Home > Software design >  PHP move_uploaded_file fail to upload file
PHP move_uploaded_file fail to upload file

Time:01-23

I have the below PHP code to upload files

           $uploadedFile = ''; 
            if(!empty($_FILES["file"]["name"])){ 
                // File path config 
                $fileName = $_FILES["file"]["name"]; 
                $targetFilePath = 'uploads/'.$fileName; 
                $fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION); 
                 
                // Allow certain file formats to upload 
                if(in_array($fileType, $allowTypes)){ 
                    // Upload file to the server 
                    
                    if(move_uploaded_file($_FILES["file"]["tmp_name"], $targetFilePath)){ 
                        $uploadedFile = $fileName; 
                        $uploadStatus = 1;
                    }else{ 
                        $uploadStatus = 0; 
                        $response['message'] = 'Sorry, there was an error uploading your file.'; 
                    } 
                }else{ 
                    $uploadStatus = 0; 
                    $response['message'] = 'Sorry, only '.implode('/', $allowTypes).' files are allowed to upload.'; 
                } 
            } 
             
            if($uploadStatus == 1){ 
                 
                // Insert form data in the database 
                $sqlInsertFilePath = "insert into soundexercises(filepath) values ('$targetFilePath')";
                $resultFilePath = pg_query($cn, $sqlInsertFilePath);

                if($resultFilePath){ 
                    $response['status'] = 1; 
                    $response['message'] = 'Form data submitted successfully!'; 
                } 
            } 
        }else{ 
         $response['message'] = 'Please fill all the mandatory fields.'; 

I get error

Sorry, there was an error uploading your file.

I check the error.log from my apache and I get the below

2023-01-22 16:19:25 [:error] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248] ModSecurity: Warning. Match of "rx ^$" against "FILES:file" required. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/000_i360_0.conf"] [line "158"] [id "77317957"] [msg "IM360 WAF: Track file upload||File:\\xe8\\x88\\x92\\xe6\\x9c\\x8d shufu.m4a||Size:20084||User:yskapell||SC:/var/www/vhosts/kaiqiaozhi.space/lxxxxxxx/exercises/upload_sound.php||T:APACHE||"] [severity "NOTICE"] [tag "service_i360custom"] [tag "noshow"] [hostname "xxxxxxx"] [uri "/exercises/upload_sound.php"] [unique_id "Y81F7YHZV4SyzQDeQqbhegAAAdM"], referer: https://xxxxxxx/admin/dashboard.php

2023-01-22 16:19:25 [:error] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248] ModSecurity: Warning. Match of "rx ^$" against "FILES_TMPNAMES:file" required. [file "/etc/httpd/conf/modsecurity.d/rules/comodo_free/000_i360_0.conf"] [line "158"] [id "77317957"] [msg "IM360 WAF: Track file upload||File:/tmp/20230122-161925-Y81F7YHZV4SyzQDeQqbhegAAAdM-file-2buepa||Size:20084||User:yskapell||SC:/var/www/vhosts/kaiqiaozhi.space/xxxxxxx/exercises/upload_sound.php||T:APACHE||"] [severity "NOTICE"] [tag "service_i360custom"] [tag "noshow"] [hostname "xxxxxxx"] [uri "/exercises/upload_sound.php"] [unique_id "Y81F7YHZV4SyzQDeQqbhegAAAdM"], referer: https://xxxxxxx/admin/dashboard.php

2023-01-22 16:19:25 [fcgid:warn] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] mod_fcgid: stderr: PHP Warning: move_uploaded_file(uploads/\xe8\x88\x92\xe6\x9c\x8d shufu.m4a): failed to open stream: No such file or directory in /var/www/vhosts/kaiqiaozhi.space/xxxxxxx/exercises/upload_sound.php on line 63, referer: https://xxxxxxx/admin/dashboard.php

2023-01-22 16:19:25 [fcgid:warn] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] mod_fcgid: stderr: PHP Warning: move_uploaded_file(): Unable to move '/tmp/phpvatIuu' to 'uploads/\xe8\x88\x92\xe6\x9c\x8d shufu.m4a' in /var/www/vhosts/kaiqiaozhi.space/xxxxxxx/exercises/upload_sound.php on line 63, referer: https://xxxxxxx/admin/dashboard.php
2023-01-22 16:19:25 [:error] [pid 18980:tid 140169504040704] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248:35136] [client 2a02:587:e919:9900:1f9d:65ab:b74b:4248] ModSecurity: Input filter: Failed to rename file from "/tmp/20230122-161925-Y81F7YHZV4SyzQDeQqbhegAAAdM-file-2buepa" to "/var/cache/modsec-upload/20230122-161925-Y81F7YHZV4SyzQDeQqbhegAAAdM-file-2buepa". [hostname "xxxxxxx"] [uri "/exercises/upload_sound.php"] [unique_id "Y81F7YHZV4SyzQDeQqbhegAAAdM"], referer: https://xxxxxxx/dashboard.php

I checked the permission on the upload folder and it's 755 with correct owner.

===UPDATE=== The $_FILES['file']['error'] return 0 .

1:0 {"status":0,"message":"Sorry, there was an error uploading your file.","results":"No results"}

CodePudding user response:

What happens when You provide full absolute path for the $targetFilePath instead of 'uploads/'.$fileName ?

There's also comodo security Modsecurity warning error in Your logs.

  • Related