Clever Geek Handbook

XAMPP centos downloaded files from PHP not showing

I am running xampp 5.6.8

on a Centos 7

dedicated computer. I developed a Simple script to upload any file to a server via PHP on a machine, the PHP code is:

<?php
if (is_uploaded_file($_FILES['uploadfile']['tmp_name'])) {
   echo "File ". $_FILES['uploadfile']['name'].'-'.$_FILES['uploadfile']["tmp_name"]." - uploaded successfully.<br>";
   echo disk_free_space('/');
}
?>

<html>
<head>
    <title>test</title>
</head>
<body>
    <div style="text-align:center;">
        <form action="" method="post" enctype="multipart/form-data">
            <input name="uploadfile" type="file">
            <input name="sendfile" value="upload" type="submit">
        </form>
    </div>
</body>
</html>

when I submit a sample file the echo returns:

Sample.txt file - / opt / lampp / temp / phpD58n0L - loaded successfully.

Some information and facts:

  • When I include xampp

    when running it daemon

    user
  • /opt/lampp/temp/

    directory belongs daemon:daemon

    tochown command

  • /opt/lampp/temp/

    770 permissions installed
  • php.ini

    to allow files up to 128MB in size and the download directory /opt/lampp/temp/

+3


source to share


1 answer


Usage is_uploaded_file()

just checks if the file is loaded or not. It won't move it anywhere from your / temp / directory. You can look at the manual when uploading POST . Example:

$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

That is, you have to use move_uploaded_file()

to move the download to where it belongs. Otherwise, the manual says, explaining why you can't find files in the / temp / directory:

The file will be removed from the temp directory at the end of the request, unless it was deleted or renamed.



The is_uploaded_file () function is a security check for file origin and everything it ever does. You can use it along with move_uploaded_file()

, for example, like this:

if (is_uploaded_file($_FILES['userfile']['tmp_name'])) { 
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $destination_file)) {
        // Was moved
    }
    else {
        // Wasn't moved
    }
else {
    // Wasn't valid
}

This can be overkill with regular file additions and movements, but I notice in the comments in the manual that I move_uploaded_file()

will perform this check anyway.

+1


source






More articles:


All Articles