0

I have the below code for uploading an image file:

<?php
session_start();

If (!$_SESSION['logged_in']) {

    header("location:login.php");
}

include "ConnectToDb.php";
$action = $_GET['method'];
$soruid = mysql_real_escape_string($_POST['question']);

If ($action == "image") {

    If ($_FILES['image'][name] != "") {

            $allowedExts = array("gif", "jpeg", "jpg", "png");
            $extension = end(explode(".", $_FILES["image"]["name"]));
            $unique = md5(microtime());
            $date = date("Y-m-d H:i:s");
            $who = $_SESSION['username'];

            If ((($_FILES["image"]["type"] == "image/gif")
                || ($_FILES["image"]["type"] == "image/jpeg")
                || ($_FILES["image"]["type"] == "image/jpg")
                || ($_FILES["image"]["type"] == "image/pjpeg")
                || ($_FILES["image"]["type"] == "image/x-png")
                || ($_FILES["image"]["type"] == "image/png"))
                && ($_FILES["image"]["size"] < 500000000)
                && in_array($extension, $allowedExts)) {

                $pic = $unique. "." .$extension;
                move_uploaded_file($_FILES["image"]["tmp_name"], "answers/" . $pic);

                $ekle = "INSERT INTO `answers` (who, question_id, image, date) values('$who', '$soruid', '$pic', '$date')";
                $ok = mysql_query($ekle) or die (mysql_error());

                header("location:question.php?s=$soruid");

                }  

            }   


} elseif ($action == "text") {

    $text = mysql_real_escape_string($_POST['text']);
    $date = date("Y-m-d H:i:s");
    $who = $_SESSION['username'];

    $ekle = "INSERT INTO `answers` (who, question_id, comment, date) values('$who', '$soruid', '$text', '$date')";
    $ok = mysql_query($ekle) or die (mysql_error());

    header("location:question.php?s=$soruid");


}

?>

If the size of the image is low, such as 10kb or something like that, upload process works without a problem, but when i try to upload a file with 3 mb of size, script stops without a hitch.

I checked the php limits such as max_post_size, memory_limit etc. and seems like no problem.

I expect the script upload the image and then redirect the page.

What is the problem?

EDIT:

If I use the below code, it works.

$pic = "sercan.jpg";
move_uploaded_file($_FILES["image"]["tmp_name"], "answers/" . $pic);

So, I guess it means problem is with the code. But, Where is it?

EDIT 2:

Seems like the problem is with the if/else conditions. When I remove it, I am able to upload big-sized images.

If ((($_FILES["image"]["type"] == "image/gif")
            || ($_FILES["image"]["type"] == "image/jpeg")
            || ($_FILES["image"]["type"] == "image/jpg")
            || ($_FILES["image"]["type"] == "image/pjpeg")
            || ($_FILES["image"]["type"] == "image/x-png")
            || ($_FILES["image"]["type"] == "image/png"))
            && in_array($extension, $allowedExts)) {

..............
}
Sercan
  • 325
  • 1
  • 4
  • 17
  • Maybe you are exceeding the maximum execution time (max_execution_time). – KristofMorva Feb 23 '14 at 00:07
  • Anything useful in the logs? – James Feb 23 '14 at 00:08
  • 1
    Check what your upload max size in `php.ini` is set to. You can also override that in `.htaccess` . I.e: `php_value post_max_size 30M` and `php_value upload_max_filesize 30M` or `upload_max_filesize = "30M"` and `post_max_size = "30M"` – Funk Forty Niner Feb 23 '14 at 00:08
  • Could it be a problem with not using `$pic = basename("$unique.$extension")`? – StackSlave Feb 23 '14 at 00:20
  • @iCore limit is 30 secs but script stops after 8-10 secs later which is far below than the limit. – Sercan Feb 23 '14 at 00:20
  • @Fred-ii- all the values you mentioned are higher than that values. – Sercan Feb 23 '14 at 00:21
  • @PHPglue not sure i understand what you mentioned, i am just started to learn PHP, but the script works for low-sized uploads. If there was a problem, maybe than you're right? – Sercan Feb 23 '14 at 00:22
  • You should also test `if(isset($_FILES['image']))`, and make sure `name` is not a Constant. It should be a String. – StackSlave Feb 23 '14 at 00:27
  • It was an example. If your server's max upload is only 2M, then yeah, your script will stop, even when using `($_FILES["image"]["size"] < 500000000)` @Sercan – Funk Forty Niner Feb 23 '14 at 00:34
  • I see. I checked again, upload_max_filesize is 64M which is far below the size of the image I try to upload. Again, if I try to upload 1 Mb size image everythng is OK. But if I choose 3 Mb size of a image, it fails, script shows only a blank page. – Sercan Feb 23 '14 at 00:39
  • Try to increase memory `ini_set("memory_limit","350M");` and/or see [`this answer`](http://stackoverflow.com/a/8744184/) about `php_value max_input_time` and other possible factors. @Sercan – Funk Forty Niner Feb 23 '14 at 00:47
  • Another thing which could be a factor (if you're on a hosted service) and it happened to me before, is that your `tmp` folder or `tmp` file might be full and this will prevent oversized files from being uploaded, because of too many failed attempts and has grown larger in size (temp file). @Sercan – Funk Forty Niner Feb 23 '14 at 00:48
  • @Fred-ii-Thanks for your interest. But, I guess the problem is with the code I use. Could you pls check the edits I made to the question? – Sercan Feb 23 '14 at 00:53
  • I checked it. So now you can't use those functions. That is too bizarre. I have the very same functions in a few of my scripts, and work OK. @Sercan – Funk Forty Niner Feb 23 '14 at 00:58
  • The only other thing now that I see that could prevent it, is `If ($action == "image") {` which is related to a `GET` method in your code and uploading files require a POST method. @Sercan – Funk Forty Niner Feb 23 '14 at 01:00
  • @Fred-ii-`GET` is related with the type of the comment. Here is the latest situation: If I remove the if conditions such as `$allowedExts = array("gif", "jpeg", "jpg", "png", "pjpeg");` or changing `(in_array($extension, $allowedExts))` to `(**!**in_array($extension, $allowedExts))` solves the problem. That means, type of the image is different than the allowed type. And as far as I check image is a regular JPG file created with a regular camera. – Sercan Feb 23 '14 at 01:05
  • That is just very odd. I can post something below with a script that I use, and wondering if you could try it out just on its own with a 3-5MB file. However, this one will check if it already exists in the upload folder, so make sure one is not in there already; that's if you're interested, just to test out. @Sercan – Funk Forty Niner Feb 23 '14 at 01:09
  • @Fred-ii-Problem is absolutely related to the this code: `$allowedExts = array("gif", "jpeg", "jpg", "png"); $extension = end(explode(".", $_FILES["image"]["name"]));` or `in_array($extension, $allowedExts)`. But, I am not able to figure out what is wrong with that code. – Sercan Feb 23 '14 at 01:14
  • I have seen it before, and it could have something to do with the `end` and `explode`. I have a slightly different version that was a workaround of that. Let me know if you want me to post a "test" answer. @Sercan - If it does work, then you could build around it from there. – Funk Forty Niner Feb 23 '14 at 01:18
  • @Fred-ii-I removed that lines. Just will make a check with the MIME types. (not sure it is secure enough but I m tired of this problem) Thanks for the support. – Sercan Feb 23 '14 at 01:29
  • You're welcome. I offered my code, but I will respect your wish. Cheers @Sercan – Funk Forty Niner Feb 23 '14 at 01:31
  • @Fred-ii-pls check the answer I've just posted. – Sercan Feb 23 '14 at 01:35

2 Answers2

0

If the file is too large, then $_FILES is empty.

So, your if statement:

if ($_FILES['image']) ...

will not fire. Nor will your else, because that condition isn't being met. So the script completes without error, even though the image size is too large, and it did not upload.

random_user_name
  • 25,694
  • 7
  • 76
  • 115
  • In OP's code `&& ($_FILES["image"]["size"] < 500000000)` then states *"but when i try to upload a file with `3 mb` of size, script stops without a hitch."* - 3MB is far below than `500000000` – Funk Forty Niner Feb 23 '14 at 00:16
  • @Fred-ii- - $_FILES is empty when the size is too large. This if statement doesn't even work, since $_FILES['image']['size'] will be empty. – random_user_name Feb 23 '14 at 00:20
  • @Fred-ii-I did it for fun. Even if i delete that statement, still see a blank page. – Sercan Feb 23 '14 at 00:24
0

Changing this code:

$allowedExts = array("gif", "jpeg", "jpg", "png");
$extension = end(explode(".", $_FILES["image"]["name"]));

To this:

$allowedExts = array("gif", "jpeg", "jpg", "png");          
$bits = explode(".", $_FILES["image"]["name"]);
$extension = strtolower(end($bits));

solved the problem.

Still not sure, How it is able to work with low-sized uploads while fails with high-sized uploads.

Whatever..

Sercan
  • 325
  • 1
  • 4
  • 17
  • Which is 99.9% of what I was going to show you, in order to test with. This could have been avoided, had you taken me up on my offer. – Funk Forty Niner Feb 23 '14 at 01:37
  • Be sure, next time accepting your code offers will be the first thing I do instead of bugging around :) – Sercan Feb 23 '14 at 01:40
  • Like I said in my earlier comment, I faced a similar situation and it took me the better part of a day (some time ago) to find out why it was doing the same thing that you had a problem with. It's the way the bits get exploded at the end. Certain servers will react differently and I had the misfortune of landing on such a server. I now keep seperate versions of similar scripts, should I ever need to use either one. The important thing here is, that you found your solution ;-) – Funk Forty Niner Feb 23 '14 at 01:44
  • I meant this `$bits = explode(".", $_FILES["image"]["name"]); $extension = end($temp);` were the lines I was going to show you, just slightly different than `$extension = strtolower(end($bits));` with the exception of the added `strtolower` – Funk Forty Niner Feb 23 '14 at 01:53