file upload error fixing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    file upload error fixing

    I have a VPS, on my vps,

    This is my script To upload a MP3 file and Mp3 img Cover file Together. first it was worked fine but now it is not working it gives "ERR_CONNECTION_ABORTED" ERROR Please help Me on this uploading script

    PHP Code:
    include 'connect.php';
    if(isset(
    $_POST['sub'])){
    $t=$_POST['title'];
    $a=$_POST['artist'];
    $l=$_POST['lyrics'];
    $m=$_POST['music'];
    $c=$_POST['category'];

    //code for mp3 uploading
    if($_FILES['f1']['name']){
    move_uploaded_file($_FILES['f1']['tmp_name'], "files/".$_FILES['f1']['name']);
    $lname="files/".$_FILES['f1']['name'];
    $size =$_FILES['f1']['size'];


    }
    //code for cover uploading
    if($_FILES['f2']['name']){
    move_uploaded_file($_FILES['f2']['tmp_name'], "cover/".$_FILES['f2']['name']);
    $cv="cover/".$_FILES['f2']['name'];
    }



    $i="insert into files(title,artist,cover,lyrics,music,lname,size,c ategory)values('$t','$a','$cv','$l','$m','$lname', '$size','$c')";
    if(
    mysqli_query($con$i)){
    echo 
    " Your Mp3 is Uploaded successfully..! Please <b><a href='index.php'>Login!</a></b> to main Page.<br/><br/>";
    }


    #2
    ayesham This code should not be used at all, here's why:

    - There is absolutely no validation on files being uploaded even if it's behind some sort of admin panel. This will allow anyone to upload a malicious script to your sever and cause harm.
    - Your POST variables are not sanitised which potentially allows for mysql injection.

    I highly recommend you do some research on these topics before uploading your app to production. I would also recommend using a PHP framework which for the most part has basic security built in, give CodeIgniter 3 a shot it's very beginner friendly in my opinion.

    Comment


      #3
      When i'm uploading a mp3 file bellow massage is coming could anyone tell me why is this happening??

      " The webpage at http://mysite.com/upload.php might be temporarily down or it may have moved permanently to a new web address.

      ERR_CONNECTION_ABORTED"

      Comment


        #4
        A global sanitisation could be used in connect.php on POSTs / GETs / REQUESTs etc although not best practise to do so:
        PHP Code:
        if(isset($_GET)){foreach($_GET as $key=>$value){$_GET[$key]=mysqli_real_escape_string($con$value);}}
        if(isset(
        $_POST)){foreach($_POST as $key=>$value){$_POST[$key]=mysqli_real_escape_string($con$value);}}
        if(isset(
        $_REQUEST)){foreach($_REQUEST as $key=>$value){$_REQUEST[$key]=mysqli_real_escape_string($con$value);}} 


        The directory "cover" would hopefully be protected with .htaccess rules to prevent malicious files being executed:
        Code:
        RemoveHandler application/x-httpd-php .php
        <FilesMatch ".(php|php5|php4|php3|phtml|phpt)$">
        SetHandler x-httpd-php5-source
        </FilesMatch>
        <FilesMatch ".phps$">
        SetHandler x-httpd-php5-source
        </FilesMatch>
        <Files .htaccessl>
        Order Deny,Allow
        Deny from all
        </Files>
        RemoveType .pl .cgi .php .gif .php .jpg .php .png.php .php3 .php4 .php5 .xml .phtml .phtm .html .htm .wml .shtm .shtml
        RemoveHandler .pl .cgi .php .gif .php .jpg .php .png .php .php3 .php4 .php5 .xml .phtml .phtm .html .htm .wml .shtm .shtml


        The uploading issue is to do with your php settings... To find out what is wrong
        create a file info.php :
        PHP Code:
        <?
        phpinfo
        ();
        ?>
        open the file in a web browser and Search the page for "Upload" and you should be able to see if uploads are turned on/ max execution time / max_file_uploads / memory limit / upload_max_filesize

        Edit: it is more than likely: upload_max_filesize to small.

        After you have finished with info.php make sure you wither delete it or rename it to a non ".php" format eg: "info.phps" as it can be useful to hackers.
        Last edited by something else; 06.11.20, 23:52.

        Comment


          #5

          php info as follows
          max_execution_time 30 30
          max_file_uploads 20 20
          max_input_nesting_level 64 64
          max_input_time 60 60
          max_input_vars 1000 1000
          memory_limit 128M 128M
          open_basedir no value no value
          output_buffering 4096 4096
          output_encoding no value no value
          output_handler no value no value
          post_max_size 8M 8M
          precision 14 14

          Comment


            #6
            once updated .htaccess and log in to .php page it begins to download

            Comment


              #7
              Originally posted by ayesham View Post
              once updated .htaccess and log in to .php page it begins to download
              That .htaccess needs to be the directory named "cover" or any folder that uploads are stored ... it is meant to make you download the .php file rather than it be executed to prevent people uploading there own .php files or other formats that may cause issues.


              What is "upload_max_filesize" in phpinfo?

              and is "file_uploads" value "on"?

              Comment


                #8
                upload_max_filesize = 50M

                file_uploads = On

                Comment


                  #9
                  hmmm if you put:
                  PHP Code:
                  set_time_limit(0); 
                  At the top of your script does it do the same thing?

                  Comment


                    #10
                    Ok i will try

                    Comment


                      #11
                      Is there any way to develop ajax uploadingscript for same with progress bar animation.

                      Comment


                        #12
                        set_time_limit(0); same issue coming

                        " The webpage at http://mysite.com/upload.php might be temporarily down or it may have moved permanently to a new web address.

                        ERR_CONNECTION_ABORTED"

                        Comment


                          #13
                          Code:
                          RequestReadTimeout header=0 body=0
                          Required to be added to httpd.conf

                          Comment


                            #14
                            thanks bro

                            Comment

                            Working...
                            X