure.
    What function are you talking about? This just creates two strings for a path to upload to. It doesn't do anything beyond that.

  • #4
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    A function to actually upload the file.
    Maybe I'm not sure what I want as I've never done this before. Basically, I want to create an upload form.

    This is what I have so far:

    HTML (index.html):
    Code:
    <FORM action="confirmation.html" enctype="multipart/form-data" method="post">
    	Product ID: <INPUT name="id" type="text">
    	For dir: <SELECT name="fordir"><OPTION>men</OPTION><OPTION>women</OPTION></SELECT>
    	Category dir: <SELECT name="category"><OPTION>belts</OPTION><OPTION>cufflinks</OPTION></SELECT>
    	Image: <INPUT name="front" type="file">
    	<INPUT type="submit" value="Submit">
    </FORM>
    PHP (confirmation.html):
    PHP Code:
    $uploaddir "/var/www/https/test.com/products/'".$_POST['fordir']."/'".$_POST['category']."/'".$_POST['id']."'";
    $uploadfile $uploaddir basename($_FILES['front']['name']); 
    Last edited by Democrazy; 09-19-2011 at 04:31 PM.

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Yes, but it doesn't actually do anything. There is no copy, rename or move_uploaded_file (which is the best one to use). But you can't use this anyway, there isn't enough verification taking place that stops me from moving around those directories. Heaven forbid if you have a / filepermission of 777 O.o

  • #6
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    I couldn't care less for security right now. I just want things to work.
    This script wont be public anyway. Its an administrator script that only I will have access to via HTTPS .htaccess.

    Design page 1 > security page 1 > design page 2, brakes my work flow. I design my entire site, then implement security after.

    I've learn't basic PHP/MySQL over the passed month specifically for this site. I've heard of SQL injections and form input stripping and all that, but haven't looked into them yet - but I have a fair idea I know what their concepts are. I will study related security when the time comes.

    Work flow is the most important thing to me. There are so many psychological reasons for me to chose this philosophy, but I won't reason them because it will spark forum preachers that will trash my thread.I just want to understand how upload works and how its implemented at the most basic level.
    I've checked out every result on the 1st and 2nd page on Google for "basic PHP upload", but all I found were snippets that are pathetically documented. People bloody comment EVERYTHING! Its so fricken annoying, and people implement sh][t in there "basic scripts" that are not essential for the function to work". Its so frustrating.

    I am not a forum lecher either. I ALWAYS check out official documentation first, but I found PHP's official documentation to suck hard on this account:
    http://www.php.net/manual/en/feature...ost-method.php
    Fkn hell, who ever wrote that has spent his whole life on SourceForge and doesn't know how to speak like a normal person. The basic explanation of the upload function is broken down into syntaxes without any example of how their used.. but then he goes on and writes up beautiful example on an advanced use of the function in example #3 with the samestyle I did with my code in post #4. WTF is with this documentation explanation inconsistency?!!!!... so, as usual, I have to jump on a forum and ask someone because computer scientists lack the communication skills and discipline to write a simple ****in manual for their languages.
    Last edited by Democrazy; 09-19-2011 at 05:46 PM.

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    That was quite uncalled for.
    I don't see anything wrong with the POST method uploads page. I think everything in there is well documented and explains quite well what everything is. Its not up to a language developer to tell you how to use it, its only up to them to tell us what it is, what its signatures are, and what each offset represents in a case of an object or array. Its up to the developer to actually make use of it.
    This page will not contain information about signatures for methods like move_uploaded_file. There are api pages for that.

    All and all, I still don't have a clue what your question is.

  • #8
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    In the post you linked to it had everything you needed for a simple unsecure file upload but because you didn't understand the php manual you took out the most important parts one of which was already told to you e.g. move_uploaded_file.
    ||||If you are getting paid to do a job, don't ask for help on it!||||


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •