PHP image upload script not working

Informal
1

https://craftscientist.alphasystems.tech/super-admin/add-sub-category.php

When i upload the image iam getting an error called “file is not an image” but i have tested the same php upload script in my local server and it works file.
The weird thing the same upload script was working a day before when i tried uploading images and it was all fine but later in the day it stopped working and at 12.30 AM IST it was working again fine but now again it gives me the same error.
ive restricted image size to be below 1Mb and i use cloud flare protection.
Can i please know what is wrong , is there any limit to upload images using php scripts?
ive attacked my code used for image upload below
Thank you.

if (isset( $_POST["submit"])) {

	//accept form fields
	$mcatid = mysqli_real_escape_string( $connection, $_POST['mcatid'] );
	$mcname = mysqli_real_escape_string( $connection, $_POST['scname'] );
	if ( isset( $_POST["cdesc"] ) ) {
		$mcdesc = mysqli_real_escape_string( $connection, $_POST['cdesc'] );
	} else {
		$mcdesc = NULL;
	}
	$mcactive = mysqli_real_escape_string( $connection, $_POST['scstatus'] );
	//custom name for file
	$mcimgname = $_FILES["fileToUpload"]["name"];
	//file upload script
	$target_dir = "../uploads/scatimg/";
	$target_file = $target_dir . basename( $_FILES["fileToUpload"]["name"] );
	$uploadOk = 1;
	$imageFileType = strtolower( pathinfo( $target_file, PATHINFO_EXTENSION ) );
	
	//check if file already exists
	if ( file_exists( $target_file ) ) {
		$fmsg .= "file already exists, ";
		$uploadOk = 0;
	}
	//check file size
	elseif ( $_FILES[ "fileToUpload" ][ "size" ] > 1000000 ) {
		$fmsg .= "Image size is more then 1Mb, please upload smaller size image ";
		$uploadOk = 0;
	}

	//allowing certain file formats
	elseif ( $imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
		$fmsg .= "Only JPG,JPEG,PNG & GIF files are allowed";
		$uploadOk = 0;

	}
	else {
		//check if image is in actual size f fake size
		$check = getimagesize( $_FILES[ "fileToUpload" ][ "tmp_name" ] );
		if ( $check !== false ) {
			//$smsg.="File is an image-".$check["mime"].".";
			//$uploadOk=1;
			if ( move_uploaded_file( $_FILES[ "fileToUpload" ][ "tmp_name" ], $target_file) ) {
				$smsg .= "The File <small>" . basename( $_FILES[ "fileToUpload" ][ "name" ] ) . " </small>has been uploaded.";
				//insert into database
				$insertquery = "INSERT INTO scat (mcid, sname, sactive, sdesc, scimg) VALUES ('$mcatid', '$mcname', '$mcactive', '$mcdesc', '$mcimgname')";
				if ( mysqli_query( $connection, $insertquery ) ) {
					$smsg .= " Catagory Added";
				} else {
					$fmsg .= mysqli_error( $connection );
				}
			} else {
				$fmsg = "Sorry,there was an error  in uploading your file.";
			}
		} else {
			$fmsg .= "File is not an image.";
			$uploadOk = 0;

		}
	}
}
2

File upload and file sharing sites are not allowed on InfinityFree. Please remove this script from your website immediately.

3

ok ive removed it

4

Actually, I didn’t do any kind of file sharing in my webapp, those script is to only upload images to be stored and displayed in lander page. No sharing is involved.

5

I’m sorry, I just saw the upload code without any authentication checks and assumed it was public. If it’s just used by you to administer the website, then the upload script is no problem.

I’m not that familiar with how file/image processing is supposed to work in plain PHP. I checked the documentation of the getimagesize() function (which apparently incorrectly detects the image as invalid) and did see this warning:

This function expects filename to be a valid image file. If a non-image file is supplied, it may be incorrectly detected as an image and the function will return successfully, but the array may contain nonsensical values.

Do not use getimagesize() to check that a given file is a valid image. Use a purpose-built solution such as the Fileinfo extension instead.

Maybe using the recommended Fileinfo functions gives better results?

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.