...

View Full Version : URL to file outside root



andre1990
10-22-2011, 10:37 PM
Hi guys,

I have an upload site that allows files to be uploaded then downloaded via URL.


<?php
ob_start();

session_start();

$extensions = array("jpg", "png","jpeg", "gif", "zip", "rar", "swf", "tiff", "bmp", "txt", "fla", "7z", "tar", "gz", "iso",

"dmg", "mp3", "wav", "m4a", "aac", "doc", "docx", "xls", "rtf", "ppt", "bsd", "exe", "psd", "c4d", "pdf", "dwg", "max", "ipa",

"vtf", "iam", "ipt", "flv", "cap", "scr");
$maxsize = 104288000;
$server = "http://www.andredomain.com";

$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$random = md5(uniqid(rand(), true));
$random = substr($random, 0, 20);

if (!$name || !$temp || !$size)
{
echo "Go back and select a file.";
exit();
}

foreach ($_FILES as $file)
{
if ($file['tmp_name'] != null)
{
$thisext1=explode(".", strtolower($file['name']));
$thisext=$thisext1[count($thisext1)-1];
if (!in_array($thisext, $extensions))
{
echo "That file type is not allowed.";
exit();
}
}
}

if ($size > $maxsize)
{
echo "File size too big.";
exit();
}

$destination = 'Uploads/' . $random ;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

$final = $server."/".$destination."/".$name;

$contents = file_get_contents("http://is.gd/create.php?format=simple&url=$final");


?>

Now i want to move the Uploads directory 1 level up from the root. Would this be the right way?



<?php
ob_start();

session_start();

$extensions = array("jpg", "png","jpeg", "gif", "zip", "rar", "swf", "tiff", "bmp", "txt", "fla", "7z", "tar", "gz", "iso",

"dmg", "mp3", "wav", "m4a", "aac", "doc", "docx", "xls", "rtf", "ppt", "bsd", "exe", "psd", "c4d", "pdf", "dwg", "max", "ipa",

"vtf", "iam", "ipt", "flv", "cap", "scr");
$maxsize = 104288000;
$server = "/var/www/vhosts/andredomain.com/Uploads";

$name = $_FILES['file']['name'];
$temp = $_FILES['file']['tmp_name'];
$size = $_FILES['file']['size'];

$random = md5(uniqid(rand(), true));
$random = substr($random, 0, 20);

if (!$name || !$temp || !$size)
{
echo "Go back and select a file.";
exit();
}

foreach ($_FILES as $file)
{
if ($file['tmp_name'] != null)
{
$thisext1=explode(".", strtolower($file['name']));
$thisext=$thisext1[count($thisext1)-1];
if (!in_array($thisext, $extensions))
{
echo "That file type is not allowed.";
exit();
}
}
}

if ($size > $maxsize)
{
echo "File size too big.";
exit();
}

$destination = '../uploads/' . $random ;
mkdir($destination);
move_uploaded_file($temp, $destination."/".$name);

$final = $server."/".$destination."/".$name;

$contents = file_get_contents("http://is.gd/create.php?format=simple&url=$final");

$filesource = '/var/www/vhosts/andredomain.com/Uploads';

$myfile = file_get_contents('$filesource."/".$destination."/".$name');


?>

<?php ob_start(); ?>

<!DOCTYPE html>
<html>
<head>
<title>File Uploaded!</title>
<link rel="stylesheet" href="style.css" type="text/css">
<link REL="SHORTCUT ICON" HREF="images/favicon.ico">
</head>
<body>
<div id="topbar">
<div class="content">
<div class="logo"><img src="images/logo.png" height="90"/></div>
</div>
</div>
<div id="navbar">
<ul>
<li><a href="http://www.uploadvillage.com" id="active">Uploaded! Back Home?</a></li>
<li><a href="http://www.uploadvillage.com/tos.php">TOS</a></li>
<li><a href="http://www.uploadvillage.com/faq.php">FAQ</a></li>
<li><a href="http://www.uploadvillage.com/contact.php">Contact Us</a></li>
<li><a href="http://www.uploadvillage.com/donate.php">Donate</a></li>
</ul>
</span>
</center>
<div id="main"><center>
<div id="side1"><br><BR><BR>
<br /><strong>Uploaded!</strong><br />
<span class="small">
<br />
Bypass Filter (SHORT URL):<br />




<input type="text" size="10" onClick=select() value="<?php echo $contents;?>" READONLY><p />

Direct download :<br />
<input type="text" size="28" onClick=select() value="<?php echo $final; ?>" READONLY><p />
Forum Code download/view:<br />
<input type="text" size="38" onClick=select() value="<?php echo $final; ?>" READONLY><p />
<a href="<?php echo $server; ?>/delete.php?filename=<?php echo $name; ?>&folder=<?php echo $destination; ?>">Delete your file?

</a>

</span>
<div class="clear"></div></center>
</div></CENTER>
<br><center><span class="small">&copy; Upload Village 2010.</span></center>
<center><a href="http://www.facebook.com/pages/UploadVillagecom/186225441417890"><img src="images/facebook.ico"></a></center>
</div>
</div>
<div class="clear"></div>
</div>
</body>
<script type="text/javascript">

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-17632658-8']);
_gaq.push(['_trackPageview']);

(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();

</script>
</html>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum