PHP and MySQL Image Uploader

Truck

Hi,
I have created an image uploader for a website. Its not online yet, im testing it using WAMP Server. Everything is working fine up until I submit the image, its displays the following error after clicking submit:

"403 Forbidden
You don't have permission to access /< on this server."

Any help would be great..

Adam

Truck wrote: »

Hi,
I have created an image uploader for a website. Its not online yet, im testing it using WAMP Server. Everything is working fine up until I submit the image, its displays the following error after clicking submit:

"403 Forbidden
You don't have permission to access /< on this server."

Any help would be great..

it's to do with where you're trying to upload the image to, it would seem you have the path incorrect. can you post the code?

Truck

Mirror wrote: »

it's to do with where you're trying to upload the image to, it would seem you have the path incorrect. can you post the code?

OK heres the php code, the uploaded image will be stored in the MySQL database called 'Gallery', and in a table called 'ae_gallery'

[PHP]
<?php
$db_host = 'localhost';
$db_user = 'xxxxxxxx';
$db_pwd = 'xxxxxxxx';

$database = 'Gallery';
$table = 'ae_gallery';
// use the same name as SQL table

$password = '123';
// simple upload restriction,
// to disallow uploading to everyone


if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Cant connect to database");

if (!mysql_select_db($database))
die("Cant select database");

// This function makes usage of
// $_GET, $_POST, etc... variables
// completly safe in SQL queries
function sql_safe($s)
{
if (get_magic_quotes_gpc())
$s = stripslashes($s);

return mysql_real_escape_string($s);
}

// If user pressed submit in one of the forms
if ($_SERVER == 'POST')
{
// cleaning title field
$title = trim(sql_safe($_POST));

if ($title == '') // if title is not set
$title = '(empty title)';// use (empty title) string

if ($_POST != $password) // cheking passwors
$msg = 'Error: wrong upload password';
else
{
if (isset($_FILES))
{
@list(, , $imtype, ) = getimagesize($_FILES);
// Get image type.
// We use @ to omit errors

if ($imtype == 3) // cheking image type
$ext="png"; // to use it later in HTTP headers
elseif ($imtype == 2)
$ext="jpeg";
elseif ($imtype == 1)
$ext="gif";
else
$msg = 'Error: unknown file format';

if (!isset($msg)) // If there was no error
{
$data = file_get_contents($_FILES);
$data = mysql_real_escape_string($data);
// Preparing data to be used in MySQL query

mysql_query("INSERT INTO {$table}
SET ext='$ext', title='$title',
data='$data'");

$msg = 'Success: image uploaded';
}
}
elseif (isset($_GET)) // isset(..title) needed
$msg = 'Error: file not loaded';// to make sure weve using
// upload form, not form
// for deletion


if (isset($_POST)) // If used selected some photo to delete
{ // in 'uploaded images form';
$id = intval($_POST);
mysql_query("DELETE FROM {$table} WHERE id=$id");
$msg = 'Photo deleted';
}
}
}
elseif (isset($_GET))
{
$id = intval($_GET);

$result = mysql_query("SELECT ext, UNIX_TIMESTAMP(image_time), data
FROM {$table}
WHERE id=$id LIMIT 1");

if (mysql_num_rows($result) == 0)
die('no image');

list($ext, $image_time, $data) = mysql_fetch_row($result);

$send_304 = false;
if (php_sapi_name() == 'apache') {
// if our web server is apache
// we get check HTTP
// If-Modified-Since header
// and do not send image
// if there is a cached version

$ar = apache_request_headers();
if (isset($ar) && // If-Modified-Since should exists
($ar != '') && // not empty
(strtotime($ar) >= $image_time)) // and grater than
$send_304 = true; // image_time
}


if ($send_304)
{
// Sending 304 response to browser
// "Browser, your cached version of image is OK
// we're not sending anything new to you"
header('Last-Modified: '.gmdate('D, d M Y H:i:s', $ts).' GMT', true, 304);

exit(); // bye-bye
}

// outputing Last-Modified header
header('Last-Modified: '.gmdate('D, d M Y H:i:s', $image_time).' GMT',
true, 200);

// Set expiration time +1 year
// We do not have any photo re-uploading
// so, browser may cache this photo for quite a long time
header('Expires: '.gmdate('D, d M Y H:i:s', $image_time + 86400*365).' GMT',
true, 200);

// outputing HTTP headers
header('Content-Length: '.strlen($data));
header("Content-type: image/{$ext}");

// outputing image
echo $data;
exit();
}
?>
<html><head>
<title>MySQL Blob Image Gallery Example</title>
</head>
<body>
<?php
if (isset($msg)) // this is special section for
// outputing message
{
?>
<p style="font-weight: bold;"><?=$msg?>
<br>
<a href="<?=$PHP_SELF?>">reload page</a>
<!-- I've added reloading link, because
refreshing POST queries is not good idea -->
</p>
<?php
}
?>
<h1>Blob image gallery</h1>
<h2>Uploaded images:</h2>
<form action="<?=$PHP_SELF?>" method="post">
<!-- This form is used for image deletion -->

<?php
$result = mysql_query("SELECT id, image_time, title FROM {$table} ORDER BY id DESC");
if (mysql_num_rows($result) == 0) // table is empty
echo '<ul><li>No images loaded</li></ul>';
else
{
echo '<ul>';
while(list($id, $image_time, $title) = mysql_fetch_row($result))
{
// outputing list
echo "<li><input type='radio' name='del' value='{$id}'>";
echo "<a href='{$PHP_SELF}?show={$id}'>{$title}</a> – ";
echo "<small>{$image_time}</small></li>";
}

echo '</ul>';

echo '<label for="password">Password:</label><br>';
echo '<input type="password" name="password" id="password"><br><br>';

echo '<input type="submit" value="Delete selected">';
}
?>

</form>
<h2>Upload new image:</h2>
<form action="<?=$PHP_SELF?>" method="POST" enctype="multipart/form-data">
<label for="title">Title:</label><br>
<input type="text" name="title" id="title" size="64"><br><br>

<label for="photo">Photo:</label><br>
<input type="file" name="photo" id="photo"><br><br>

<label for="password">Password:</label><br>
<input type="password" name="password" id="password"><br><br>

<input type="submit" value="upload">
</form>
</body>
</html>
[/PHP]

seamus

Also post up the raw HTML for the upload form.

Truck

seamus wrote: »

Also post up the raw HTML for the upload form.

The html upload form is in the php file towards the end

Adam

the code is good, and i've tested it, it works. and with no 403 error for me...so with know intricate knowledge of the how or why, i would assume it is to do with your wamp setup.

seamus

I know

But it's always good to see what's popped out. Specifically, I'm looking at the less-than sign that it's in the error message you're getting.

403 is an http error. You'd usually only get this when you try to access a webpage/directory to which you don't have access. Errors with image uploads don't generate HTTP error messages (because it's a filesytem operation).

Adam

seamus wrote: »

I know

But it's always good to see what's popped out. Specifically, I'm looking at the less-than sign that it's in the error message you're getting.

403 is an http error. You'd usually only get this when you try to access a webpage/directory to which you don't have access. Errors with image uploads don't generate HTTP error messages (because it's a filesytem operation).

agreed, i initially asked because i assumed he was using folders rather than a database and was perhaps trying to access the image once it was uploaded.

Truck

Mirror wrote: »

the code is good, and i've tested it, it works. and with no 403 error for me...so with know intricate knowledge of the how or why, i would assume it is to do with your wamp setup.

Thanks Mirror, good to know the code is working. I'll have a look at the WAMP setup now.

Adam

Truck wrote: »

Thanks Mirror, good to know the code is working. I'll have a look at the WAMP setup now.

if you fancy going the easy route, look up Xampp, by far the easiest dev env i've ever used, one-click installer and your away.

sicruise

Are you sure the URL you are trying to access isn't actually just password protected?

Use http://httpd.apache.org/docs/1.3/howto/auth.html#basicconfig to check your config.

Truck

At last ive got it !

Apparently I was'nt using full tags <?php ... ?>
So in my php.ini from the wamp server I changed the settings

Short_open_tag = on
Short_open_tag = on
Allow Asp-Style <%%>tags
Asp_tags = on

It then works fine !

seamus

Personal preference, I'd recommend always using the long opening tags.