2016-08-02 108 views
1

我正在開發一種庫,其中用戶能夠上傳不同的文件,然後只發布那些需要的。重命名文件位置AJAX PHP

當用戶上傳一個或多個文件時,這些文件將存儲在臨時文件夾中。稍後,通過填寫表單,用戶可以發佈選定的文件。只要用戶推送提交按鈕,我想將文件從臨時文件夾移動到用戶建議的另一個文件夾。

目前,我可以創建建議的文件夾。不過,我得到了「拒絕訪問(代碼5)」的錯誤,並且這些文件沒有出現在新文件夾中。我已閱讀其他問題,併爲我的所有用戶在htdocs(XAMPP文件夾)內的所有文件夾添加了「讀取和寫入」權限。儘管如此,錯誤仍然出現。

我在一個AJAX文件中運行這個腳本(如下面的JS代碼所示)。

這是我的代碼。希望你能幫助我,這可以幫助別人!比你

// When the form is submitted we want for the temp file to be moved to the directory chosen by the user 
 
\t \t $("form").submit(function(event) { 
 
\t \t \t $directory = $('#directory').val(); 
 
\t \t \t $file = $('#fileid').val(); 
 
\t \t \t $.ajax({ 
 

 
\t \t \t \t \t url:'ajax/rename.php', 
 
\t \t \t \t \t type:"POST", 
 
\t \t \t \t \t data:({ \t directory:$directory, 
 
\t \t \t \t \t \t \t file:$file 
 
\t \t \t \t \t \t }), 
 
\t \t \t \t \t success:function(data){ 
 
\t \t \t \t \t //window.location.href = 'home';//redirect to the homepage 
 
\t \t \t \t \t alert(data); 
 
\t \t \t \t }, 
 
\t \t \t \t \t error: function(xhr, status, error) { 
 
\t \t \t \t \t var err = eval("(" + xhr.responseText + ")"); 
 
\t \t \t \t \t alert(err.Message); 
 
\t \t \t \t \t } 
 
\t \t \t });event.preventDefault(); 
 
\t \t }); 
 

 
AJAX CODE 
 

 
<?php 
 

 
\t require_once '../../app/models/DB.php'; 
 
\t require_once '../../app/models/Files.php'; 
 
\t require_once '../../app/init.php'; 
 
\t \t $db= DB::getInstance(); 
 
\t \t $files= new Files(); 
 
\t \t $directory = $_POST['directory']; 
 
\t \t $file = $_POST['file']; 
 
\t \t if (!file_exists('../' . $directory)) { 
 
\t \t \t mkdir('../' . $directory, 0744, true); 
 
\t \t \t chmod('../'. $directory, 0777); 
 
\t \t } 
 
\t \t $currentdirectory = $db->query("SELECT path FROM file WHERE id = '$file'")->first()->path; 
 
\t \t rename('../' . $currentdirectory,'../' . $directory); 
 
\t \t $data = $db->query("UPDATE file SET path = '$directory' WHERE id = '$file'"); 
 
\t \t 
 

 
\t \t echo('../' . $currentdirectory); 
 
\t \t ?>
.secondaryContainer{ 
 
\t \t margin:0 auto; width:86%; 
 
\t \t height:58px; 
 
\t \t background: linear-gradient(to bottom,#FBFBFB,#A7A6A6) #f3f3f3; 
 
\t \t border-radius: 5px 5px 5px 5px; 
 
\t } 
 
\t #HomesearchBar{ 
 
\t \t float:right; 
 
\t } 
 

 
\t .boxHeader{ 
 
\t \t padding:15px 15px 0px 15px ; 
 
\t } 
 

 
\t #headerTab{ 
 
\t \t border-bottom:0px; 
 
\t } 
 
\t .filesBoxContent{ 
 
\t \t background-color: #aeaeae !important; 
 
    \t border-color: #818181 !important; 
 
    \t border-radius: 5px 5px 5px 5px; 
 
\t } 
 

 
\t #MainPageThumbnails{ 
 
\t \t margin-top: 15px; 
 
\t } 
 

 
\t #MainPageThumbnails{ 
 
\t \t text-align:justify; 
 
\t } 
 

 

 
\t .clicked { 
 
    border: 3px solid blue; 
 
} 
 
\t \t #mainPage{ 
 
\t \t \t max-width: 900px; 
 
\t \t } 
 
\t \t #mainPage h1, #mainPage h2 { 
 
\t \t  font-size: 28px; 
 
\t \t  color: #25A7DE; 
 
\t \t  font-weight: lighter; 
 
\t \t  text-align: left; 
 
\t \t } 
 
\t \t .postPage legend { 
 
\t \t  text-align: center; 
 
\t \t  background: #25A7DE; 
 
\t \t  color: #fff; 
 
\t \t  font-size: 18px; 
 
\t \t  padding: 4px; 
 
\t \t  -webkit-border-radius: 34px; 
 
\t \t  -moz-border-radius: 34px; 
 
\t \t  border-radius: 34px; 
 
\t \t  width: 34px; 
 
\t \t  height: 34px; 
 
\t \t } 
 
\t \t fieldset{ 
 
\t \t  border-top: 1px solid #ccc; 
 
\t \t } 
 

 
\t \t .fileUpload { 
 
\t \t  position: relative; 
 
\t \t  overflow: hidden; 
 
\t \t  margin: 10px; 
 
\t \t } 
 
\t \t .fileUpload input.upload { 
 
\t \t  position: absolute; 
 
\t \t  top: 0; 
 
\t \t  right: 0; 
 
\t \t  margin: 0; 
 
\t \t  padding: 0; 
 
\t \t  font-size: 20px; 
 
\t \t  cursor: pointer; 
 
\t \t  opacity: 0; 
 
\t \t  filter: alpha(opacity=0); 
 
\t \t } 
 

 
\t \t #banner_warning{ 
 
\t \t \t float:left; 
 
\t \t } 
 

 
\t \t .form-actions { 
 
\t \t  margin: 0; 
 
\t \t  background-color: transparent; 
 
\t \t  text-align: center; 
 
\t \t } 
 
\t \t /*---------Category CSS-------*/ 
 
\t \t .subcategoryList,.categoryList { 
 
\t \t  border-radius: 15px; 
 
\t \t  background-color: white; 
 
\t \t  border: 1px solid #ccc; 
 
\t \t  padding: 5px; 
 
\t \t  min-height:150px; 
 
\t \t  max-height:150px; 
 
\t \t  overflow-y: auto; 
 
\t \t  overflow-x:hidden; 
 
\t \t  margin-bottom:20px !important; 
 
\t \t } 
 
\t \t .categoryList{ 
 
\t \t \t float: left; 
 
\t \t \t width:49%; 
 

 
\t \t } 
 
\t \t .subcategoryList{ 
 
\t \t \t float: right; 
 
\t \t \t width:49%; 
 
\t \t \t visibility: hidden; 
 
\t \t } 
 
\t \t .subcategoryList ul,.categoryList ul { 
 
\t \t list-style-type: none; 
 
\t \t margin: 0; 
 
\t \t padding: 0; 
 
\t \t } 
 
\t \t .subcategory,.category { 
 
\t \t text-decoration: none; 
 
\t \t color: #000; 
 
\t \t -webkit-transition: font-size 0.3s ease, background-color 0.3s ease; 
 
\t \t -moz-transition: font-size 0.3s ease, background-color 0.3s ease; 
 
\t \t -o-transition: font-size 0.3s ease, background-color 0.3s ease; 
 
\t \t -ms-transition: font-size 0.3s ease, background-color 0.3s ease; 
 
\t \t transition: font-size 0.3s ease, background-color 0.3s ease; 
 
\t \t display: block; 
 
\t \t } 
 
\t \t .subcategory:hover,.category:hover { 
 
\t \t font-size: 15px; 
 
\t \t background: #f6f6f6; 
 
\t \t } 
 

 
\t \t .input-group{ 
 
\t \t \t z-index: 0; 
 
\t \t }
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script> 
 
<!-- Form Container --> 
 
<div id="mainPage" class="container"> 
 
\t <h1>Add New Post</h1> 
 
\t <div class = "postPage"> 
 
\t \t <form action="" method="post"> 
 
\t \t \t <fieldset class="form-group"> 
 
\t \t \t \t <legend>1</legend> 
 
\t \t \t \t <div class="input-group"> 
 
\t \t \t \t  <span class="input-group-addon" id="basic-addon1">Title*</span> 
 
\t \t \t \t  <input type="text" class="form-control" name="title" id="title" aria-describedby="basic-addon1" placeholder="Enter the post title"> 
 
\t \t \t \t </div> 
 

 
\t \t \t \t <div class="fileUpload btn btn-primary"> 
 
\t \t \t \t  <span>Choose Banner</span> 
 
\t \t \t \t  <input type="file" name="banner" id="uploadBtn" class="upload" /> 
 
\t \t \t \t </div> 
 
\t \t \t \t <span id="thumbnail" ></span> 
 
\t \t \t \t <div id="banner_warning"> 
 
\t \t \t \t \t <small class="banner">Choose a banner for your post.</small> 
 
\t \t \t  </div> 
 
\t \t \t \t <div class="input-group"> 
 
\t \t \t  \t <span class="input-group-addon" id="basic-addon1">Description*</span> 
 
\t \t \t  \t <textarea class="form-control" name="description" id="description" rows="10" placeholder="Type a short description for this file"></textarea> 
 
\t \t  \t </div> 
 
\t \t \t </fieldset> 
 

 
\t \t \t <fieldset class="form-group"> 
 
\t \t \t \t <legend>2</legend> 
 
\t \t \t \t <div class="categoryList"> 
 
\t \t \t \t <ul> 
 
\t \t \t \t \t <?php foreach($category as $item):?> 
 
\t \t \t \t  \t <li class="category" id="<?php echo $item->id;?>"><?php echo $item->name; ?></li> 
 
\t \t \t \t  <?php endforeach; ?> 
 
\t \t \t \t </ul> 
 
\t \t \t \t <input type="hidden" name="category" id="category"/> 
 
\t \t \t \t </div> 
 
\t \t \t \t <div class="subcategoryList"> 
 
\t \t \t \t <ul> 
 
\t \t \t \t </ul> 
 
\t \t \t \t <input type="hidden" name="subcategory" id="subcategory"/> 
 
\t \t \t \t </div> 
 
\t \t \t \t \t \t \t \t \t 
 
\t \t \t \t <!-- Trigger/Open The Modal --> 
 
\t \t \t \t <div class="form-actions"> 
 
\t \t \t \t \t <button type="button" id="myBtn" class="btn btn-default btn-lg"> 
 
\t \t \t \t \t <span class="glyphicon glyphicon-paperclip" aria-hidden="true"></span> Add Media 
 
\t \t \t \t \t </button> 
 
\t \t \t \t </div> 
 
\t \t \t \t <div class="input-group"> 
 
\t \t \t \t  <span class="input-group-addon" id="basic-addon1">Directory</span> 
 
\t \t \t \t  <input type="text" class="form-control" name="directory" id="directory" aria-describedby="basic-addon1"> 
 
\t \t \t \t  <input type="hidden" name="filename" id="filename"/> 
 
\t \t \t \t  <input type="hidden" name="fileid" id="fileid"/> 
 
\t \t \t \t </div> 
 
\t \t \t </fieldset> 
 

 
\t \t \t <fieldset class="form-group"> 
 
\t \t \t \t <legend>3</legend> 
 
\t \t \t \t <label for="keywords"><h3>Keywords</h3></label> 
 
\t \t  \t <textarea class="form-control" name="keywords" id="keywords" rows="3"></textarea> 
 
\t \t  \t <small class="text-muted">Separate words by either '/' or ';'</small> 
 
\t \t \t </fieldset> 
 
\t \t \t 
 
\t \t 
 
\t \t \t <!--Token will be generated here. Model Token will be called for this--> 
 
\t \t \t <input type="hidden" name = "token" value="<?php echo Token::generate(); ?>"> 
 
\t \t \t <input type="submit" value="Post"> \t 
 
\t \t </form> 
 
\t </div> 
 
</div> 
 
<!-- End of Form Container -->

回答

0

首先,我建議您消毒用戶輸入:

$directory = $_POST['directory']; 
$file = $_POST['file']; 

後來你使用SQL查詢$目錄,可以給SQL注入的問題。

其次檢查mkdir命令在其中創建新文件夾的父文件夾的所有文件/文件夾權限。