Autor Zpráva
Mufna
Profil
Zdravím Vás. Mám vytvořenou administraci, kterou jsem zatím testoval na domácím EasyPHP a nyní to zkouším na ostrém hostingu. Na něm však mám následující problémy s uploadem fotek přes multiuploadovací formulář. Když odešlu vyplněný formulář (action="upload.php") obdržím tyto hlášky:


1. Warning: move_uploaded_file() [function.move-uploaded-file]: open_basedir restriction in effect. File(/tmp/phprH473z) is not within the allowed path(s): (/www/5/site40865/:.:/usr/share/php5/:/usr/share/php/) in /storage/www1/5/site40865/wwwroot/upload_multi.php on line 71

nebo

Warning: move_uploaded_file() [function.move-uploaded-file]: SAFE MODE Restriction in effect. The script whose uid/gid is 40865/40865 is not allowed to access / owned by uid/gid 0/0 in /storage/www1/5/site40865/wwwroot/upload_multi.php on line 71

2.

Warning: move_uploaded_file(photos//omnia_hotel_i_-_001.jpg) [function.move-uploaded-file]: failed to open stream: Permission denied in /storage/www1/5/site40865/wwwroot/upload_multi.php on line
71


řádek 71 mého skriptu je:

move_uploaded_file($_FILES['userfile']['tmp_name'][$key], $script_photos_dir."/".$new_name);

$script_photos_dir je definován v config.php takto:

$script_photos_dir='photos/';

dále pak v configu je toto:

$upload_mode='STD'; # STD / FTP

$upload_max_size=524288;
$upload_photos_dir='/storage/www1/5/site40865/wwwroot/';
$upload_tns_dir='/storage/www1/5/site40865/wwwroot/';

Pak jsou chyby "Division by zero", to je mi jasné, a na konci je ještě

Fatal error: Function name must be a string in /storage/www1/5/site40865/wwwroot/upload_multi.php on line 129


řádek 129 mám:
$src = $src_function($script_photos_dir."/".$new_name);

$src_funtion mám někde ve skriptu definovanou zvlášť pro různé typy obrázků (GIF, PNG, JPG)

if($image_type=="1") $src_function = "ImageCreateFromGIF"; atd.

Poradíte mi někdo, jak to mám upravit a včem je problém ? Předem díky !
peta
Profil
"Warning: move_uploaded_file()"
"File(/tmp/phprH473z) is not within the allowed path"
- chyba v pravech pro funkci, neni ti dovoleno pracovat s adresarem problem hostingu
"SAFE MODE Restriction in effect. The script whose uid/gid is 40865/40865 is not allowed to access / owned by uid/gid 0/0"
- dusledek prvni chyby, nemas pristup k souboru
"failed to open stream: Permission denied"
- oteviras neexistujici soubor (protoze predchozi pokus nic nenasel)

"Fatal error: Function name must be a string in"
$src = $src_function($script_photos_dir."/".$new_name);
if($image_type=="1") $src_function = "ImageCreateFromGIF";
v tom pripade...
http://www.volny.cz/peter.mlich/www.htm#msub11
# www.volny.cz/peter.mlich (zdroj: ppgal.rar)
Je to upravena galerie tusim z interval.cz
(nevim, jestli to mam stejne, ale asi trochu jinak)


co tenhle upload?


<?php
@ini_set("error_reporting", E_ALL);
@ini_set("display_errors", "on");
error_reporting(E_ALL); //chyby = on



function copy2($Xfile1,$Xfile2)
{
$f1 = fopen($Xfile1,"r");
$d1 = fread($f1, filesize($Xfile1));
$f2 = fopen($Xfile2,"w");
fwrite($f2, $d1, filesize($Xfile2));
fclose($f1);
fclose($f2);
}



// --- dir info ---
//user_dir | open_basedir
$a = "upload_tmp_dir";
$b = "upload_max_filesize";
$c = "url";
$dir = array(
'current' => getcwd(),
'base' => ini_get("open_basedir"), //home
'upl_tmp' => ini_get($a) ? ini_get($a) : get_cfg_var($a),//temp
'upl_size'=> ini_get($b) ? ini_get($b) : get_cfg_var($b),//size
'this' => (isset($_GET[$c])) ? urldecode($_GET[$c]) : ((isset($_POST[$c]) ? $_POST[$c] : ""))
);
$dir['this'] = substr($dir['this'],-1)=="/" ? substr($dir['this'],0,-1) : $dir['this']; //remove last /


//$x = explode("/",$dir['this']);
//$y = count($x)-1;
//if ($x[$y]==".." && isset($x[$y-1]) && $x[$y-1]!="..") {unset//($x[$y]);unset($x[$y-1]); $dir['this']=implode("/",$x);}

$x = $dir['this'];
$x = ereg_replace("//+","",$x); //odmazat //
$x = ereg_replace("(/.)+/","/",$x); //odmazat ./
$x = ereg_replace("([^/]..)+/","/",$x); //odmazat neco/..
/*
$x = explode("/",$x);
for ($i=count($x)-1;$i>=0;$i--) //odmazat "neco/.."
{
if (isset($x[$i]) && $x[$i]==".." && isset($x[$i-1]) && $x[$i-1]!="..")
{unset($x[$i]); unset($x[$i-1]);}
}
$dir['this'] = implode("/",$x);
*/
$dir['this']=$x;
if ($dir['this']=="") {$dir['this'] = ".";}
if (substr($dir['this'],0,2)=="..") {$dir['this'] = ".";} //zakaz prochazeni nadrazenych slozek


$dir['to'] = $dir['this']."/";

// --- dir info print ---
$t = "<pre>";
$a = $dir['base'];
$t.= "\ndir base = ".sprintf("%-38s",$a)." \tlaws = ".substr(sprintf('%o', fileperms($a)), -3);
$a = $dir['current'];
$t.= "\ndir getcwd() = ".sprintf("%-38s",$a)." \tlaws = ".substr(sprintf('%o', fileperms($a)), -3);
$a = $dir['upl_tmp'];
$t.= "\ndir upload TMP = ".sprintf("%-38s",$a)." \tlaws = ".substr(sprintf('%o', fileperms($a)), -3). "\t maxsize = ".$dir['upl_size'];
$a = $dir['to'];
$t.= "\ndir upload to = ".sprintf("%-38s",$a)." \tlaws = ".substr(sprintf('%o', fileperms($dir['to'])), -3);
//chmod($dir['to'],0777);
//$t.= "\nupload to (777) = ".$dir['to'] ."\tlaws = ".substr(sprintf('%o', fileperms($dir['to'])), -3);
$t.= "</pre>";
$print_dirinfo = $t;



$a = "action";
$action = isset($_POST[$a]) ? $_POST[$a]*1 : 0;
$print_upload = "";
$print_perms = "";
$print_delete = "";
//XXX ! POZOR, toto je nebezpecne, radeji bych nahraval pouze podle prav, ktere jsou nastaveny!
//nastav prava adresare na 777
//$old = umask(0);
//@chmod($dir['to'],0777);
if ($action===2)
{
// --- upload ---
$a = "file0";
$file = isset($_FILES[$a])?$_FILES[$a]: (isset($HTTP_POST_FILES[$a])?$HTTP_POST_FILES[$a]:"");
$old = umask(0);
@chmod($dir['to'],0777); //nastav prava adresare na 777
if (isset($file['tmp_name']) && is_uploaded_file($file['tmp_name']))
{
$from = $file['tmp_name'];
$to = $dir['to'].$file['name'];
$print_upload.= $file['name'].", ";
move_uploaded_file($from,$to) || copy($from,$to) || copy2($from,$to);
@chmod($to,0666);
}
}

if ($action===1)
{
// --- change laws ---
$arr_perms = array (
"or","ow","ox",
"gr","gw","gx",
"wr","ww","wx"
);
$perms = array();
foreach ($arr_perms as $key=>$value)
{$perms[$key] = isset($_POST[$value]) ? $_POST[$value]*1 : 0;}
$perms =
$perms[0]*0x0100 + $perms[1]*0x0080 + $perms[2]*0x0040 +
$perms[3]*0x0020 + $perms[4]*0x0010 + $perms[5]*0x0008 +
$perms[6]*0x0004 + $perms[7]*0x0002 + $perms[8]*0x0001;
$a = "ch";
foreach ($_POST as $key=>$value)
{if (ereg('^ch[0-9]+$',$key)) {chmod($dir['to'].$value,$perms); $print_perms.= $value.", ";}
}
}

if ($action===3)
{
// --- delete files ---
foreach ($_POST as $key=>$value)
{if (ereg('^ch[0-9]+$',$key)) {unlink($dir['to'].$value);$print_delete.= $value.", ";}
}
}
//XXX vrat prava adresare na puvodni
//umask($old);
$print_upload = $print_upload!="" ? "Uploaded files: ".$print_upload : "";
$print_perms = $print_perms!="" ? "Change laws on files: ".$print_perms : "";
$print_delete = $print_delete!="" ? "Deleted files: ".$print_delete : "";

// --- directories / files get ---
$dirhandle = opendir($dir['to']);
$files = array();
$dirs = array();
while ($rec = readdir($dirhandle))
{
if ($rec!=="")
{
if (is_dir($dir['to'].$rec))
{if ($rec!=".") {$dirs[] = $rec;}}
else {$files[] = $rec;}
}
}
closedir($dirhandle);
sort($dirs);
sort($files);

// --- directories / files print ---
$dirX = $dir['this']=="." ? "" : $dir['this']."/";
$t = "\n<ul class=\"tree\">";
$t.="\n<li class=\"o\"><i>".substr(sprintf('%o', fileperms($dir['this'])), -3)."</i> <b>".$dir['this']. "</b>".($dir['base']!=""?"(".$dir['base'].")":"") ."</li>";
$t.="\n<li class=\"c\"><i>".substr(sprintf('%o', fileperms("./")), -3)."</i> <a href=\"./upl.php\">. HOME \"upl.php\"</a></li>";
foreach ($dirs as $key => $value)
{$t.="\n<li class=\"c\"><i>".substr(sprintf('%o', fileperms($dirX.$value)), -3)."</i> <a href=\"./upl.php?".$c."=".urlencode($dirX.$value)."\">".$value."</a></ li>";}
foreach ($files as $key => $value)
{$t.="\n<li class=\"i\">"."<input type=\"checkbox\" value=\"$value\" name=\"ch$key\"/>\n<i>".substr(sprintf('%o', fileperms($dirX.$value)), -3)."</i> <a href=\"".$dirX.urlencode($value)."\">".$value."</a></li>";}
$t.= "\n</ul>";
$print_dirlist = $t;

//phpinfo();
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

Vaše odpověď

Mohlo by se hodit


Prosím používejte diakritiku a interpunkci.

Ochrana proti spamu. Napište prosím číslo dvě-sta čtyřicet-sedm: