Posted by Steven Altsman on 03/16/05 20:15

Files under 2.5 megs will go into the database just fine, any thing over
that will return the page without errors, but will not be injected into the
database. Not even a record is created.

Edited PHP.INI to allow up to 40M of data to be uploaded. Set the script
timeout to be 9000 seconds. Set the script operational memory to 80M. I
did a print_r of $_FILES and the results show that there is a file in the
tmp directory, but I'm not sure after that if there is a problem with mcrypt
or MySQL. I did read something about a limitation of MySQL and max packet
size between server and client, but only 4.1 or less is mentioned with that.
I also switched from the fopen/fread combo and did file_get_contents
instead, as it was recommended to be more efficient.

http://us4.php.net/fopen
http://us4.php.net/fread
http://us4.php.net/file_get_contents
http://us3.php.net/mcrypt
http://us3.php.net/features.file-upload
http://us3.php.net/print_r

http://www.ispirer.com/doc/sqlways38/Output/SQLWays-1-195.html
http://www.totalchoicehosting.com/forums/lofiversion/index.php/t10276.html
http://www.chipmunk-scripts.com/board/index.php?forumID=27&ID=1674
http://scripts.franciscocharrua.com/database-file-upload-download.php
http://www.hotscripts.com/Detailed/33694.html

http://www.google.com

If there is any other links to M's that I haven't R'ed, please let me know.
Otherwise I'm clueless. Google gives me a metric tonne of information, but
it is mostly people asking the same question I am with recommendations on
editing the PHP.INI. Obviously this is a useful script that many people
have written in their own way for their own needs, and I'm sure they've run
into the same problem I'm encountering now.

Using MySQL 5.0.2, PHP 5, newest mcrypt, mhash, Apache 2, FC 3, it is on
port 443 with a valid SSL cert, and if you need to know any other version or
variable info I will gladly provide it.


-=-=-=-=-=-=- /docs/phpinfo.php -=-=-=-=-=-

allow_call_time_pass_reference On On
allow_url_fopen On On
always_populate_raw_post_data Off Off
arg_separator.input & &
arg_separator.output & &
asp_tags Off Off
auto_append_file no value no value
auto_globals_jit On On
auto_prepend_file no value no value
browscap no value no value
default_charset no value no value
default_mimetype text/html text/html
define_syslog_variables Off Off
disable_classes no value no value
disable_functions no value no value
display_errors On On
display_startup_errors Off Off
doc_root no value no value
docref_ext no value no value
docref_root no value no value
enable_dl On On
error_append_string no value no value
error_log no value no value
error_prepend_string no value no value
error_reporting 2039 2039
expose_php On On
extension_dir ./ ./
file_uploads On On
>8 ----- >8 ----- >8
html_errors On On
ignore_repeated_errors Off Off
ignore_repeated_source Off Off
ignore_user_abort Off Off
implicit_flush Off Off
include_path .:/usr/local/php//lib/php .:/usr/local/php//lib/php
log_errors On On
log_errors_max_len 1024 1024
magic_quotes_gpc On On
magic_quotes_runtime Off Off
magic_quotes_sybase Off Off
mail.force_extra_parameters no value no value
max_execution_time 9000 9000
max_input_time 9000 9000
open_basedir no value no value
output_buffering no value no value
output_handler no value no value
post_max_size 40M 40M
precision 12 12
register_argc_argv On On
register_globals Off Off
register_long_arrays On On
report_memleaks On On
report_zend_debug On On
safe_mode Off Off
safe_mode_exec_dir no value no value
safe_mode_gid Off Off
safe_mode_include_dir no value no value
>8 ----- >8 ----- >8
serialize_precision 100 100
short_open_tag On On
SMTP localhost localhost
smtp_port 25 25
sql.safe_mode Off Off
track_errors Off Off
unserialize_callback_func no value no value
upload_max_filesize 40M 40M
upload_tmp_dir no value no value
user_dir no value no value
variables_order EGPCS EGPCS

-=-=-=-=-=-=-=- My Script -=-=-=-=-=-=-=-=-

foreach($_FILES['binFile']['name'] as $k => $v)

{
// Variable-ize all of the attributes of the file object
$binFile[$k] = $_FILES['binFile'][$k];
$binFile_name[$k] = $_FILES['binFile']['name'][$k];
$binFile_size[$k] = $_FILES['binFile']['size'][$k];
$binFile_type[$k] = $_FILES['binFile']['type'][$k];
$binFile_tmp[$k] = $_FILES['binFile']['tmp_name'][$k];
// Get sender information
$author = $_SESSION['tehNam'];
$recipient = strtolower($_POST['email']);
// Tracking information on the file
$date_submitted[$k] = date('Y-m-d H:i:s');
$txtDescription[$k] = $_POST['txtDescription'][$k];
$binFile_unique[$k] =
md5($author.$txtDescription[$k].$binFile_name[$k]);
}

foreach($_FILES['binFile']['name'] as $k => $v)
{
// Generate hash for user-logn
$access_name = md5(strtolower($_POST['email']));

// Generate pssword for account
$teh_key = strtolower(genpassword());

// ok, let's get the uploaded data and insert it into the db
now
$data = file_get_contents($binFile_tmp[$k]);

$key = $teh_key;
$input = $data;

$td = mcrypt_module_open('twofish', '', 'ecb', '');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td),
MCRYPT_RAND);

mcrypt_generic_init($td, $key, $iv);

$encrypted_data = mcrypt_generic($td, $input);

mcrypt_generic_deinit($td);
mcrypt_module_close($td);

$strDescription = addslashes(nl2br($txtDescription));

$email_id = date('dmYsiH');

$sql = "INSERT INTO file_table ";
$sql .= "(category, description, ingredients, recipient,
filesize, author, file_name, date_submitted, unique_id, email_id)";
$sql .= "VALUES ('".$binFile_type[$k]."',
'".$txtDescription[$k]."', '".addslashes($encrypted_data)."',
'".md5($recipient);
$sql .= "', '".$binFile_size[$k]."', '".$author."',
'".$binFile_name[$k]."', '".$date_submitted[$k]."',
'".$binFile_unique[$k]."', '".$email_id."')";
$result = mysql_query($sql, $db);

-=-=-=-=-=-=-=-=- MySQL variables -=-=-=-=-=-=-=-=-

Variable_name Value
auto_increment_increment 1
auto_increment_offset 1
back_log 50
basedir /
binlog_cache_size 32768
bulk_insert_buffer_size 8388608
character_set_client utf8
character_set_connection utf8
character_set_database latin1
character_set_results utf8
character_set_server latin1
character_set_system utf8
character_sets_dir /usr/share/mysql/charsets/
collation_connection utf8_general_ci
collation_database latin1_swedish_ci
collation_server latin1_swedish_ci
concurrent_insert ON
connect_timeout 5
datadir /var/lib/mysql/
date_format %Y-%m-%d
datetime_format %Y-%m-%d %H:%i:%s
default_week_format 0
delay_key_write ON
delayed_insert_limit 100
delayed_insert_timeout 300
delayed_queue_size 1000
expire_logs_days 0
flush OFF
flush_time 0
ft_boolean_syntax + -><()~*:""&|
ft_max_word_len 84
ft_min_word_len 4
ft_query_expansion_limit 20
ft_stopword_file (built-in)
group_concat_max_len 1024
have_archive NO
have_bdb NO
have_compress YES
have_crypt YES
have_csv NO
have_example_engine NO
have_geometry YES
have_innodb YES
have_isam NO
have_ndbcluster NO
have_openssl NO
have_query_cache YES
have_raid NO
have_rtree_keys YES
have_symlink YES
init_connect (null)
init_file (null)
init_slave (null)
innodb_additional_mem_pool_size 1048576
innodb_autoextend_increment 8
innodb_buffer_pool_awe_mem_mb 0
innodb_buffer_pool_size 8388608
innodb_data_file_path ibdata1:10M:autoextend
innodb_data_home_dir (null)
innodb_fast_shutdown ON
innodb_file_io_threads 4
innodb_file_per_table OFF
innodb_locks_unsafe_for_binlog OFF
innodb_flush_log_at_trx_commit 1
innodb_flush_method (null)
innodb_force_recovery 0
innodb_lock_wait_timeout 50
innodb_log_arch_dir (null)
innodb_log_archive OFF
innodb_log_buffer_size 1048576
innodb_log_file_size 5242880
innodb_log_files_in_group 2
innodb_log_group_home_dir ./
innodb_max_dirty_pages_pct 90
innodb_max_purge_lag 0
innodb_table_locks ON
innodb_max_purge_lag 0
innodb_mirrored_log_groups 1
innodb_open_files 300
innodb_thread_concurrency 8
interactive_timeout 1000000
join_buffer_size 131072
key_buffer_size 8388600
key_cache_age_threshold 300
key_cache_block_size 1024
key_cache_division_limit 100
language /usr/share/mysql/english/
large_files_support ON
license GPL
local_infile ON
locked_in_memory OFF
log OFF
log_bin OFF
log_error (null)
log_slave_updates OFF
log_slow_queries OFF
log_update OFF
log_warnings 1
long_query_time 10
low_priority_updates OFF
lower_case_file_system OFF
lower_case_table_names 0
max_allowed_packet 1048576
max_binlog_cache_size 4294967295
max_binlog_size 1073741824
max_connect_errors 10
max_connections 100
max_delayed_threads 20
max_error_count 64
max_heap_table_size 16777216
max_insert_delayed_threads 20
max_join_size 4294967295
max_length_for_sort_data 1024
max_relay_log_size 0
max_seeks_for_key 4294967295
max_sort_length 1024
max_tmp_tables 32
max_user_connections 0
max_write_lock_count 4294967295
myisam_data_pointer_size 4
myisam_max_extra_sort_file_size 2147483648
myisam_max_sort_file_size 2147483647
myisam_recover_options OFF
myisam_repair_threads 1
myisam_sort_buffer_size 8388608
net_buffer_length 16384
net_read_timeout 30
net_retry_count 10
net_write_timeout 60
new OFF
old_passwords OFF
open_files_limit 1024
optimizer_prune_level 1
optimizer_search_depth 62
pid_file /var/lib/mysql/dom.pid
port 3306
preload_buffer_size 32768
protocol_version 10
query_alloc_block_size 8192
query_cache_limit 1048576
query_cache_min_res_unit 4096
query_cache_size 0
query_cache_type ON
query_cache_wlock_invalidate OFF
query_prealloc_size 8192
range_alloc_block_size 2048
read_buffer_size 131072
read_only OFF
read_rnd_buffer_size 262144
relay_log_purge ON
rpl_recovery_rank 0
secure_auth OFF
server_id 0
skip_external_locking ON
skip_networking OFF
skip_show_database OFF
slave_net_timeout 3600
slow_launch_time 2
socket /var/lib/mysql/mysql.sock
sort_buffer_size 2097144
sql_mode (null)
storage_engine MyISAM
sync_binlog 0
sync_frm ON
system_time_zone CST
table_cache 64
table_type MyISAM
thread_cache_size 0
thread_stack 126976
time_format %H:%i:%s
time_zone SYSTEM
tmp_table_size 33554432
tmpdir (null)
transaction_alloc_block_size 8192
transaction_prealloc_size 4096
tx_isolation REPEATABLE-READ
updatable_views_with_limit YES
version 5.0.2-alpha-standard
version_comment Official MySQL RPM
version_compile_machine i686
version_compile_os pc-linux
wait_timeout 28800

[Back to original message]