powweb made this announcment this morning:
Quote:
PHP's default upload_tmp_dir was /tmp, which is no longer world writeable as this is where the worms using the phpBB exploit download their programs to spread. This was necessary to stop our servers from attacking others. Your scripts should not download files to this area anyways as it is not available on all the servers your site is hosted on.
If you use PHP to upload files, you need to have a custom php.ini. You need to uncomment and edit the upload_tmp_dir variable to point to a directory that is writeable by you, which would be your home directory or a subdirectory inside your home directory. DO NOT change that directories permissions to 777, it is already writeable by your php scripts if it is the default 755.
So If I open php.ini in /gallery and edit the line
'upload_tmp_dir = /gallery/tmp'
which is the directory I created, there seems to be no change, I still get the error: Adding image.jpg
Resizing/compressing original image
Warning: getimagesize(/www/u/username/htdocs/gallery/albums/album01/image.jpg) failed to open stream: No such file or directory in /gallery/util.php on line 397
I realize that may not make much sense to the error I am getting, but I was having no problems until powweb did their upgrade, somehow they must coincide.
Any suggestions would be appreciated.
----
Gallery URL (optional but very useful): n/a
Gallery version: 1.42
Apache version: Apache/1.3.33
PHP version: 4.3.10
Graphics Toolkit:
Operating system: FreeBSD 4.10
Web browser/version (if applicable): IE
Posts: 13451
Nice to see that hosts take this stuff seriously! You probably need the full system path, and not a relative one. Check FAQ Gallery:c.32 for a little script that might help you figure out the path.
Posts: 29
Thanks for the reply, h0bbel, I took your advice and added the full system path, and unfortuntely, it didn't make a difference
Posts: 13451
What is the error you get after the change?
Posts: 29
Same error as above
Adding image.jpg
Resizing/compressing original image
Warning: getimagesize(/www/u/username/htdocs/gallery/albums/album01/image.jpg) failed to open stream: No such file or directory in /gallery/util.php on line 397
Posts: 13451
ok, try changing the upload_tmp_dir and set it to the same path as well, in php.ini
Posts: 29
Thanks h0bble, that didn't seem to make a difference, though. with debug mode on, the line
'The file /www/u/username/htdocs/gallery/albums/album01/image.jpg does not exist ?!'
is added. I'm really stumped at this point.
Posts: 13451
are file_uploads even on in your php.ini? Seems like the file never reach the server when you upload.
Posts: 29
yes, it's definitely on.
Posts: 13451
could you link us to a file containing the following:
<?php phpinfo(); ?>
I would like to have a look at it
Posts: 29
I found the problem. When modifying 'upload_tmp_dir' in the php.ini used with gallery, I left a semicolon in front of the line. I wasn't aware it was critical that that be removed. Thanks for much for your help, h0bble.
For those of you hosted with powweb who run into this problem, you can find more information here:
http://forum.powweb.com/showthread.php?p=259493&posted=1#post259493
Posts: 13451
smac1979, the ";" makes it commented out, no wonder it didn't work!
Glad you got it fixed!
Posts: 5
yes, that did it.
I had the same issue for a few days now and I thought the upgrade to the latest version would fix it, but it did not.
The script to create a php.ini file and modifying the 'upload_tmp_dir =' line did it.
Thanks everyone.
TX
Posts: 13451
txcrude, glad someone used the search function!
Posts: 1
This resolves the probelms at PowWeb and may resove problems elsewhere also, if you are getting this error message:
Resizing/compressing original image
Warning: getimagesize(/www/u/username/htdocs/gallery/albums/album01/image.jpg) failed to open stream: No such file or directory in /gallery/util.php on line 397
I found this at B&T's site: http://www.prettyworthless.com/tips.php
Using a custom php.ini file
You may want to use a custom php.ini file in order to change some of the PowWeb defaults. For example, you may want to turn register_globals = off. If you copy the default PowWeb file, make changes, and then put it in your webspace, you may not know if PowWeb makes further changes to the default file which could cause your file to be out-of-date. A good solution is the following script, which you can execute manually or kick-off with cron each night. The script reads the PowWeb default file, makes your change, and writes it to your webspace. Now you can always have the current PowWeb default script with your changes made. The example below changes register_globals in the default PowWeb php.ini file.
- - Start Script Here - -
<?
$path = '/usr/local/php4/lib/php.ini';
if (!file_exists($path)) die('Processing error - php.ini file not found');
$contents = file_get_contents($path);
$replace = "register_globals = On";
$replaceWith = "register_globals = Off";
if (!strpos($contents,$replace)) die('Processing error - register globals string not found');
$contents = str_replace($replace, $replaceWith, $contents);
$handle = fopen('/www/u/user/htdocs/php.ini', 'w');
fwrite($handle, $contents);
fclose($handle);
echo "The php.ini file has been modified and copied.";
?>
- - End Script Here - -
You may want to change other things in php.ini as well. You can do this by repeating the center section of the script for as many changes as you wish to make.
For example you may want to use your own directory for session files (in this example named sessions).
To do this add the following:
$replace = "session.save_path = \"3;/www/php\"";
$replaceWith = "session.save_path = /www/u/user/sessions";
if (!strpos($contents,$replace)) die('Processing error - sessions string not found');
$contents = str_replace ($replace, $replaceWith, $contents);
Note the sessions directory is above htdocs for added security.
In order to do PHP uploads at PowWeb you need to have your own temp upload directory (in this example named uploads).
To do this add the following:
$replace = ";upload_tmp_dir =";
$replaceWith = "upload_tmp_dir = /www/u/user/uploads";
if (!strpos($contents,$replace)) die('Processing error - upload directory string not found');
$contents = str_replace ($replace, $replaceWith, $contents);
Note the uploads directory is above htdocs for added security.
And if you want to change the maximum upload size to something larger than 2MB, also add the following:
$replace = "upload_max_filesize = 2M";
$replaceWith = "upload_max_filesize = 4M";
if (!strpos($contents,$replace)) die('Processing error - upload max size string not found');
$contents = str_replace ($replace, $replaceWith, $contents);
And if you want to go larger than 8M then also add the folowing:
$replace = "post_max_size = 8M";
$replaceWith = "post_max_size = 10M";
if (!strpos($contents,$replace)) die('Processing error - upload post size string not found');
$contents = str_replace ($replace, $replaceWith, $contents);
This script is an enhanced version of one posted by devinemke in the PowWeb Community Forum.
--------------------------------------------------------------------------------
If you do put a custom php.ini files in your htdocs directory you may also want to put the following in your .htaccess file in order to prevent others from viewing the contents of the file.
<files php.ini>
order deny,allow
deny from all
</files>
Here is a script to run on PowWeb, it places a custom php.ini file in your htdocs folder, just copy this script to a text editor and replace the * and ******* with the paths to your site. You can goto ops and ftp and see the correct paths to input into this script. Save it as something like customphp.php and upload it to your htdocs directory. Run it every couple of days by going to http://www.yoursite.com/customphp.php
You should also make a .htaccess file with the entry above in it to prevent people from hacking your php.ini file.
COPY FROM HERE >
<?
$path = '/usr/local/php4/lib/php.ini';
if (!file_exists($path)) die('Processing error - php.ini file not found');
$contents = file_get_contents($path);
$replace = "register_globals = On";
$replaceWith = "register_globals = Off";
if (!strpos($contents,$replace)) die('Processing error - register globals string not found');
$contents = str_replace($replace, $replaceWith, $contents);
$replace = ";upload_tmp_dir =";
$replaceWith = "upload_tmp_dir = /www/*/*******/uploads";
if (!strpos($contents,$replace)) die('Processing error - upload directory string not found');
$contents = str_replace ($replace, $replaceWith, $contents);
$replace = "upload_max_filesize = 2M";
$replaceWith = "upload_max_filesize = 4M";
if (!strpos($contents,$replace)) die('Processing error - upload max size string not found');
$contents = str_replace ($replace, $replaceWith, $contents);
$handle = fopen('/www/*/*******/htdocs/php.ini', 'w');
fwrite($handle, $contents);
fclose($handle);
echo "The php.ini file has been modified and copied.";
?>
< TO HERE
I suggest increasing the max file size to 4M to allow for uploading images packed in zip files, just makes it easier to add images.
Thanks go to B&T and the people who help support the community at PowWeb for this info.
Posts: 13451
Great! I've turned this thread into a sticky, hopefully more people will notice it. Thanks!
Posts: 2
I've completed the above recommendations but still get an error:
***My initial and username was changed for this post...
Do I need to CHMOD something differently? I have set 755 on my temp upload dir.
Thanks!
Posts: 13451
Try setting the session_save.path to the same path as the temp upload dir in php.ini
Posts: 2
Thanks...Jeez.. I've looked through every gallery php there is trying to find that path...who knew it was in the php.ini. :lol:
It fixed her up though!
Posts: 13451
nytephal, great!
Posts: 13
Ok.. I'm reading this... and totally not understanding almost all of it! (a semi-newbie) but I lost totally another php applications to such hackers so I am concerned and want to do this right! Is there anyone I could pay maybe to help me with an upgrade if I need that? DRAT! I don't even know if I need one... this is SAD! If I haven't already bored you to tears... feel free to help! Thanks..
Posts: 13451
http://gallery.menalto.com/modules.php?op=modload&name=GalleryPaidSupport&file=index
Posts: 1
smac1979,
I have had this program before and was set up by my webdesigner now i can't figure out the Instalation process i do have a site but the program will not load can you tell me why?
Posts: 1
I've been using Gallery for a year or two with no problems now on www.100webspace.com but I've recently started getting this same error message too. I don't have access to the php.ini on the server. I tried following the instructions above on creating your own php.ini via a script above but I think I'm missing something fundamental! Does this script need <?php bits at the start and end - I'm know pretty much nothing about php so I may be starting at completely the wrong end here....
Posts: 5
noticed! Thanks for Stickying it!
Posts: 2
Thanks!
Josep
Posts: 7
Ok, I have an interesting question. I am using Lunarpages as a shared host for the time being and do not see the php.ini file in any directory. Any suggestions are greatly appreciated.