Member Avatar for carobee

hard nuts .... i guess its too difficult for me to crack..:(
anywz do you know of any other scripting languages which support file upload.

Member Avatar for nav33n

Nope :( I dont.

Member Avatar for carobee

Another query unresilved i guess:(

Member Avatar for nav33n

Can you post (one last time) what is the output of phpinfo ?

Member Avatar for carobee 
PHP Version 4.4.4 

System  Linux via 2.4.24 #3 Thu Dec 9 11:27:40 KST 2004 i686  
Build Date  Feb 1 2008 09:34:26  
Configure Command  './configure' '--prefix=/usr/local/apache' '--exec-prefix=/usr/local/apache' '--with-apache=/home/karabi/backup/apache_1.3.37' '--with-mysql' '--enable-sysvmsg' '--enable-ftp'  
Server API  Apache  
Virtual Directory Support  disabled  
Configuration File (php.ini) Path  /usr/local/apache/lib  
PHP API  20020918  
PHP Extension  20020429  
Zend Extension  20050606  
Debug Build  no  
Zend Memory Manager  enabled  
Thread Safety  disabled  
Registered PHP Streams  php, http, ftp  

 This program makes use of the Zend Scripting Language Engine:
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies  


--------------------------------------------------------------------------------

PHP Credits

--------------------------------------------------------------------------------

Configuration
PHP Core
Directive Local Value Master Value 
allow_call_time_pass_reference On On 
allow_url_fopen On On 
always_populate_raw_post_data Off Off 
arg_separator.input & & 
arg_separator.output & & 
asp_tags Off Off 
auto_append_file no value no value 
auto_prepend_file no value no value 
browscap no value no value 
default_charset no value no value 
default_mimetype text/html text/html 
define_syslog_variables Off Off 
disable_classes no value no value 
disable_functions no value no value 
display_errors On On 
display_startup_errors Off Off 
doc_root no value no value 
docref_ext no value no value 
docref_root no value no value 
enable_dl On On 
error_append_string no value no value 
error_log no value no value 
error_prepend_string no value no value 
error_reporting no value no value 
expose_php On On 
extension_dir /usr/local/apache/lib/php/extensions/no-debug-non-zts-20020429 /usr/local/apache/lib/php/extensions/no-debug-non-zts-20020429 
file_uploads On On 
gpc_order GPC GPC 
highlight.bg #FFFFFF #FFFFFF 
highlight.comment #FF8000 #FF8000 
highlight.default #0000BB #0000BB 
highlight.html #000000 #000000 
highlight.keyword #007700 #007700 
highlight.string #DD0000 #DD0000 
html_errors On On 
ignore_repeated_errors Off Off 
ignore_repeated_source Off Off 
ignore_user_abort Off Off 
implicit_flush Off Off 
include_path .:/usr/local/apache/lib/php .:/usr/local/apache/lib/php 
log_errors Off Off 
log_errors_max_len 1024 1024 
magic_quotes_gpc On On 
magic_quotes_runtime Off Off 
magic_quotes_sybase Off Off 
max_execution_time 30 30 
max_input_time -1 -1 
open_basedir no value no value 
output_buffering 0 0 
output_handler no value no value 
post_max_size 8M 8M 
precision 14 14 
register_argc_argv On On 
register_globals Off Off 
report_memleaks On On 
safe_mode Off Off 
safe_mode_exec_dir /usr/local/php/bin /usr/local/php/bin 
safe_mode_gid Off Off 
safe_mode_include_dir no value no value 
sendmail_from no value no value 
sendmail_path /usr/sbin/sendmail -t -i  /usr/sbin/sendmail -t -i  
serialize_precision 100 100 
short_open_tag On On 
SMTP localhost localhost 
smtp_port 25 25 
sql.safe_mode Off Off 
track_errors Off Off 
unserialize_callback_func no value no value 
upload_max_filesize 2M 2M 
upload_tmp_dir no value no value 
user_dir no value no value 
variables_order no value no value 
xmlrpc_error_number 0 0 
xmlrpc_errors Off Off 
y2k_compliance On On 


apache
APACHE_INCLUDE  no value  
APACHE_TARGET  no value  
Apache Version  Apache/1.3.37 (Unix) PHP/4.4.4  
Apache Release  10337100  
Apache API Version  19990320  
Hostname:Port  127.0.0.1:80  
User/Group  nobody(65534)/65534  
Max Requests  Per Child: 0 - Keep Alive: on - Max Per Connection: 100  
Timeouts  Connection: 300 - Keep-Alive: 15  
Server Root  /usr/local/apache  
Loaded Modules  mod_php4, mod_setenvif, mod_auth, mod_access, mod_alias, mod_userdir, mod_actions, mod_imap, mod_asis, mod_cgi, mod_dir, mod_autoindex, mod_include, mod_status, mod_negotiation, mod_mime, mod_log_config, mod_env, http_core  

Directive Local Value Master Value 
child_terminate 0 0 
engine 1 1 
last_modified 0 0 
xbithack 0 0 


Apache Environment
Variable Value 
DOCUMENT_ROOT  /usr/local/apache/htdocs  
HTTP_ACCEPT  */*  
HTTP_ACCEPT_ENCODING  gzip, deflate  
HTTP_ACCEPT_LANGUAGE  en-us  
HTTP_CACHE_CONTROL  max-age=259200  
HTTP_CONNECTION  keep-alive  
HTTP_HOST  172.24.3.226  
HTTP_PRAGMA  no-cache  
HTTP_UA_CPU  x86  
HTTP_USER_AGENT  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 1.1.4322)  
HTTP_VIA  1.1 localhost.localdomain:8080 (squid/2.5.STABLE3)  
HTTP_X_FORWARDED_FOR  172.24.3.90  
PATH  /root/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin  
REMOTE_ADDR  172.24.1.17  
REMOTE_PORT  40770  
SCRIPT_FILENAME  /usr/local/apache/htdocs/info.php  
SERVER_ADDR  172.24.3.226  
SERVER_ADMIN  [email]karabi@localhost.loca[/email]ldomain  
SERVER_NAME  127.0.0.1  
SERVER_PORT  80  
SERVER_SIGNATURE  <ADDRESS>Apache/1.3.37 Server at 127.0.0.1 Port 80</ADDRESS>  
SERVER_SOFTWARE  Apache/1.3.37 (Unix) PHP/4.4.4  
GATEWAY_INTERFACE  CGI/1.1  
SERVER_PROTOCOL  HTTP/1.0  
REQUEST_METHOD  GET  
QUERY_STRING  no value  
REQUEST_URI  /info.php  
SCRIPT_NAME  /info.php  


HTTP Headers Information
HTTP Request Headers 
HTTP Request  GET /info.php HTTP/1.0  
Accept  */*  
Accept-Encoding  gzip, deflate  
Accept-Language  en-us  
Cache-Control  max-age=259200  
Connection  keep-alive  
Host  172.24.3.226  
Pragma  no-cache  
UA-CPU  x86  
User-Agent  Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 1.1.4322)  
Via  1.1 localhost.localdomain:8080 (squid/2.5.STABLE3)  
X-Forwarded-For  172.24.3.90  
HTTP Response Headers 
X-Powered-By  PHP/4.4.4  
Connection  close  
Content-Type  text/html  


ctype
ctype functions  enabled  


ftp
FTP support  enabled  


mysql
MySQL Support enabled 
Active Persistent Links  0  
Active Links  0  
Client API version  3.23.49  
MYSQL_MODULE_TYPE  builtin  
MYSQL_SOCKET  /var/lib/mysql/mysql.sock  
MYSQL_INCLUDE  no value  
MYSQL_LIBS  no value  

Directive Local Value Master Value 
mysql.allow_persistent On On 
mysql.connect_timeout 60 60 
mysql.default_host no value no value 
mysql.default_password no value no value 
mysql.default_port no value no value 
mysql.default_socket no value no value 
mysql.default_user no value no value 
mysql.max_links Unlimited Unlimited 
mysql.max_persistent Unlimited Unlimited 
mysql.trace_mode Off Off 


overload
User-Space Object Overloading Support  enabled  


pcre
PCRE (Perl Compatible Regular Expressions) Support  enabled  
PCRE Library Version  6.6 06-Feb-2006  


posix
Revision  $Revision: 1.51.2.4.2.1 $  


session
Session Support  enabled  
Registered save handlers  files user  

Directive Local Value Master Value 
session.auto_start Off Off 
session.bug_compat_42 On On 
session.bug_compat_warn On On 
session.cache_expire 180 180 
session.cache_limiter nocache nocache 
session.cookie_domain no value no value 
session.cookie_lifetime 0 0 
session.cookie_path / / 
session.cookie_secure Off Off 
session.entropy_file no value no value 
session.entropy_length 0 0 
session.gc_divisor 100 100 
session.gc_maxlifetime 1440 1440 
session.gc_probability 1 1 
session.name PHPSESSID PHPSESSID 
session.referer_check no value no value 
session.save_handler files files 
session.save_path /tmp /tmp 
session.serialize_handler php php 
session.use_cookies On On 
session.use_only_cookies Off Off 
session.use_trans_sid Off Off 


standard
Regex Library  Bundled library enabled  
Dynamic Library Support  enabled  
Path to sendmail  /usr/sbin/sendmail -t -i  

Directive Local Value Master Value 
assert.active 1 1 
assert.bail 0 0 
assert.callback no value no value 
assert.quiet_eval 0 0 
assert.warning 1 1 
auto_detect_line_endings 0 0 
default_socket_timeout 60 60 
safe_mode_allowed_env_vars PHP_ PHP_ 
safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH 
url_rewriter.tags a=href,area=href,frame=src,form=,fieldset= a=href,area=href,frame=src,form=,fieldset= 
user_agent no value no value 


sysvmsg
sysvmsg support enabled 
Revision  $Revision: 1.4.2.5.2.3 $  


tokenizer
Tokenizer Support  enabled  


xml
XML Support  active  
XML Namespace Support  active  
EXPAT Version  1.95.6  


Additional Modules
Module Name 


Environment
Variable Value 
LOGNAME  root  
REMOTEHOST  172.24.3.90  
MAIL  /var/spool/mail/root  
TERM  xterm  
HOSTTYPE  i386  
PATH  /root/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin  
HOME  /root  
SHELL  /bin/sh  
PS1  #  
USER  root  
DISPLAY  172.24.3.90:0.0  
OSTYPE  Linux  
SHLVL  1  
_  ./httpd  


PHP Variables
Variable Value 
_SERVER["DOCUMENT_ROOT"] /usr/local/apache/htdocs 
_SERVER["HTTP_ACCEPT"] */* 
_SERVER["HTTP_ACCEPT_ENCODING"] gzip, deflate 
_SERVER["HTTP_ACCEPT_LANGUAGE"] en-us 
_SERVER["HTTP_CACHE_CONTROL"] max-age=259200 
_SERVER["HTTP_CONNECTION"] keep-alive 
_SERVER["HTTP_HOST"] 172.24.3.226 
_SERVER["HTTP_PRAGMA"] no-cache 
_SERVER["HTTP_UA_CPU"] x86 
_SERVER["HTTP_USER_AGENT"] Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 1.1.4322) 
_SERVER["HTTP_VIA"] 1.1 localhost.localdomain:8080 (squid/2.5.STABLE3) 
_SERVER["HTTP_X_FORWARDED_FOR"] 172.24.3.90 
_SERVER["PATH"] /root/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin 
_SERVER["REMOTE_ADDR"] 172.24.1.17 
_SERVER["REMOTE_PORT"] 40770 
_SERVER["SCRIPT_FILENAME"] /usr/local/apache/htdocs/info.php 
_SERVER["SERVER_ADDR"] 172.24.3.226 
_SERVER["SERVER_ADMIN"] [email]karabi@localhost.loca[/email]ldomain 
_SERVER["SERVER_NAME"] 127.0.0.1 
_SERVER["SERVER_PORT"] 80 
_SERVER["SERVER_SIGNATURE"] <ADDRESS>Apache/1.3.37 Server at 127.0.0.1 Port 80</ADDRESS>  
_SERVER["SERVER_SOFTWARE"] Apache/1.3.37 (Unix) PHP/4.4.4 
_SERVER["GATEWAY_INTERFACE"] CGI/1.1 
_SERVER["SERVER_PROTOCOL"] HTTP/1.0 
_SERVER["REQUEST_METHOD"] GET 
_SERVER["QUERY_STRING"] no value 
_SERVER["REQUEST_URI"] /info.php 
_SERVER["SCRIPT_NAME"] /info.php 
_SERVER["PATH_TRANSLATED"] /usr/local/apache/htdocs/info.php 
_SERVER["PHP_SELF"] /info.php 
_SERVER["argv"] Array
(
)
 
_SERVER["argc"] 0 
_ENV["LOGNAME"] root 
_ENV["REMOTEHOST"] 172.24.3.90 
_ENV["MAIL"] /var/spool/mail/root 
_ENV["TERM"] xterm 
_ENV["HOSTTYPE"] i386 
_ENV["PATH"] /root/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin 
_ENV["HOME"] /root 
_ENV["SHELL"] /bin/sh 
_ENV["PS1"] #  
_ENV["USER"] root 
_ENV["DISPLAY"] 172.24.3.90:0.0 
_ENV["OSTYPE"] Linux 
_ENV["SHLVL"] 1 
_ENV["_"] ./httpd 


PHP License
This program is free software; you can redistribute it and/or modify it under the terms of the PHP License as published by the PHP Group and included in the distribution in the file: LICENSE 

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 

If you did not receive a copy of the PHP license, or have any questions about PHP licensing, please contact [email]license@php.net[/email].
Member Avatar for nav33n

hmm.. Well, I ll show you what I have in my phpinfo. Notice the changes.

upload_tmp_dir	c:/wamp/tmp	c:/wamp/tmp
....
.....
......
session.save_path c:/wamp/tmp c:/wamp/tmp
....
.....

Your phpinfo says, session.save_path /tmp /tmp . So, there exists a tmp directory and its not configured correctly in your loaded php.ini file :) Thats the conclusion !

Member Avatar for carobee

hmm.. Well, I ll show you what I have in my phpinfo. Notice the changes.

upload_tmp_dir	c:/wamp/tmp	c:/wamp/tmp
....
.....
......
session.save_path c:/wamp/tmp c:/wamp/tmp
....
.....

Your phpinfo says, session.save_path /tmp /tmp . So, there exists a tmp directory and its not configured correctly in your loaded php.ini file :) Thats the conclusion !

ur working in windows n i am in linux. wht i am trying to say, that even if i try to set the tmp dir by changing the upload_tmp_dir in php.ini, it is not done. the php.ini that i m using is located in /usr/local/lib. also the host system shows that there is a tmp folder. But running the uploading script, the upload_err_no_tmp_dir is shown. the o/p of the php script is

Sorry, there was a problem uploading your file.
the error is 6
Possible file upload attack: filename ''.
Array ( [uploaded] => Array ( [name] => cd-key.txt [type] => [tmp_name] => [error] => 6 [size] => 0 ) )
Member Avatar for nav33n

ur working in windows n i am in linux.

That was not my point. What I was trying to say was, session.save_path is taking the tmp value, but not upload_tmp_dir. But anyway, Could you post your code that you are using to upload ? Maybe theres a problem with your code ?

Member Avatar for carobee

upload.php

<?php
$target_path="/home/install/trial";
$target_path=$target_path.basename($_FILES['uploaded']['name']);
$ok=1;

if($uploaded_size>750000)
{
        echo "Your File is too large.<br>";
        $ok=0;
}

if($ok==0)
{
        echo "Sorry your file was not uploaded";
}
else
{
        if(move_uploaded_file($_FILES['uploaded']['tmp_name'],$target_path))
        {
                echo "The file".basename($_FILES['uploadedfile']['name'])." has been uploaded";
        }
        else
        {
                echo "Sorry, there was a problem uploading your file."."</br>";
                echo "the error is ".$_FILES['uploaded']['error']."</br>";
        }
}
?>
Edited by mike_2000_17 because: Fixed formatting
Member Avatar for nav33n 
$target_path="/home/install/trial";
$target_path=$target_path.basename($_FILES['uploaded']['name']);

target_path is not correct. You need to have a "/" after trial. Else, target_path will be like this.
home/install/trialfilename.(in short, it will upload (if it does) it in install directory.)
Strangely, It still uploads even if I dont give anything in upload_tmp_dir. I am sorry ! I give up.

Member Avatar for carobee 
$target_path="/home/install/trial";
$target_path=$target_path.basename($_FILES['uploaded']['name']);

target_path is not correct. You need to have a "/" after trial. Else, target_path will be like this.
home/install/trialfilename.(in short, it will upload (if it does) it in install directory.)
Strangely, It still uploads even if I dont give anything in upload_tmp_dir. I am sorry ! I give up.

anywayz thanks

Member Avatar for carobee

can anybody help to resolve this problem?

Member Avatar for carobee

i found the solution... the tmp directory was the main evil here.. i gave 0777 permissions to the tmp ... n whoa everything is solved..

Member Avatar for nav33n

i found the solution... the tmp directory was the main evil here.. i gave 0777 permissions to the tmp ... n whoa everything is solved..

Wow! Congrats ! :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.