Not signed in (Sign In)

SkillShare - A place to discuss Web Standards and Web Design topics

Categories

Vanilla 1.1.9 is a product of Lussumo. More Information: Documentation, Community Support.

Server Side Scripting / Coding: php problem

Bottom of Page

1 to 3 of 3

  1.  
    • CommentAuthorhebel
    • CommentTimeJan 28th 2007
     permalink
    Hi, I need a php function on a website I'm building allowing upload of .docs and .pdfs. I found the code below on the net and am trying to use it. I created a file called "FILES" on my server and tried it out but without luck. I understand php very little so if someone can point out what I'm doing wrong in simple terms I'd appreciate it.

    Thanks a lot,

    Hebel.


    <?php

    $MAX_SIZE = 2000000;

    $FILE_EXTS = array('.pdf','.doc');
    $DELETABLE = true;

    $site_name = $_SERVER['HTTP_HOST'];
    $url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
    $url_this = "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

    $upload_dir = "files/";
    $upload_url = $url_dir."/files/";
    $message ="";

    if (!is_dir("files")) {
    if (!mkdir($upload_dir))
    die ("upload_files directory doesn't exist and creation failed");
    if (!chmod($upload_dir,0755))
    die ("change permission to 755 failed.");
    }

    if ($_REQUEST[del] && $DELETABLE) {
    $resource = fopen("log.txt","a");
    fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
    fclose($resource);

    if (strpos($_REQUEST[del],"/.")>0); //possible hacking
    else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
    else if (substr($_REQUEST[del],0,6)==$upload_dir) {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
    }
    }
    else if ($_FILES['userfile']) {
    $resource = fopen("log.txt","a");
    fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
    .$_FILES['userfile']['name']." "
    .$_FILES['userfile']['type']."\n");
    fclose($resource);

    $file_type = $_FILES['userfile']['type'];
    $file_name = $_FILES['userfile']['name'];
    $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

    //File Size Check
    if ( $_FILES['userfile']['size'] > $MAX_SIZE)
    $message = "The file size is over 2MB.";
    //File Extension Check
    else if (!in_array($file_ext, $FILE_EXTS))
    $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
    else
    $message = do_upload($upload_dir, $upload_url);

    print "<script>window.location.href='$url_this?message=$message'</script>";
    }
    else if (!$_FILES['userfile']);
    else
    $message = "Invalid File Specified.";

    /************************************************************
    * List Files
    ************************************************************/
    $handle=opendir($upload_dir);
    $filelist = "";
    while ($file = readdir($handle)) {
    if(!is_dir($file) && !is_link($file)) {
    $filelist .= "<a href='$upload_dir$file'?phpMyAdmin=4594f30712f4fabaff6997416810f3f2>".$file."</a> - URL: <b>$upload_url$file</b>";
    if ($DELETABLE)

    $filelist .= " Added at ".date("d-m H:i", filemtime($upload_dir.$file))
    ."";
    $filelist .= " <a style='text-decoration:none; font-weight:bold' href='?del=$upload_dir".urlencode($file)."' title='delete'>x</a>";
    $filelist .="<br>";
    }
    }

    function do_upload($upload_dir, $upload_url) {

    $temp_name = $_FILES['userfile']['tmp_name'];
    $file_name = $_FILES['userfile']['name'];
    $file_name = str_replace("\\","",$file_name);
    $file_name = str_replace("'","",$file_name);
    $file_path = $upload_dir.$file_name;

    //File Name Check
    if ( $file_name =="") {
    $message = "Invalid File Name Specified";
    return $message;
    }

    $result = move_uploaded_file($temp_name, $file_path);
    if (!chmod($file_path,0777))
    $message = "change permission to 777 failed.";
    else
    $message = ($result)?"$file_name was uploaded successfully." :
    "Something is wrong with uploading the file.";
    return $message;
    }

    ?>


    <html>
    <head>
    <title>Simple uploader</title>
    <link rel=stylesheet href=style.css>
    </head>
    <body>
    <br><br>
    <center>
    <font color=red><?=$_REQUEST[message]?></font>
    <br>
    <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post"><input type="hidden" name="phpMyAdmin" value="4594f30712f4fabaff6997416810f3f2" />
    Upload File <input type="file" id="userfile" name="userfile">
    <input type="submit" name="upload" value="Upload">
    </form>

    <br><b><u>Uploaded files:</b></u><br><br>

    <?=$filelist?><br>Developed By
    <a style="text-decoration:none" href="http://savasplace.com">Sava's Place.com</a>
    </sup></small>
    </center>
    • CommentAuthoraxe_sosharp
    • CommentTimeJan 28th 2007 edited
     permalink
    Don't think this is a PHP problem, the form has no action attribute.


    <form name="upload" id="upload" ENCTYPE="multipart/form-data"
    method="post" action="files.php"> // Where files.php has the upload script. //
    •  
      CommentAuthorziyphr
    • CommentTimeJan 29th 2007
     permalink
    Without an action attribute the form should default to itself, but yes it's best to include it.

    In the past I've always specified the exact file path, not relative. The function for this is getcwd(), something that's fairly difficult to find on php.net without knowing its name.

    Most importantly, what error message do you get?

1 to 3 of 3

  1.  
Add your comments
    Username Password
  • Format comments as (Help)
 
Back to Discussions Top of Page