...

View Full Version : Adding server info to uploader



masterofollies
09-15-2005, 06:06 PM
Can anyone tell me what to config in this simple upload script to make it work on my server? Just the parts to make changes... Thank you



<?php
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
// You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 2000000;

//Allowable file Mime Types. Add more mime types if you want
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
,'image/png','application/msword');

//Allowable file ext. names. you may add more extension names.
$FILE_EXTS = array('.zip','.jpg','.png','.gif');

//Allow file delete? no, if only allow upload only
$DELETABLE = true;


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
// Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
* Setup variables
************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

/************************************************************
* Create Upload Directory
************************************************************/
if (!is_dir("files")) {
if (!mkdir($upload_dir))
die ("upload_files directory doesn't exist and creation failed");
if (!chmod($upload_dir,0755))
die ("change permission to 755 failed.");
}

/************************************************************
* Process User's Request
************************************************************/
if ($_REQUEST[del] && $DELETABLE) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
fclose($resource);

if (strpos($_REQUEST[del],"/.")>0); //possible hacking
else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
else if (substr($_REQUEST[del],0,6)==$upload_dir) {
unlink($_REQUEST[del]);
print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
}
}
else if ($_FILES['userfile']) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
.$_FILES['userfile']['name']." "
.$_FILES['userfile']['type']."\n");
fclose($resource);

$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

//File Size Check
if ( $_FILES['userfile']['size'] > $MAX_SIZE)
$message = "The file size is over 2MB.";
//File Type/Extension Check
else if (!in_array($file_type, $FILE_MIMES)
&& !in_array($file_ext, $FILE_EXTS) )
$message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
else
$message = do_upload($upload_dir, $upload_url);

print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else
$message = "Invalid File Specified.";

/************************************************************
* List Files
************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
if(!is_dir($file) && !is_link($file)) {
$filelist .= "<a href='$upload_dir$file'>".$file."</a>";
if ($DELETABLE) {
$delfile = $file;
$delfile = str_replace("%","%25",$delfile);
$delfile = str_replace("&","%26",$delfile);
$delfile = str_replace("+","%2b",$delfile);
$delfile = str_replace("?","%3f",$delfile);
$filelist .= " <a href='?del=$upload_dir".$delfile."' title='delete'>x</a>";
}
$filelist .= "<sub><small><small><font color=grey> ".date("d-m H:i", filemtime($upload_dir.$file))
."</font></small></small></sub>";
$filelist .="<br>";
}
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name'];
$file_name = str_replace("\\","",$file_name);
$file_name = str_replace("'","",$file_name);
$file_path = $upload_dir.$file_name;

//File Name Check
if ( $file_name =="") {
$message = "Invalid File Name Specified";
return $message;
}

$result = move_uploaded_file($temp_name, $file_path);
if (!chmod($file_path,0777))
$message = "change permission to 777 failed.";
else
$message = ($result)?"$file_name uploaded successfully." :
"Somthing is wrong with uploading a file.";
return $message;
}

?>

<center>
<font color=red><?=$_REQUEST[message]?></font>
<br>
<form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
Upload File <input type="file" id="userfile" name="userfile">
<input type="submit" name="upload" value="Upload">
</form>

<br><b>My Files</b>
<hr width=70%>
<?=$filelist?>
<hr width=70%>
<small><sup>Developed By
<a style="text-decoration:none" href="http://tech.citypost.ca">CityPost.ca</a>
</sup></small>
</center>

Fou-Lu
09-16-2005, 10:05 AM
1. What is the problem with working it on your server? Any error messages? Outcome to expected outcome, etc.
2. What configurations do you want to change?
3. What server OS and applications are you using? What version of php?

From what I see, you don't need to change anything to make this work. I haven't put it to the test or anything like that, and other than being poorly strucutured (which could be your not wrapping it in pre tags), it appears to work fine in my mind when I skim over it.

Can you please specify the problems you are having with this?

masterofollies
09-17-2005, 04:23 PM
I got it to work now. But I had to CHMOD the folder "files" to 755 still didn't work then I changed it to 777 and it works. But when you upload it has a error message (can't read it fast enough) like 3 errors and then said upload completed and it works. But I guess as long as it works its ok.

Fou-Lu
09-17-2005, 05:26 PM
You can probably force the view by dropping any redirection you are using.
Chances are you have a notice, probably for uninitialized variable usage. Add error_reporting(E_ALL & ~E_NOTICE); to the top of your php, and see if the errors disappear. S'all good. That doesn't fix the problem of course, but as mentioned, chances are its uninitialized; which I guess would be bad if register_globals are on....



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum