0

I have developed a small image upload system with lot of customization like (renaming, thumbnail generating, validation).
All features are working perfectly except Images with high dimension (2000x2000 upwards).
I can't recognize the issue.

Following is my upload.php

if (isset($_POST['upload'])) {
    $i_image = $_POST['image'];
    $fund_id = $_POST['fid'];
    $image = $_POST['image'];
    // check the existence 
    $ex = mysql_query("SELECT pid, fid, image FROM imgs WHERE fid = '$fund_id' AND image = '$image'");
    if(mysql_num_rows($ex)> 0){
        echo 'Image already exists!!';
    }else{
        $newpath = $_POST['path'];
        $cfn = $_POST['cfn'];
        if (!file_exists($newpath)) {
            mkdir($newpath, 0777, true);
        }
        $allowedExts = array("gif", "jpeg", "jpg", "png");
        $temp = explode(".", $_FILES["file"]["name"]);
        $extension = end($temp);

        if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/jpeg")
            || ($_FILES["file"]["type"] == "image/jpg")
            || ($_FILES["file"]["type"] == "image/pjpeg")
            || ($_FILES["file"]["type"] == "image/x-png")
            || ($_FILES["file"]["type"] == "image/png"))
            && ($_FILES["file"]["size"] < 20000000)
            && in_array($extension, $allowedExts)) {
              if ($_FILES["file"]["error"] > 0) {
                echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
              } else {
                echo "Upload: " . $_FILES["file"]["name"] . "<br>";
                echo "Type: " . $_FILES["file"]["type"] . "<br>";
                echo "Size: " . ($_FILES["file"]["size"] / 5000) . " kB<br>";
                echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";
                if (file_exists($newpath. $_FILES["file"]["name"])) {
                  echo $_FILES["file"]["name"]. " already exists. ";
                } else {
                    //rename
                    $temp2 = explode(".", $_FILES["file"]["name"]);

                    $dir_name = substr($cfn, 0, 15);
                    $rn_fn = $dir_name. '_'.$image.'.'.end($temp2);
                    $full_path = $newpath.$rn_fn;
                    $p2db = 'funds/deeds/'.$cfn.$rn_fn;
                    move_uploaded_file($_FILES["file"]["tmp_name"], $full_path);
                    $img_name = preg_replace('/\\.[^.\\s]{3,4}$/', '', $rn_fn);
                    $img_name_we = $rn_fn;
                    $user = $_SESSION['MM_Username'];
                    $insert = mysql_query("INSERT INTO imgs(fid, image, img_name, img_name_we, path, i_user) VALUES('$fund_id','$i_image','$img_name','$img_name_we','$p2db', '$user')") or die(mysql_error());
                    echo "<h3>"."File Uploaded!". "</h3>";
                    echo '<a href="index.php?fund_id='.$fund_id.'">'.'Go back</a>';
                    $photoid= mysql_insert_id();
                    echo "<br><br>";
                    die();
                }
            }
        } else {
            echo "Invalid file";
        }
    }
}

Whenever a user uploading a large image (like 3000x4000 & File size 4.3MB) script give 'Invalid File' error.

I already set upload_max_filesize & post_max_size to 12M, max_input_time & max_execution_time to 300

What do you think?

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Lanka
  • 34
  • 8
  • Did you restart your server after setting upload_max_filesize and others? – Sehdev Jul 17 '18 at 13:08
  • @Sehdev - Yes. I restarted – Lanka Jul 17 '18 at 13:10
  • 1
    Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[this happens](https://media.giphy.com/media/kg9t6wEQKV7u8/giphy.gif)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Jul 17 '18 at 13:13
  • Can you give us the FULL Error message please – RiggsFolly Jul 17 '18 at 13:14
  • @RiggsFolly - Actually this is little bit old project. Now I am using PDO. Thank you for your advice. – Lanka Jul 17 '18 at 13:16
  • @RiggsFolly - Script returns 'Invalid file'. That is the only error. – Lanka Jul 17 '18 at 13:16
  • 1
    Then quite obviously, now I have reformatted the code, its failing one of your `IF $_FILES` tests. SO you need to work out which one, possibly by giving a more useful error mesage in the `else` – RiggsFolly Jul 17 '18 at 13:22
  • Also, use in_array for the mime types as well as the allowed extensions, then your if won't look so clunky – delboy1978uk Jul 17 '18 at 13:52
  • @RiggsFolly - Yes I will reformat and place error message for each `else` parts – Lanka Jul 18 '18 at 05:15
  • @delboy1978uk - I didn't get you – Lanka Jul 18 '18 at 05:16
  • @RiggsFolly - I tested by putting error messages to else statements. Something wrong in the below part. `if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png")) && ($_FILES["file"]["size"] < 200000000) && in_array($extension, $allowedExts)) {` – Lanka Jul 19 '18 at 06:49
  • Like I said above! So now I would, in the else, display the contents of all the varibales you are testing in the IF and see which one is causing the IF to go to the ELSE – RiggsFolly Jul 19 '18 at 08:49

0 Answers0