got this strange situation:
my php script correctly uploads image files and renames them as long as they are the designated, png/gif/jpeg files.
BUT! when i upload a non image file eg. .php or .html [ for testing / hackers ] the first upload is rejected as expected and my own constucted error is issued - so far so good but this is what happens next if:
1) i upload the nxt/2nd file, if the next file is a permitted image file no problems. 2) i upload the next/2nd file AND if this 2nd file is also non-permitted image file ie. two-consequetive non-allowed uploads the script stops execution with the correct recall of the script/url in the browser with a 403 - submision error ???
- if i do browser refresh, same 403 error persists.
- if i click into url and press return the script runs 'a new' with all previous field values being emptied.
( i have changed the permission on the non-image files being uploaded to 777 just to enusre that this is not the cause - but same error persists )
how do i resolve this??? - could this be my problem with my own code? - or a problem with html/php internal workings? - what else could this be, any body faced similar probs??
thank you.
--- for those who wants the code - showing just the important bits..
<form name="sellerscript" action="" method="POST" enctype="multipart/form-data">
<input type="file" name="upload3" id="f3" size="40" />
<input value="Image Upload/Adjust" name="imgupload" type="submit"> <br>
<input type="hidden" name="turn" value="<?php echo $round;?>" />
<input name="fn3h" type="hidden" value="<?php echo $fn3; ?>" />
<input name="uf3h" type="hidden" value="<?php echo $uf3; ?>" />
--- php --
//================ UPLOAD FILES VARS =[ only foto/image 3 used ===========
$allowed = array( 'image/gif' , 'image/png' , 'image/jpeg' , 'image/pjpeg' );
$fname=$fname2=$fname3='';
$uploaded1=$uploaded2=$uploaded3=$auto_insertid=FALSE;
$uid1=$uid2=$uid3=''; // id for uploads table
$currentf1=$currentf2=$currentf3=''; //-- present loaded fname
//-- upload processing
if ( !isset($_POST['rmp3']) && $removep3h!='Yes') //not enter whn prev.file.beng remvd
{
//-- echo '<br>image 3 being uploaded:name+'.$_FILES['upload3']['name'].'<br>' ;
if ( isset($_FILES['upload3']) )
{
if ( ( ($_FILES['upload3']['name']!="" ) || ($_FILES['upload3']['name']!=NULL ) ) && ($_FILES['upload3']['size'] <= 1524288 ) ) { $uf3=$_FILES['upload3']['name']; // users own name of last uploaded file;
//--echo "<br> _________ file under 520k --upload permitted file---------";
///////////////////////////////
above all seems to be working except: when two files that are othher than png/gif/jpeg uploaded consequetive one after the next - the 403 error occurs.
files are: [root@myhost Desktop]# ls -l *.png -rwxrwxrwx 1 root root 27342 Oct 30 18:46 a1-banner5.png -rwxrwxrwx 1 root root 31812 Nov 11 23:31 a1-credit.png # -rwxrwxrwx 1 arif arif 1418 Oct 8 2011 2851auto.gif -rwxrwxrwx 1 root root 2321 Oct 8 2011 btf2.gif
-rwxrwxrwx 1 root root 46321 Oct 22 23:35 ez-calc.html
-rwxrwxrwx 1 root root 25958 Oct 25 23:58 dixonhome.html -rwxrwxrwx 1 root root 24883 Oct 26 00:01 dixons-home.html
note: all image files upload in all sequences without problems except [a1-banner5.png] - this prodouces same issue if it is uploaded AS THE 2ND FILE following a non-image upload ie. 403 error. other hrml files being yploaded consequitively produce 403 error.
files uploded from: drwxr-xr-x 26 root www-data 4096 Feb 13 20:38 Desktop files uploaded to: drwxrwxrw- 2 www-data www-data 4096 Feb 17 23:45 uploads temporary directory: drwxrwxrwx 47 root www-data 12288 Feb 18 00:25 tmp (tried root as the grp - same err)
error:url + 403
www.testdomain/domainsite/sellerscript.php
403 Forbidden Access to this resource on the server is denied! Powered By LiteSpeed Web Server LiteSpeed Technologies is not responsible for administration and contents of this web site!
also when script runs perfect with image only uploads: url:
wwww.testdomain/domainsite/sellerscript.php
The file > Photo-3/btf2.gif has been uploaded!
[ note: both urls are the same !]
i hope this is enough iformation for someone to spot the problem.
Thank you.