| Senior Member Name: Dennis Location: Joliet, Illinois Join Date: Apr 2005
Posts: 1,169
NP$: 386.10 ( Donate)
| Original Post
Here is the original post: PHP Code: <?php
/* Upload Script by RageD
© 2006 RageD. All Rights Reserved.
Filename: upload.php
File Info: Created by RageD. Upload script for anyone who needs it
File Function: Uploads Files into a hidden directory (In this case by default '/uploads'
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/
// Use this to define your upload directory!
$upload_dir = "uploads";
if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" method="post" action="?upload=step2">
<p>Enter the amount of boxes you will need below. Max = 99</p>
<p>
<input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php
}
if($upload){
if($upload == "step2"){ ?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
<p>
<?
// start of dynamic form
$uploadNeed = $_POST['uploadNeed'];
for($x=0;$x<$uploadNeed;$x++){
?>
<input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
</p>
<?
// end of for loop
}
?>
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php }
if($upload == "process"){
$uploadNeed = $_POST['uploadNeed'];
// start for loop
for($x=0;$x<$uploadNeed;$x++){
$file_name = $_FILES['uploadFile'. $x]['name'];
$show_file = $_FILES['uploadFile'. $x]['name'];
// strip file_name of slashes
$file_name = stripslashes("$upload_dir/$file_name");
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
// check if successfully copied
if($copy){
echo "$show_file | uploaded sucessfully!<br>";
}else{
echo "$show_file | could not be uploaded!<br>";
}
} // end of loop
}
}
?> This one uploads directly to the directory the upload script is in! READ NOTES IN THE BEGINNING OF FILE! PHP Code: <?php
/* Upload Script by RageD
© 2006 RageD. All Rights Reserved.
Filename: upload.php
File Info: Created by RageD. Upload script for anyone who needs it
File Function: Uploads Files directly into directory of this script!
File Notes: Make sure your directory where this file is located is CHMODDED to 0777
*/
if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" method="post" action="?upload=step2">
<p>Enter the amount of boxes you will need below. Max = 99</p>
<p>
<input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php
}
if($upload){
if($upload == "step2"){ ?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
<p>
<?
// start of dynamic form
$uploadNeed = $_POST['uploadNeed'];
for($x=0;$x<$uploadNeed;$x++){
?>
<input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
</p>
<?
// end of for loop
}
?>
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php }
if($upload == "process"){
$uploadNeed = $_POST['uploadNeed'];
// start for loop
for($x=0;$x<$uploadNeed;$x++){
$file_name = $_FILES['uploadFile'. $x]['name'];
$show_file = $_FILES['uploadFile'. $x]['name'];
// strip file_name of slashes
$file_name = stripslashes("$file_name");
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
// check if successfully copied
if($copy){
echo "$show_file | uploaded sucessfully!<br>";
}else{
echo "$show_file | could not be uploaded!<br>";
}
} // end of loop
}
}
?> This one shows the user where the file is uploaded to (The directory if you do not want it uploaded to the same directory as this script) PHP Code: <?php
/* Upload Script by RageD
© 2006 RageD. All Rights Reserved.
Filename: upload.php
File Info: Created by RageD. Upload script for anyone who needs it
File Function: Uploads Files into a directory other than the one the script is in! Shows user the upload directory!
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/
// Use this to define your upload directory!
$upload_dir = "uploads";
if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" method="post" action="?upload=step2">
<p>Enter the amount of boxes you will need below. Max = 99</p>
<p>
<input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php
}
if($upload){
if($upload == "step2"){ ?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
<p>
<?
// start of dynamic form
$uploadNeed = $_POST['uploadNeed'];
for($x=0;$x<$uploadNeed;$x++){
?>
<input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
</p>
<?
// end of for loop
}
?>
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php }
if($upload == "process"){
$uploadNeed = $_POST['uploadNeed'];
// start for loop
for($x=0;$x<$uploadNeed;$x++){
$file_name = $_FILES['uploadFile'. $x]['name'];
// strip file_name of slashes
$file_name = stripslashes("$upload_dir/$file_name");
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
// check if successfully copied
if($copy){
echo "$file_name | uploaded sucessfully!<br>";
}else{
echo "$file_name | could not be uploaded!<br>";
}
} // end of loop
}
}
?>
-RageD
For webservers running PHP version 4.x+ add these lines somewhere near the top somewhere. PHP Code: // Define our URL extension
$upload = $_GET['upload'];
========
Add-ons
========- Accept .gif files only
Add
PHP Code: $file_type = $_FILES['uploadFile'. $x]['type'];
if($file_type != "image/gif"){
echo("The server is only accepting .gif files!");
exit;
}
Before
PHP Code: $file_name = $_FILES['uploadFile'. $x]['name'];
That works for any of the files... Here is the exact "upload4.php" example:
PHP Code: <?php
/* Upload Script by RageD
© 2006 RageD. All Rights Reserved.
Filename: upload.php
File Info: Created by RageD. Upload script for anyone who needs it
File Function: This is just like the example 3 script except it only allows .gif files
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/
// Define Function for uploading..
$upload = $_GET['upload'];
// Use this to define your upload directory!
$upload_dir = "uploads";
if(!$upload){
?>
<html>
<head>
<title>Upload Files --- Demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" method="post" action="?upload=step2">
<p>Enter the amount of boxes you will need below. Max = 99</p>
<p>
<input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php
}
if($upload){
if($upload == "step2"){ ?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
<p>
<?
// start of dynamic form
$uploadNeed = $_POST['uploadNeed'];
for($x=0;$x<$uploadNeed;$x++){
?>
<input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
</p>
<?
// end of for loop
}
?>
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php }
if($upload == "process"){
$uploadNeed = $_POST['uploadNeed'];
// start for loop
for($x=0;$x<$uploadNeed;$x++){
$file_type = $_FILES['uploadFile'. $x]['type'];
if($file_type != "image/gif"){
echo("The server is only accepting .gif files!");
exit;
}
$file_name = $_FILES['uploadFile'. $x]['name'];
$show_file = $_FILES['uploadFile'. $x]['name'];
// strip file_name of slashes
$file_name = stripslashes("$upload_dir/$file_name");
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
// check if successfully copied
if($copy){
echo "$show_file | uploaded sucessfully!<br>";
}else{
echo "$show_file | could not be uploaded!<br>";
}
} // end of loop
}
}
?>
- Force users to register and login to upload
This makes a user register and login before having the ability to upload files to the server! Requires PHP and MySQL.
Open: file.php (Main upload script)
Add: (On line 2)
After: (On line 1)
Add:
PHP Code: //Include DB Connections
include("dbconn.php");
After:
PHP Code: // Use this to define your upload directory!
$upload_dir = "uploads";
Now After:
Add:
PHP Code: <html>
<head>
<title>Upload Files :: Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
</head>
<body>
<form name="login" method="POST" action="?upload=login">
Login Name: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type=submit value="Login"><input type=reset>
</form>
<font size="2">Not registered? <a href="?upload=register">Register</a> to upload!</font>
</body>
</html>
<?php
}
if($upload == "register"){
?>
<html>
<head>
<title>Upload Files :: Login:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
</head>
<body>
<form name="login" method="POST" action="?upload=registerlogin">
Login Name: <input type="text" name="uname"><br>
Password: <input type="password" name="pass"><br>
<input type=submit value="Signup"><input type=reset>
</form>
<font size="2">Not registered? <a href="?page=register">Register</a> to upload!</font>
</body>
</html>
<?php
}
if($upload == "registerlogin"){
$uname = $_POST['uname'];
$pass = $_POST['pass'];
if(!$uname || !$pass){
echo("Please enter all the fields!");
exit;
}
function do_error($msg)
{
echo '<font color=red><b>ERROR <</font>'.$msg.'</b><br>Please go back to fix the error';
exit;
}
@ $r1 = mysql_query("SELECT * FROM users WHERE username='$uname'");
if (mysql_num_rows($r1) > 0)
{
do_error('That username is already taken.');
}
//MD5 Encrypt
$pass = md5($pass);
$q = "INSERT INTO users VALUES(NULL, '$uname', '$pass')";
@ $result = mysql_query($q);
if (!$result)
{
do_error('Could not insert into database. Error returned is '.mysql_error());
}
echo("Thank you! You can now <a href='?upload'>login</a>!");
}
if($upload == "login"){
$pass = $_POST['pass'];
$user = $_POST['user'];
$pass = md5($pass);
$q = "SELECT * FROM users WHERE username='$user' AND password='$pass' LIMIT 1";
$r = mysql_query($q);
//No matches
if (mysql_num_rows($r) < 1)
{
echo('Invalid username/password combination.');
exit;
}
else
{
echo("Logged in: Please go <a href='?upload=files'>here</a> to upload!");
$_SESSION['username'] = $user;
}
}
if($upload == "files"){
session_start();
if(!$_SESSION['username']){
echo('You are not logged in. <a href="?upload">Login</a>');
exit;
}
?>
Save & Close file.php (Main upload script)
Now create a new file called "dbconn.php"
Change the variables as needed:
PHP Code: <?php
/* Script by RageD to connect to MySQL DB */
@ $conn = mysql_connect('localhost', 'mysql_username_here', 'mysql_pass_here');
@ $db = mysql_select_db('mysql_dbname_here');
if (!$conn || !$db)
{
echo('Could not connect to database. Error returned is: '.mysql_error());
exit;
}
?>
Save & Close dbconn.php
Finally, create a database (MySQL) and insert this query:
Code:
CREATE TABLE `users` (
`id` BIGINT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 16 ) NOT NULL ,
`password` VARCHAR( 32 ) NOT NULL
) ENGINE = MYISAM CHARACTER SET latin1 COLLATE latin1_swedish_ci COMMENT = 'Everyone loves a databse :)'
Here is a full working script (need dbconn.php and the MySQL query done for it to work) for this. It is the add-on plus the first script!
PHP Code: <?php
session_start();
/* Upload Script by RageD
© 2006 RageD. All Rights Reserved.
Filename: upload.php
File Info: Created by RageD. Upload script for anyone who needs it
File Function: Uploads Files into a hidden directory (In this case by default '/uploads'. Forces a user to register and login!
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/
// Define URL extension
$upload = $_GET['upload'];
// Use this to define your upload directory!
$upload_dir = "uploads";
// Include DB connection
include("dbconn.php");
if(!$upload){
?>
<html>
<head>
<title>Upload Files :: Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
</head>
<body>
<form name="login" method="POST" action="?upload=login">
Login Name: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type=submit value="Login"><input type=reset>
</form>
<font size="2">Not registered? <a href="?upload=register">Register</a> to upload!</font>
</body>
</html>
<?php
}
if($upload == "register"){
?>
<html>
<head>
<title>Upload Files :: Login:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
</head>
<body>
<form name="login" method="POST" action="?upload=registerlogin">
Login Name: <input type="text" name="uname"><br>
Password: <input type="password" name="pass"><br>
<input type=submit value="Signup"><input type=reset>
</form>
<font size="2">Not registered? <a href="?page=register">Register</a> to upload!</font>
</body>
</html>
<?php
}
if($upload == "registerlogin"){
$uname = $_POST['uname'];
$pass = $_POST['pass'];
if(!$uname || !$pass){
echo("Please enter all the fields!");
exit;
}
function do_error($msg)
{
echo '<font color=red><b>ERROR <</font>'.$msg.'</b><br>Please go back to fix the error';
exit;
}
@ $r1 = mysql_query("SELECT * FROM users WHERE username='$uname'");
if (mysql_num_rows($r1) > 0)
{
do_error('That username is already taken.');
}
//MD5 Encrypt
$pass = md5($pass);
$q = "INSERT INTO users VALUES(NULL, '$uname', '$pass')";
@ $result = mysql_query($q);
if (!$result)
{
do_error('Could not insert into database. Error returned is '.mysql_error());
}
echo("Thank you! You can now <a href='?upload'>login</a>!");
}
if($upload == "login"){
$pass = $_POST['pass'];
$user = $_POST['user'];
$pass = md5($pass);
$q = "SELECT * FROM users WHERE username='$user' AND password='$pass' LIMIT 1";
$r = mysql_query($q);
//No matches
if (mysql_num_rows($r) < 1)
{
echo('Invalid username/password combination.');
exit;
}
else
{
echo("Logged in: Please go <a href='?upload=files'>here</a> to upload!");
$_SESSION['username'] = $user;
}
}
if($upload == "files"){
session_start();
if(!$_SESSION['username']){
echo('You are not logged in. <a href="?upload">Login</a>');
exit;
}
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" method="post" action="?upload=step2">
<p>Enter the amount of boxes you will need below. Max = 99</p>
<p>
<input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php
}
if($upload){
if($upload == "step2"){ ?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
<p>
<?
// start of dynamic form
$uploadNeed = $_POST['uploadNeed'];
for($x=0;$x<$uploadNeed;$x++){
?>
<input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
</p>
<?
// end of for loop
}
?>
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php }
if($upload == "process"){
$uploadNeed = $_POST['uploadNeed'];
// start for loop
for($x=0;$x<$uploadNeed;$x++){
$file_name = $_FILES['uploadFile'. $x]['name'];
$show_file = $_FILES['uploadFile'. $x]['name'];
// strip file_name of slashes
$file_name = stripslashes("$upload_dir/$file_name");
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
// check if successfully copied
if($copy){
echo "$show_file | uploaded sucessfully!<br>";
}else{
echo "$show_file | could not be uploaded!<br>";
}
} // end of loop
}
}
?>
Allow only: .zip, .rar, .jpg, .gif, .bmp, .png, & .txt extensions!
This modification is too big just for a simple modding, so I have provided 2 downloads.
1 with Login + this
and one with NO login!
Note: These scripts can be found in the v1.15 series!
|
