0

I've reviewed previous solutions here, but none fixed it for me. Here's my PHP 7 code:

<?php
$file_size = $_FILES['fileToUpload']['size'];
$file_types = array("sh", "txt", "py", "php", "html", "css", "rb");
$ext = pathinfo($_FILES["fileToUpload"]["name"], PATHINFO_EXTENSION);
$ext = strtolower($ext);

function toText() {
    $content = file_get_contents($_FILES['fileToUpload']['tmp_name']);
    return $content;
}

function uploadFile() {
    $myfile = fopen("uploads/".$_FILES['fileToUpload']['name'], 'w+');
    //if (!$myfile) {
    //    return "There was an error writing the file.";
   // }
    $link = "http://[site]"."/uploads/".$_FILES['fileToUpload']['name'];
    fwrite($myfile, toText());
    fclose($myfile);
    return $link;
}

if ($file_size / 1024 > 200000) {
    echo "File too big";
}
if (in_array($ext, $file_types)) {
    echo uploadFile();
}

else {
    echo "File not a valid extension.";
    echo "\nExtension: ".$ext;
}

Here are the errors:

PHP Warning:  fwrite() expects parameter 1 to be resource, boolean given in [file] on line 18, referer: [site]

PHP Warning:  fclose() expects parameter 1 to be resource, boolean given in [file] on line 19, referer: [site]

I've concluded that fopen is false (see commented out testing). This is running on an Ubuntu 17.04 VPS, on Apache. PHP.ini has file upload enabled, and both uploads and the script have permissions 755.

W. Reyna
  • 724
  • 2
  • 7
  • 24
  • don't use a url, use a path – Funk Forty Niner Dec 21 '17 at 22:22
  • @FunkFortyNiner what do you mean? Are you talking about `"uploads/".$_FILES['fileToUpload']['name']` or $link? It's a personal file upload. – W. Reyna Dec 21 '17 at 22:24
  • yes like that (the former) and make sure the folder exists also with proper write permissions. – Funk Forty Niner Dec 21 '17 at 22:25
  • Ensure that fopen returns a valid handle. Also ensure, that fopen is permited, e.g. by checking phpinfo() – recycler Dec 21 '17 at 22:26
  • @FunkFortyNiner folder exists. not sure if you saw my edit made a few seconds ago, but the idea is a personal file upload service for me only, so i'd need a url, no? – W. Reyna Dec 21 '17 at 22:26
  • no, in order to use a url, you'd need to have `allow_url_fopen` enabled as per http://php.net/manual/en/function.fopen.php - `$link = "http://[site]"."/uploads/".$_FILES['fileToUpload']['name'];` is still a url – Funk Forty Niner Dec 21 '17 at 22:28
  • There are inbuilt functions for handling uploaded files http://php.net/manual/en/features.file-upload.post-method.php –  Dec 21 '17 at 22:31
  • ah, my bad. it was enabled. @recycler , what would I be looking for in phpinfo? – W. Reyna Dec 21 '17 at 22:31
  • I was writing an answer when the post was closed, you don't need to use fopen / fwrite at all. There's a built in function that will work better than reading the file then writing to another file. It takes the path of the temporary file and the location for the final file like this: move_uploaded_file($_FILES['fileToUpload']['tmp_name'], "uploads/".$_FILES['fileToUpload']['name']) http://php.net/manual/en/function.move-uploaded-file.php – obsirdian Dec 21 '17 at 22:47

0 Answers0