HTML Form just won't send some POST variables to a PHP script

Question

So I'm having a problem which prevents me from uploading a file as a test on my new upload service.

Every time I fill in every form correctly and submit it, A bunch of the vars aren't set for the up-loader.

HTML Form (Cut from my website, I left a few bootstrap elements in just in case):

<form action="upload.php" method="post">
            <span style="color: green;">Select the file you want to upload:</span>
            <input type="file" class="form-control" name="fileToUpload" id="fileToUpload" />
            <br>TIP: Taking a long time for the page to load after uploading? That's your browser uploading the files. It will take time if you have slow internet or you are uploading a big file.
            <br><br>
            <b><span style="color: red;">DISCLAIMER: I, Mark Jones, am not held responsible for the uploading of porn, pirated music, images and films. In the event that any pirated, offensive or sexual files are uploaded they will be deleted by staff or removed by storage clean-ups. Please keep all these types of files that are not permitted away from this website. Only upload things that are not sold elsewhere and keep porn on your own PC. Once you upload a file against this disclaimer after accepting it (You can't upload files without accepting it), The uploaded file becomes your responsibility. It will be deleted and if it is not deleted then you'll have to witness a punishment that hasn't been put into effect by me, but by others such as my hosting or the DMCA. I also would like all the members/users of this site not to upload Viruses, Tojans, Malware and Spyware. If you do, It will be deleted or other punishments will occur. Also by accepting this disclaimer you must use your real name in the box below.</span></b><br><br>
            <!--<input type="submit" value="Upload Image" name="submit" />-->
            <input type="radio" name="disclaimer" value="1">Accept</input>
            <input type="radio" name="disclaimer" value="0" checked>Decline</input><br><br>
            Insert your full real name below:<br>
            <input type="text" class="form-control" name="realname" value="Full name"></input><br>
            Do you want your own personal folder for your file?<br>
            <input type="radio" name="pf" value="1">Yes</input>
            <input type="radio" name="pf" value="0" checked>No</input><br>
            <input type="text" class="form-control" name="pfn" value="Personal Folder Name"></input><br><br>
            Please tag your file:<br>
            <input type="radio" name="tag" value="other" checked>Other</input>
            <input type="radio" name="tag" value="funny">Funny</input><br>
            <input type="radio" name="tag" value="theoretic">Theoretic</input>
            <input type="radio" name="tag" value="sad">Sad</input><br>
            <input type="radio" name="tag" value="important">Important</input>
            <input type="radio" name="tag" value="informative">Informative</input><br>
            <input type="radio" name="tag" value="family">Family</input>
            <input type="radio" name="tag" value="friendly">Friendly</input><br>
            <input type="radio" name="tag" value="dangerous">Dangerous</input>
            <input type="radio" name="tag" value="horrible">Horrible</input><br>
            <input type="radio" name="tag" value="scary">Scary</input>
            <input type="radio" name="tag" value="musical">Musical</input><br>
            <input type="radio" name="tag" value="creative">Creative</input>
            <input type="radio" name="tag" value="ugly">Ugly</input><br>
      </div>
      <div class="modal-footer">
      <b>Uploader breaks if ", ', / or \ is used anywhere.</b>
        <button type="button" class="btn btn-default" data-dismiss="modal">Cancel request</button>
        <input type="submit" id="uploadsubmit" class="btn btn-primary" value="Upload" name="submit"></input>
        </form>

And next is my PHP handler (upload.php):

<center>
<?php

if(isset($_POST["disclaimer"]) && isset($_POST["realname"])) {

if($_POST["disclaimer"] != "1") {
    die("You didn't accept the disclaimer. Go back a page and read the disclaimer.");
}

if($_POST["realname"] == "Full name") {
    die("You didn't enter your real name. Go back and try again.");
} 

if($_POST["realname"] == "") {
    die("You didn't enter your real name. Go back and try again.");
}

} else {

    echo "Uh Oh! Something is going wrong! Attempting to repair.<br>";
    $_POST["realname"] == "real-name-post-error";

}


$personalfolder = $_POST["pf"];

//Base file names
$base_file_name = basename($_FILES["fileToUpload"]["name"]);
$base_file_name_path = $_FILES["fileToUpload"]["name"];

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}

//Main script
echo "File(s) uploaded. Reading file list...<br>";
if($personalfolder == "1") {
$target_dir_ext = time()."_".basename($_FILES["fileToUpload"]["name"])."_".$ip.$_POST["realname"]."/".$_POST["pfn"]; // Prevent file already existing
} else {
$target_dir_ext = time()."_".basename($_FILES["fileToUpload"]["name"])."_".$ip.$_POST["realname"]; // Prevent file already existing
}
$structure = "uploads/".$_POST["tag"]."/".$target_dir_ext;
mkdir($structure, 0777, true);
$target_dir = "uploads/".$_POST["tag"]."/".$target_dir_ext."/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
echo "File(s) detected: <br>".$target_file."<br>";
echo "Checking file(s)...<br>";

$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.<br>";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 99999999) {
    echo "Sorry, your file is too large.<br>";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" 
&& $imageFileType != "png" 
&& $imageFileType != "jpeg"
&& $imageFileType != "GIF"
&& $imageFileType != "JPG"
&& $imageFileType != "JPEG"
&& $imageFileType != "PNG"
&& $imageFileType != "mp3"
&& $imageFileType != "MP3"
&& $imageFileType != "WAV"
&& $imageFileType != "wav"
&& $imageFileType != "mp4"
&& $imageFileType != "MP4"
&& $imageFileType != "swf"
&& $imageFileType != "SWF"
&& $imageFileType != "ogg"
&& $imageFileType != "OGG"
&& $imageFileType != "js"
&& $imageFileType != "JS"
&& $imageFileType != "txt"
&& $imageFileType != "TXT"
&& $imageFileType != "exe"
&& $imageFileType != "EXE"
&& $imageFileType != "zip"
&& $imageFileType != "ZIP"
&& $imageFileType != "rar"
&& $imageFileType != "RAR"
&& $imageFileType != "msi"
&& $imageFileType != "MSI"
&& $imageFileType != "ttf"
&& $imageFileType != "TTF"
&& $imageFileType != "svg"
&& $imageFileType != "SVG"
&& $imageFileType != "eot"
&& $imageFileType != "EOT"
&& $imageFileType != "woff"
&& $imageFileType != "WOFF"
&& $imageFileType != "woff2"
&& $imageFileType != "WOFF2"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG, GIF, OGG, MP3, MP4, WAV and SWF files are allowed.<br>";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded due to the reasons above.<br>";
// if everything is ok, try to upload file
} else {
    echo "File(s) OK. Attempting to move uploaded file(s) to the uploads directory...";
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.<br>";
        $ul = "http://marksrtz.site50.net/uploader/".$target_file;
        echo "File URL: <a href='".$ul."'>".$ul."</a><br>";
        if($imageFileType == "jpg" 
        || $imageFileType == "png" 
        || $imageFileType == "PNG" 
        || $imageFileType == "gif" 
        || $imageFileType == "GIF" 
        || $imageFileType == "jpeg" 
        || $imageFileType == "JPEG" 
        || $imageFileType == "JPG") {
            echo 'Preview:<br><iframe width="1440px" height="900px" src="'.$ul.'"></iframe> ';
        } else {
            echo 'Preview:<br><iframe width="600px" height="400px" src="'.$ul.'"></iframe> ';
        }
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
echo "<br>PHP Script was executed and ended correctly.";
?> 
</center>

What could the problem be? The output of the PHP Script is:

File(s) uploaded. Reading file list... File(s) detected: uploads/funny/1422113393__188.29.64.63Mark Jones/ Checking file(s)... Sorry, file already exists. Sorry, only JPG, JPEG, PNG, GIF, OGG, MP3, MP4, WAV and SWF files are allowed. Sorry, your file was not uploaded due to the reasons above.

PHP Script was executed and ended correctly.

What it wasn't detecting earlier was the $_POST["disclaimer"] and $_POST["realname"] but then that started working a little later

Now it isn't sending the file I want to upload at all.

However, If i use an enctype it does send the file but it won't send the POST variables. Is there a way i can send the POST Variables and the file at the same time without creating another form?

Form requires a valid enctype when uploading; you don't have one. — Funk Forty Niner, Jan 24 '15 at 15:42
, otherwise it doesn't send files, only normal post variables. — Rauli Rajande, Jan 24 '15 at 15:43
@Fred -ii- Yes. When i use an enctype it stops the disclaimer and realname being sent, When i disable enctype it sends the disclaimer and realname vars but it won't upload the file :/ — , Jan 24 '15 at 15:44
Hard to say, but I see two unused variables `$base_file_name` and `$base_file_name_path` whether it's relevant or not. — Funk Forty Niner, Jan 24 '15 at 15:48
@Fred -ii- I don't know either. Those variables are going to be used in a newer version of the php script, I just put them there so it would be easier. However, I think the problem may be the size of what is uploaded. If i upload a big HD picture, some of the POST Variables don't get sent. If i upload a small GIF image, the POST variables are sent along with the uploaded image. It is very strange and i really need a fix because i know it's possible. Other people have made sites such as Facebook and Imgur which can do nearly the same thing. It is possible, I know it is :/ — , Jan 24 '15 at 15:51
It could be the upload max size isn't large enough in your `.ini` file. — Funk Forty Niner, Jan 24 '15 at 15:52
When I added enctype and copied your scripts together into one script, it worked. You should enable PHP warnings. — Rauli Rajande, Jan 24 '15 at 15:55
It isn't really my `.ini` file. I'm using a host called 000webhost. — , Jan 24 '15 at 15:55
You can override that with `.htaccess` unless they've set a max quota. How big a file are we talking? — Funk Forty Niner, Jan 24 '15 at 15:56
Wait. Instead of telling me that i should enable something or change something in an .ini file, You could tell me where that .ini file is or how to enable PHP warnings. It would be much easier because Google is horrible when you ask it where a file is. — , Jan 24 '15 at 15:57
See this http://stackoverflow.com/a/9466847/ and create a `.htaccess` file and place it in your root. They probably have a default of 2M. — Funk Forty Niner, Jan 24 '15 at 15:58
@Fred-ii- The biggest one i tried to upload was back.jpg, 2.3 MB — , Jan 24 '15 at 15:58
http://www.000webhost.com/faq.php?ID=34 I can't see why a 2.3 MB would fail, so something else is causing this. But that may not be related to "uploading" via a form. See also http://www.000webhost.com/forum/customer-assistance/202-file-upload-limit-2mb-set-php-ini.html so I think you need to create a `.htaccess` file. Try that and let me know. They might have a 2M default and you can increase it. @MarkieJonesWTF — Funk Forty Niner, Jan 24 '15 at 16:02
It'd probably be better if I put in an answer for this. Some may get the wrong impression when they visit the question. After all, I did all the footwork ;-) — Funk Forty Niner, Jan 24 '15 at 16:16

score 0 · Answer 1 · answered Jan 24 '15 at 16:06

0

first of all - don't take POST Vars for what they are! ALWAYS check them

instead of

$personalfolder = $_POST["pf"];

e.g. use

$personalfolder = trim(strip_tags(stripslashes($_POST["pf"])));

answered Jan 24 '15 at 16:06

Humer IT

132
3

score 0 · Accepted Answer · answered Jan 24 '15 at 16:21

I'm just going to go ahead and make this an answer.

000webhost most likely have a default 2M upload max.

You can override that using .htaccess and changing its value to

php_value memory_limit 30M
php_value post_max_size 100M
php_value upload_max_filesize 30M

for example and placed in the root of your server. Since you are unable to modify their php.ini file.

As per a few findings done on Google for you.

http://www.000webhost.com/forum/customer-assistance/202-file-upload-limit-2mb-set-php-ini.html

as it's stated We do not allow to upload big files (where file size is more than 5 MB) on server In a backend of my component (Pictures Gallery) there is a statement that Upload file limit is 2Mb - set by php.ini I use Joomla. Does anybody know how to increase it up to 5Mb? Is it on server or somewhere in my file system?

and

the limit on this hosting for uploading files is 2Mb, you can check in phpinfo().

Plus, just for argument's sake:

Form requires a valid enctype when uploading; you don't have one.

Change your form to this:

<form action="upload.php" method="post" enctype="multipart/form-data">

HTML Form just won't send some POST variables to a PHP script

2 Answers2

Linked