Can't find the file on server glitch

  • (2 Pages)
  • +
  • 1
  • 2

21 Replies - 2609 Views - Last Post: 21 August 2013 - 07:03 PM Rate Topic: -----

#1 recreationquest  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 21-December 10

Can't find the file on server glitch

Posted 20 August 2013 - 04:45 PM

I'm working with this file upload everything works but the download file.

Getting the error message 'Please select a valid file to download.'

I'm hoping it's something starring me in the face and can't see it

any ideas? Thanks!
<?php # add_file.php
   // This page allows users to upload files to the server.

   // Set the page title and include the HTML header.
   $page_title = 'Upload a File';
   include ('include/header.html');

   $counter = 3; // Number of files to allow for.

   if (isset($_POST['submitted'])) { // Handle the form.

	   require_once ('mysql_connect.php'); // Connect to the database.

	   for ($i = 0; $i < $counter; $i++) { // Handle each uploaded file.

		   // Create index names to refer to the proper upload and description.
		   $filename = 'uploads' . $i;
		   $description = 'description' . $i;

		   // Check for a file.
		   if (isset($_FILES[$filename]) && ($_FILES[$filename]['error'] != 4)) { 

		   // Check for a description (not required).
		   if (!empty($_POST[$description])) {
			   $d = "'" . escape_data($_POST [$description]) . "'";

		   } else {
			   $d = 'NULL';
		   }

		   // Add the record to the dataabase.
		   $query = "INSERT INTO uploads (file_name, file_size, file_type,
		     description) VALUES ('{$_FILES[$filename]['name']}',{$_FILES [$filename]['size']},'{$_FILES [$filename]['type']}', $d)";
		     $result = mysql_query ($query); 
			  
		   if ($result) {

			   // Return the upload_id from the database.
			   $upload_id = mysql_insert_id(); 

			   // Move the file over.
			   if( move_uploaded_file($_FILES[$filename]['tmp_name'], "upload $upload_id")) {

				   echo '<p>File number ' . ($i + 1) . ' has been uploaded!</p>';

			   } else { // File could not be moved.

				   echo '<p><font color="red">File number ' . ($i + 1) . ' could not
				     be moved.</font></p>';

				   // Remove the record from the database.
				  $query = "DELETE FROM uploads WHERE upload_id = $upload_id";
				   $result = mysql_query ($query);

				   // Add more detailed error reporting, if desired.

				   } 

			   } else { // If the query did not run OK.
				   echo '<p><font color="red">Your submission could not be processed
				     due to a system error. We apologize for any 
				     inconvenience.</font></p>';
				   // Print the query and invoke the mysql_error() function to debug.
			   }

		   } // End of if (isset($the_file)...

	   } // End of FOR loop.

	   mysql_close(); // Close the database connection.

   }
   ?>
   <form enctype="multipart/form-data" action="add_file.php" method="post">

	   <fieldset><legend>Fill out the form to upload a file:</legend>
	   <input type="hidden" name="MAX_FILE_SIZE" value="5242880" /> 

	   <?php // Create the inputs.
	   for ($i = 0; $i < $counter; $i++) {
		   echo '<p><b>File:</b> <input type="file" name="uploads' . $i . '" /></p>
	   <p><b>Description:</b> <textarea name="description' . $i . '" cols="40"
	     rows="5"></textarea></p><br />
	   ';
	   }
	   ?>

	   </fieldset>
	   <input type="hidden" name="submitted" value="TRUE" />
	   <div align="center"><input type="submit" name="submit" value="Submit" /></div>

   </form>
   <?php
   include ('include/footer.html');
   ?>




<?php # view_files.php
   // This page displays the files uploaded to the server.

   // Set the page title and include the HTML header.
   $page_title = 'View Files';
   include ('include/header.html');

   require_once ('mysql_connect.php');

   $first = TRUE; // Initialize the variable.

   // Query the database.
   $query = "SELECT upload_id, file_name, ROUND(file_size/1024) AS fs, description, DATE_FORMAT(date_entered, '%M %e, %Y') AS d FROM uploads ORDER BY date_entered DESC";
   $result = mysql_query ($query); 


   // Display all URLs.
   while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {

        // If this is the first record, create the table header.
        if ($first) {
            echo '<table border="0" width="100%" cellspacing="3" cellpadding="3" align="center">
        <tr>
            <td align="left" width="20%"><font size="+1">File Name</font></td>
            <td align="left" width="40%"><font size="+1">Description</font></td> 
			<td align="center" width="20%"><font size="+1">File Size</font></td>
            <td align="left" width="20%"><font size="+1">Upload Date</font></td>
        </tr>';
            $first = FALSE; // Once record has been returned.

        } // End of $first IF.

        // Display each record.
        echo " <tr>
            <td align=\"left\"><a href=\"download_file.php?uid=<?php{$row['upload_id']};?>\">{$row['file_name']}</a></td>
            <td align=\"left\">" . stripslashes($row ['description']) . "</td>
            <td align=\"center\">{$row ['fs']}kb</td>
            <td align=\"left\">{$row ['d']}</td>
			<td align=\"left\"><a href=\"edit_file.php?uid={$row['upload_id']}\">edit</a></td>
        </tr>\n";

   } // End of while loop.

   // If no records were diplayed...
   if ($first) {
        echo '<div align="center">There are currently no files to be viewed.</div>';
   } else {
        echo '</table>'; // Close the table.
   }

   mysql_close(); // Close the database connetion.
   include ('include/footer.html');
   ?>  



   <?php # download_file.php
   // This page handles file downloads through headers.

   // Check for an upload_id.
   if (isset($_GET[uid])) {
	   $uid = (int) $_GET['uid'];
   } else { // Big problem!
	   $upload_id = 0;
   }

   if ($uid > 0) { // OK to proceed!

	   require_once ('mysql_connect.php');
	   
	   // Connect to the dataabase.

	   // Get the information for this file.
	   $query = "SELECT 'file_name', 'file_size', 'file_type' FROM 'uploads' WHERE
	     upload_id = $uid";
	   $result = mysql_query ($query);

	   list ($fn, $fs, $ft) = mysql_fetch_array ($result, MYSQL_NUM);
	   mysql_close(); // Close the database connection.

	   // Determine the file name on the server.
	   $the_file = '/uploads . $uid'; 

	   // Check if it exists.
	   if (file_exists ($the_file)) { 

		   // Send the file.
		   header ("content-type: application/octet-stream");
		   header ("content-description: File Transfer");
		   header ("Content-disposition: attachment; filename=\$row[$fn] \n"); 
		   header ("content-length: $fs\n");
		   header ("Content-Type: $ft\n");
		   

		   readfile ($the_file); 

	   } else { // File doesn't exist.
		   $page_title = 'File Download';
		   include ('include/header.html');
		   echo '<p><font color="red">The file could not be located on the server.
		     We apologize for any inconvenience.</font></p>';
		   include ('include/footer.html');
	   }

   } else { // No valid upload ID.
	   $page_title = 'File Download';
	   include ('include/header.html');
	   echo '<p><font color="red">Please select a valid file to download.
	     </font></p>';
	   include ('include/footer.html');
   }
   ?>




Is This A Good Question/Topic? 0
  • +

Replies To: Can't find the file on server glitch

#2 Sho Ke  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 110
  • View blog
  • Posts: 250
  • Joined: 13-October 11

Re: Can't find the file on server glitch

Posted 20 August 2013 - 05:24 PM

On download_file.php, var_dump $uid before line5.

Line 6 and 8 of that file assign different variables, and $upload_id is never used.

This post has been edited by Sho Ke: 20 August 2013 - 05:26 PM

Was This Post Helpful? 4
  • +
  • -

#3 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3718
  • View blog
  • Posts: 5,986
  • Joined: 08-June 10

Re: Can't find the file on server glitch

Posted 21 August 2013 - 08:43 AM

Also keep in mind that strings should be quoted. That includes array key names.
// This:
$_GET[uid];

// Should be:
$_GET['uid'];


If you have full error reporting enabled - which you really should in a development environment - then the former would give you a notice.


And, as always, the obligatory warning about the old MySQL API extension being deprecated. Anything that starts with mysql_ should be avoided! Use PDO or MySQLi instead.
Was This Post Helpful? 1
  • +
  • -

#4 AdaHacker  Icon User is offline

  • Resident Curmudgeon

Reputation: 452
  • View blog
  • Posts: 811
  • Joined: 17-June 08

Re: Can't find the file on server glitch

Posted 21 August 2013 - 11:24 AM

Just look at like 35 of your view_files.php:
<td align=\"left\"><a href=\"download_file.php?uid=<?php{$row['upload_id']};?>\">{$row['file_name']}</a></td>

Your uid parameter in the URL is messed up - you're including php tags when doing string interpolation. That means $_GET['uid'] is going to come through as <?php12345;?>, which will always get converted to zero when you cast it to an integer.
Was This Post Helpful? 2
  • +
  • -

#5 recreationquest  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 21-December 10

Re: Can't find the file on server glitch

Posted 21 August 2013 - 01:46 PM

View PostAdaHacker, on 21 August 2013 - 11:24 AM, said:

Just look at like 35 of your view_files.php:
<td align=\"left\"><a href=\"download_file.php?uid=<?php{$row['upload_id']};?>\">{$row['file_name']}</a></td>

Your uid parameter in the URL is messed up - you're including php tags when doing string interpolation. That means $_GET['uid'] is going to come through as <?php12345;?>, which will always get converted to zero when you cast it to an integer.


Yeah I noticed that late last night after I put var_dump (uid) after the isset function on the download script.
So I removed the php tags and now the correct value is pasted to the download script, but it's not initiating the download window in the browser, now it displays a bunch of gibberish, which (i'm assuming) is the image in script form.
Now I'm trying to figure out that glich, any ideas?

Thanks,for your help greatly appreciated!
Was This Post Helpful? 0
  • +
  • -

#6 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: Can't find the file on server glitch

Posted 21 August 2013 - 01:58 PM

View Postrecreationquest, on 21 August 2013 - 04:46 PM, said:

now it displays a bunch of gibberish, which (i'm assuming) is the image in script form.


Assuming you're trying to load an image in a separate window, you'll want to set the Content-Type header to the MIME type that matches the type of image you're loading. Since it's loading from a .php file, it assumes the output is going to be text or markup, not an image.

Content-Type header
Was This Post Helpful? 0
  • +
  • -

#7 andrewsw  Icon User is offline

  • Fire giant boob nipple gun!
  • member icon

Reputation: 3360
  • View blog
  • Posts: 11,397
  • Joined: 12-December 12

Re: Can't find the file on server glitch

Posted 21 August 2013 - 02:00 PM

First thing to do is remove the nested php-tags:

<td align=\"left\"><a href=\"download_file.php?uid={$row['upload_id']}\">{$row['file_name']}</a></td>


We cannot nest php in php.
Was This Post Helpful? 1
  • +
  • -

#8 recreationquest  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 21-December 10

Re: Can't find the file on server glitch

Posted 21 August 2013 - 02:35 PM

View PostValek, on 21 August 2013 - 01:58 PM, said:

View Postrecreationquest, on 21 August 2013 - 04:46 PM, said:

now it displays a bunch of gibberish, which (i'm assuming) is the image in script form.


Assuming you're trying to load an image in a separate window, you'll want to set the Content-Type header to the MIME type that matches the type of image you're loading. Since it's loading from a .php file, it assumes the output is going to be text or markup, not an image.

Content-Type header


I have the mime defined as a variable $ft

  header ("content-type: application/octet-stream");
  header ("content-description: File Transfer");
  header ("Content-disposition: attachment;filename=.$fn"); 
  header ("Content-Length:.$fs");
  header ("Content-Type: .$ft");
	   
  readfile ($the_file);

Was This Post Helpful? 0
  • +
  • -

#9 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: Can't find the file on server glitch

Posted 21 August 2013 - 03:04 PM

Okay, I see that now (was answering quickly as I was leaving work). You are sending that header twice, however.
Was This Post Helpful? 0
  • +
  • -

#10 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3718
  • View blog
  • Posts: 5,986
  • Joined: 08-June 10

Re: Can't find the file on server glitch

Posted 21 August 2013 - 03:12 PM

The dot (.) in front of the variables inside the string shouldn't be there. It's used to concat two strings, not when injecting variables directly into a string. - Same goes for your $the_file variable. That one has two problems: first you are trying to inject a variable into a single-quoted string, and second you are again using the dot char. - You may want to read up on how strings work in PHP. You're going to have constant problems if you're fuzzy on how they should be used.

Also, looking at the move_uploaded_file line in the add_file script, it seems to be using a very odd file name. Perhaps not wrong, as such, but still definitely odd. It would come out like: ./upload X where X is the ID of the image. Was that what you were aiming for? I'd suggest replacing the space with an underscore or a dash, just for the sake of it. Using spaces in file names is generally discouraged. (Though I suspect it'll only be a problem on old systems.)
Was This Post Helpful? 2
  • +
  • -

#11 recreationquest  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 21-December 10

Re: Can't find the file on server glitch

Posted 21 August 2013 - 03:16 PM

View PostValek, on 21 August 2013 - 03:04 PM, said:

Okay, I see that now (was answering quickly as I was leaving work). You are sending that header twice, however.

Are you referring to this...

header ("content-type: application/octet-stream");

If so I removed it and.... nothing changed.

F.Y.I. if I upload a .pdf I get gibberish, If I upload a .txt it displays the contents of the text file in the browser, still no download.

appreciate the help!
Was This Post Helpful? 0
  • +
  • -

#12 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: Can't find the file on server glitch

Posted 21 August 2013 - 03:21 PM

Check the value of $ft when the page is pulled up. Is it what you're expecting?

EDIT: I can guarantee it isn't, as your header lines are suffering from the same dot problem Atli mentioned above.

This post has been edited by Valek: 21 August 2013 - 03:26 PM

Was This Post Helpful? 1
  • +
  • -

#13 recreationquest  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 21-December 10

Re: Can't find the file on server glitch

Posted 21 August 2013 - 03:31 PM

View PostValek, on 21 August 2013 - 03:21 PM, said:

Check the value of $ft when the page is pulled up. Is it what you're expecting?


Yes, the var_dump function displays the correct uid number, and the dreaded gibberish.
and if I remove the var_dump, only gibberish.
When I hoover the cursor over the link on the view file page it also displays the correct url in the bubble at the bottom of the browser. example... url.com/download_file.php?uid=109
Was This Post Helpful? 0
  • +
  • -

#14 Valek  Icon User is offline

  • The Real Skynet
  • member icon

Reputation: 542
  • View blog
  • Posts: 1,713
  • Joined: 08-November 08

Re: Can't find the file on server glitch

Posted 21 August 2013 - 03:34 PM

Please read my edit. Atli's post above remarks on the source of many of your problems at the moment.
Was This Post Helpful? 1
  • +
  • -

#15 recreationquest  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 9
  • Joined: 21-December 10

Re: Can't find the file on server glitch

Posted 21 August 2013 - 03:55 PM

View PostAtli, on 21 August 2013 - 03:12 PM, said:

The dot (.) in front of the variables inside the string shouldn't be there. It's used to concat two strings, not when injecting variables directly into a string. - Same goes for your $the_file variable. That one has two problems: first you are trying to inject a variable into a single-quoted string, and second you are again using the dot char. - You may want to read up on how strings work in PHP. You're going to have constant problems if you're fuzzy on how they should be used.

Also, looking at the move_uploaded_file line in the add_file script, it seems to be using a very odd file name. Perhaps not wrong, as such, but still definitely odd. It would come out like: ./upload X where X is the ID of the image. Was that what you were aiming for? I'd suggest replacing the space with an underscore or a dash, just for the sake of it. Using spaces in file names is generally discouraged. (Though I suspect it'll only be a problem on old systems.)


Okay I made some changes...
 header ("content-description: File Transfer");
 header ("Content-disposition: attachment;filename=$fn"); 
 header ("Content-Length:$fs");
 header ("Content-Type: $ft");
		   
 readfile ($the_file); 


You lost me here...
Same goes for your $the_file variable. That one has two problems: first you are trying to inject a variable into a single-quoted string, and second you are again using the dot char.

Can you clarify

Thanks for everything
Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2