PHP Help - PHP upload script
//VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
// PHP Help - PHP upload script
//VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV
******************************************************************
Title : PHP upload Script
Usage : to upload files to server
Programmer : Mohd Izzairi Yamin
******************************************************************
Hi Guys, this is php upload script function.
<?php
$MAX_SIZE = 2000000;
$FILE_EXTS = array(’.doc’);
$DELETABLE = true;
$site_name = $_SERVER[’HTTP_HOST’];
$url_dir = “http://”.$_SERVER[’HTTP_HOST’].dirname($_SERVER[’PHP_SELF’]);
$url_this = “http://”.$_SERVER[’HTTP_HOST’].$_SERVER[’PHP_SELF’];
$upload_dir = “upload_folder/”;
$upload_url = $url_dir.”/upload_folder/”;
$message =”";
if (!is_dir(”upload_folder”)) {
if (!mkdir($upload_dir))
die (”upload_files directory doesn’t exist and creation failed”);
if (!chmod($upload_dir,0755))
die (”change permission to 755 failed.”);
}
if (isset($_REQUEST[’del’]))
$pos = strpos( $_REQUEST[’del’],”/”);
//echo “pos = $pos<hr>”;
//echo “del = “.$_REQUEST[del];
//echo substr($_REQUEST[’del’],0,$pos).”=”.$upload_dir;
if ($_REQUEST[’del’] && $DELETABLE) {
$resource = fopen(”log.txt”,”a”);
fwrite($resource,date(”Ymd h:i:s”).”DELETE - $_SERVER[REMOTE_ADDR]”.”$_REQUEST[del]\n”);
fclose($resource);
if (strpos($_REQUEST[’del’],”/.”)>0); //possible hacking
else if (strpos($_REQUEST[’del’],$upload_dir) === false); //possible hacking
//else if (substr($_REQUEST[’del’],0,6)==$upload_dir) {
else if (substr($_REQUEST[’del’],0,$pos+1)==$upload_dir) { // compare the upload folder name (’upload_faststart/’)
echo “del = “.$_REQUEST[del];
unlink($_REQUEST[del]);
print “<script>window.location.href=’$url_this?message=deleted successfully’</script>”;
}
}
else if ($_FILES[’userfile’]) {
$resource = fopen(”log.txt”,”a”);
fwrite($resource,date(”Ymd h:i:s”).”UPLOAD - $_SERVER[REMOTE_ADDR]”
.$_FILES[’userfile’][’name’].” ”
.$_FILES[’userfile’][’type’].”\n”);
fclose($resource);
$file_type = $_FILES[’userfile’][’type’];
$file_name = $_FILES[’userfile’][’name’];
$file_ext = strtolower(substr($file_name,strrpos($file_name,”.”)));
//File Size Check
if ( $_FILES[’userfile’][’size’] > $MAX_SIZE)
$message = “The file size is over 2MB.”;
//File Extension Check
else if (!in_array($file_ext, $FILE_EXTS))
$message = “Sorry, $file_name($file_type) is not allowed to be uploaded.”;
else
$message = do_upload($upload_dir, $upload_url);
print “<script>window.location.href=’$url_this?message=$message’</script>”;
}
else if (!$_FILES[’userfile’]);
else
$message = “Invalid File Specified.”;
$handle=opendir($upload_dir);
$filelist = “”;
while ($file = readdir($handle)) {
if(!is_dir($file) && !is_link($file)) {
$filelist .= “<a href=’$upload_dir$file’>”.$file.”</a>”;
$name=”Update”;
if ($DELETABLE)
$filelist .= “<TD colspan=’2′ align=’left’ class=’content1′>”;
$filelist .= ” “;
$filelist .= “<img src=’images/actions_track.gif’ width=’32′ height=’32′>”;
$filelist .= ” <a href=’converter_cpd.php?filename=”.urlencode($file).”&date=”.date(”d-M-y”, filemtime($upload_dir.$file)).”&iyear=”.$iyear.”‘>[ $name ]</a> “;
$filelist .= ” <a href=’?del=$upload_dir”.urlencode($file).”‘ title=’delete’>Delete</a> “;
$filelist .= “<font color=#000099 size=2> “.date(”d-m-Y”, filemtime($upload_dir.$file))
.”</font>”;
$filelist .=”</td>”;
$filelist .=”<br>”;
}
}
function do_upload($upload_dir, $upload_url) {
$temp_name = $_FILES[’userfile’][’tmp_name’];
$file_name = $_FILES[’userfile’][’name’];
$file_name = str_replace(”\\”,”",$file_name);
$file_name = str_replace(”‘”,”",$file_name);
$file_path = $upload_dir.$file_name;
if ( $file_name ==”") {
$message = “Invalid File Name Specified”;
return $message;
}
$result = move_uploaded_file($temp_name, $file_path);
if (!chmod($file_path,0777))
$message = “change permission to 777 failed.”;
else
$message = ($result)?”$file_name uploaded successfully.” :
“Somthing is wrong with uploading a file.”;
return $message;
}
?>
<center>
<p></p> <p>
</font></p>
<p><br>Xyiry Upload Function</p>
</p><font type=”verdana” color=Blue size=”3″>
<?=$_REQUEST[’message’]?></font>
<form name=”upload” id=”upload” enctype=”multipart/form-data” method=”post”>
<strong>Upload File</strong>
<input type=”file” id=”userfile” name=”userfile”>
<input type=”submit” name=”upload” value=”Upload”>
</font>
</form>
<br>
xyiry Files
<hr width=70% noshade>
<? echo $filelist?>
<? echo $file_name ?>
About this entry
You’re currently reading “PHP Help - PHP upload script,” an entry on Xyiry PHP Blog | Where Open Source Lives
- Published:
- 08.10.07 / 4pm
- Category:
- PHP
No comments
Jump to comment form | comments rss [?] | trackback uri [?]