NamePros.Com - Simple PHP Upload Script [AND EXPLANATION]

Results from the most recent live auction are here.
17 members in the live chat room. Join Chat!

		NamePros.Com > Design and Development > Webmaster Tutorials
Simple PHP Upload Script [AND EXPLANATION]

Page 1 of 3

Thread Tools

03-24-2006, 03:02 PM

· #1

RageD

Senior Member

Name: Dennis

Location: Joliet, Illinois

Trader Rating: (42)

Join Date: Apr 2005

Posts: 1,140
NP$: 57.10 (Donate)

Simple PHP Upload Script [AND EXPLANATION]

ALL Original scripts (no need to download) have been moved to this post!

NOTE: The latest versions are in this post for download!

-RageD

TODO List (v2)
-Start/Finish Admin Panel
-Allow admins to select what they wish their users to be able to upload.

^^^ Please give me suggestions for this list!

All scripts have been tested successfully!

DISCLAIMER: Some scripts are indeed insecure. Neither I nor Namepros.com can be held responsible for any hacking/attempts on your site or server.

Please register or log-in into NamePros to hide ads

Attached Files

	Upload Script + Login.zip (2.8 KB, 81 views)
	Upload Script + Login v1.15.zip (3.5 KB, 91 views)
	Upload Script v1.15.zip (1.9 KB, 83 views)
	Upload Script v2 - Preversion.zip (6.6 KB, 75 views)

Last edited by RageD : 12-21-2006 at 07:01 PM.

03-24-2006, 03:10 PM	· #2
NetworkTown.Net Senior Member Name: Soon.... Location: United Kingdom Trader Rating: (27) Join Date: Oct 2005 Posts: 1,554 NP$: 49.74 (Donate)	Got any demos?

03-24-2006, 03:12 PM	· #3
RageD Senior Member Name: Dennis Location: Joliet, Illinois Trader Rating: (42) Join Date: Apr 2005 Posts: 1,140 NP$: 57.10 (Donate)	Original Post Here is the original post: PHP Code: <?php /* Upload Script by RageD © 2006 RageD. All Rights Reserved. Filename: upload.php File Info: Created by RageD. Upload script for anyone who needs it File Function: Uploads Files into a hidden directory (In this case by default '/uploads' File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777 Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty"; / // Use this to define your upload directory! $upload_dir = "uploads"; if(!$upload){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" method="post" action="?upload=step2"> <p>Enter the amount of boxes you will need below. Max = 99</p> <p> <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2"> </p> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload){ if($upload == "step2"){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process"> <p> <? // start of dynamic form $uploadNeed = $_POST['uploadNeed']; for($x=0;$x<$uploadNeed;$x++){ ?> <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>"> </p> <? // end of for loop } ?> <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>"> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload == "process"){ $uploadNeed = $_POST['uploadNeed']; // start for loop for($x=0;$x<$uploadNeed;$x++){ $file_name = $_FILES['uploadFile'. $x]['name']; $show_file = $_FILES['uploadFile'. $x]['name']; // strip file_name of slashes $file_name = stripslashes("$upload_dir/$file_name"); $file_name = str_replace("'","",$file_name); $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name); // check if successfully copied if($copy){ echo "$show_file \| uploaded sucessfully!<br>"; }else{ echo "$show_file \| could not be uploaded!<br>"; } } // end of loop } } ?> This one uploads directly to the directory the upload script is in!* READ NOTES IN THE BEGINNING OF FILE! PHP Code: <?php /* Upload Script by RageD © 2006 RageD. All Rights Reserved. Filename: upload.php File Info: Created by RageD. Upload script for anyone who needs it File Function: Uploads Files directly into directory of this script! File Notes: Make sure your directory where this file is located is CHMODDED to 0777 / if(!$upload){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" method="post" action="?upload=step2"> <p>Enter the amount of boxes you will need below. Max = 99</p> <p> <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2"> </p> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload){ if($upload == "step2"){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process"> <p> <? // start of dynamic form $uploadNeed = $_POST['uploadNeed']; for($x=0;$x<$uploadNeed;$x++){ ?> <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>"> </p> <? // end of for loop } ?> <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>"> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload == "process"){ $uploadNeed = $_POST['uploadNeed']; // start for loop for($x=0;$x<$uploadNeed;$x++){ $file_name = $_FILES['uploadFile'. $x]['name']; $show_file = $_FILES['uploadFile'. $x]['name']; // strip file_name of slashes $file_name = stripslashes("$file_name"); $file_name = str_replace("'","",$file_name); $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name); // check if successfully copied if($copy){ echo "$show_file \| uploaded sucessfully!<br>"; }else{ echo "$show_file \| could not be uploaded!<br>"; } } // end of loop } } ?> This one shows the user where the file is uploaded to (The directory if you do not want it uploaded to the same directory as this script)* PHP Code: <?php /* Upload Script by RageD © 2006 RageD. All Rights Reserved. Filename: upload.php File Info: Created by RageD. Upload script for anyone who needs it File Function: Uploads Files into a directory other than the one the script is in! Shows user the upload directory! File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777 Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty"; / // Use this to define your upload directory! $upload_dir = "uploads"; if(!$upload){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" method="post" action="?upload=step2"> <p>Enter the amount of boxes you will need below. Max = 99</p> <p> <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2"> </p> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload){ if($upload == "step2"){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process"> <p> <? // start of dynamic form $uploadNeed = $_POST['uploadNeed']; for($x=0;$x<$uploadNeed;$x++){ ?> <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>"> </p> <? // end of for loop } ?> <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>"> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload == "process"){ $uploadNeed = $_POST['uploadNeed']; // start for loop for($x=0;$x<$uploadNeed;$x++){ $file_name = $_FILES['uploadFile'. $x]['name']; // strip file_name of slashes $file_name = stripslashes("$upload_dir/$file_name"); $file_name = str_replace("'","",$file_name); $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name); // check if successfully copied if($copy){ echo "$file_name \| uploaded sucessfully!<br>"; }else{ echo "$file_name \| could not be uploaded!<br>"; } } // end of loop } } ?> -RageD For webservers running PHP version 4.x+ add these lines somewhere near the top somewhere. PHP Code: `// Define our URL extension $upload = $_GET['upload'];` ======== Add-ons ======== Accept .gif files only* Add PHP Code: `$file_type = $_FILES['uploadFile'. $x]['type']; if($file_type != "image/gif"){ echo("The server is only accepting .gif files!"); exit; }` Before PHP Code: `$file_name = $_FILES['uploadFile'. $x]['name'];` That works for any of the files... Here is the exact "upload4.php" example: PHP Code: <?php /* Upload Script by RageD © 2006 RageD. All Rights Reserved. Filename: upload.php File Info: Created by RageD. Upload script for anyone who needs it File Function: This is just like the example 3 script except it only allows .gif files File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777 Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty"; / // Define Function for uploading.. $upload = $_GET['upload']; // Use this to define your upload directory! $upload_dir = "uploads"; if(!$upload){ ?> <html> <head> <title>Upload Files --- Demo</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" method="post" action="?upload=step2"> <p>Enter the amount of boxes you will need below. Max = 99</p> <p> <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2"> </p> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload){ if($upload == "step2"){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process"> <p> <? // start of dynamic form $uploadNeed = $_POST['uploadNeed']; for($x=0;$x<$uploadNeed;$x++){ ?> <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>"> </p> <? // end of for loop } ?> <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>"> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload == "process"){ $uploadNeed = $_POST['uploadNeed']; // start for loop for($x=0;$x<$uploadNeed;$x++){ $file_type = $_FILES['uploadFile'. $x]['type']; if($file_type != "image/gif"){ echo("The server is only accepting .gif files!"); exit; } $file_name = $_FILES['uploadFile'. $x]['name']; $show_file = $_FILES['uploadFile'. $x]['name']; // strip file_name of slashes $file_name = stripslashes("$upload_dir/$file_name"); $file_name = str_replace("'","",$file_name); $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name); // check if successfully copied if($copy){ echo "$show_file \| uploaded sucessfully!<br>"; }else{ echo "$show_file \| could not be uploaded!<br>"; } } // end of loop } } ?> Force users to register and login to upload* This makes a user register and login before having the ability to upload files to the server! Requires PHP and MySQL. Open: file.php (Main upload script) Add: (On line 2) PHP Code: `session_start();` After: (On line 1) PHP Code: `<?php` Add: PHP Code: `//Include DB Connections include("dbconn.php");` After: PHP Code: `// Use this to define your upload directory! $upload_dir = "uploads";` Now After: PHP Code: `if(!$upload){ ?>` Add: PHP Code: <html> <head> <title>Upload Files :: Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> </head> <body> <form name="login" method="POST" action="?upload=login"> Login Name: <input type="text" name="user"><br> Password: <input type="password" name="pass"><br> <input type=submit value="Login"><input type=reset> </form> <font size="2">Not registered? <a href="?upload=register">Register</a> to upload!</font> </body> </html> <?php } if($upload == "register"){ ?> <html> <head> <title>Upload Files :: Login:</title> <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> </head> <body> <form name="login" method="POST" action="?upload=registerlogin"> Login Name: <input type="text" name="uname"><br> Password: <input type="password" name="pass"><br> <input type=submit value="Signup"><input type=reset> </form> <font size="2">Not registered? <a href="?page=register">Register</a> to upload!</font> </body> </html> <?php } if($upload == "registerlogin"){ $uname = $_POST['uname']; $pass = $_POST['pass']; if(!$uname \|\| !$pass){ echo("Please enter all the fields!"); exit; } function do_error($msg) { echo '<font color=red><b>ERROR <</font>'.$msg.'</b><br>Please go back to fix the error'; exit; } @ $r1 = mysql_query("SELECT * FROM users WHERE username='$uname'"); if (mysql_num_rows($r1) > 0) { do_error('That username is already taken.'); } //MD5 Encrypt $pass = md5($pass); $q = "INSERT INTO users VALUES(NULL, '$uname', '$pass')"; @ $result = mysql_query($q); if (!$result) { do_error('Could not insert into database. Error returned is '.mysql_error()); } echo("Thank you! You can now <a href='?upload'>login</a>!"); } if($upload == "login"){ $pass = $_POST['pass']; $user = $_POST['user']; $pass = md5($pass); $q = "SELECT * FROM users WHERE username='$user' AND password='$pass' LIMIT 1"; $r = mysql_query($q); //No matches if (mysql_num_rows($r) < 1) { echo('Invalid username/password combination.'); exit; } else { echo("Logged in: Please go <a href='?upload=files'>here</a> to upload!"); $_SESSION['username'] = $user; } } if($upload == "files"){ session_start(); if(!$_SESSION['username']){ echo('You are not logged in. <a href="?upload">Login</a>'); exit; } ?> Save & Close file.php (Main upload script) Now create a new file called "dbconn.php" Change the variables as needed: PHP Code: `<?php /* Script by RageD to connect to MySQL DB / @ $conn = mysql_connect('localhost', 'mysql_username_here', 'mysql_pass_here'); @ $db = mysql_select_db('mysql_dbname_here'); if (!$conn \|\| !$db) { echo('Could not connect to database. Error returned is: '.mysql_error()); exit; } ?>` Save & Close* dbconn.php Finally, create a database (MySQL) and insert this query: Code: CREATE TABLE `users` ( `id` BIGINT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY , `username` VARCHAR( 16 ) NOT NULL , `password` VARCHAR( 32 ) NOT NULL ) ENGINE = MYISAM CHARACTER SET latin1 COLLATE latin1_swedish_ci COMMENT = 'Everyone loves a databse :)' Here is a full working script (need dbconn.php and the MySQL query done for it to work) for this. It is the add-on plus the first script! PHP Code: <?php session_start(); /* Upload Script by RageD © 2006 RageD. All Rights Reserved. Filename: upload.php File Info: Created by RageD. Upload script for anyone who needs it File Function: Uploads Files into a hidden directory (In this case by default '/uploads'. Forces a user to register and login! File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777 Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty"; / // Define URL extension $upload = $_GET['upload']; // Use this to define your upload directory! $upload_dir = "uploads"; // Include DB connection include("dbconn.php"); if(!$upload){ ?> <html> <head> <title>Upload Files :: Login</title> <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> </head> <body> <form name="login" method="POST" action="?upload=login"> Login Name: <input type="text" name="user"><br> Password: <input type="password" name="pass"><br> <input type=submit value="Login"><input type=reset> </form> <font size="2">Not registered? <a href="?upload=register">Register</a> to upload!</font> </body> </html> <?php } if($upload == "register"){ ?> <html> <head> <title>Upload Files :: Login:</title> <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"> </head> <body> <form name="login" method="POST" action="?upload=registerlogin"> Login Name: <input type="text" name="uname"><br> Password: <input type="password" name="pass"><br> <input type=submit value="Signup"><input type=reset> </form> <font size="2">Not registered? <a href="?page=register">Register</a> to upload!</font> </body> </html> <?php } if($upload == "registerlogin"){ $uname = $_POST['uname']; $pass = $_POST['pass']; if(!$uname \|\| !$pass){ echo("Please enter all the fields!"); exit; } function do_error($msg) { echo '<font color=red><b>ERROR <</font>'.$msg.'</b><br>Please go back to fix the error'; exit; } @ $r1 = mysql_query("SELECT FROM users WHERE username='$uname'"); if (mysql_num_rows($r1) > 0) { do_error('That username is already taken.'); } //MD5 Encrypt $pass = md5($pass); $q = "INSERT INTO users VALUES(NULL, '$uname', '$pass')"; @ $result = mysql_query($q); if (!$result) { do_error('Could not insert into database. Error returned is '.mysql_error()); } echo("Thank you! You can now <a href='?upload'>login</a>!"); } if($upload == "login"){ $pass = $_POST['pass']; $user = $_POST['user']; $pass = md5($pass); $q = "SELECT * FROM users WHERE username='$user' AND password='$pass' LIMIT 1"; $r = mysql_query($q); //No matches if (mysql_num_rows($r) < 1) { echo('Invalid username/password combination.'); exit; } else { echo("Logged in: Please go <a href='?upload=files'>here</a> to upload!"); $_SESSION['username'] = $user; } } if($upload == "files"){ session_start(); if(!$_SESSION['username']){ echo('You are not logged in. <a href="?upload">Login</a>'); exit; } ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" method="post" action="?upload=step2"> <p>Enter the amount of boxes you will need below. Max = 99</p> <p> <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2"> </p> <p> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload){ if($upload == "step2"){ ?> <html> <head> <title>Upload Files</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process"> <p> <? // start of dynamic form $uploadNeed = $_POST['uploadNeed']; for($x=0;$x<$uploadNeed;$x++){ ?> <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>"> </p> <? // end of for loop } ?> <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>"> <input type="submit" name="Submit" value="Submit"> </p> </form> </body> </html> <?php } if($upload == "process"){ $uploadNeed = $_POST['uploadNeed']; // start for loop for($x=0;$x<$uploadNeed;$x++){ $file_name = $_FILES['uploadFile'. $x]['name']; $show_file = $_FILES['uploadFile'. $x]['name']; // strip file_name of slashes $file_name = stripslashes("$upload_dir/$file_name"); $file_name = str_replace("'","",$file_name); $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name); // check if successfully copied if($copy){ echo "$show_file \| uploaded sucessfully!<br>"; }else{ echo "$show_file \| could not be uploaded!<br>"; } } // end of loop } } ?> Allow only: .zip, .rar, .jpg, .gif, .bmp, .png, & .txt extensions! This modification is too big just for a simple modding, so I have provided 2 downloads. 1 with Login + this and one with NO login! Note: These scripts can be found in the v1.15 series! Last edited by RageD : 12-21-2006 at 07:00 PM. Reason: This is the Original Post

03-24-2006, 03:18 PM	· #4
NetworkTown.Net Senior Member Name: Soon.... Location: United Kingdom Trader Rating: (27) Join Date: Oct 2005 Posts: 1,554 NP$: 49.74 (Donate)	Ok ill be waiting

03-24-2006, 03:19 PM	· #5
RageD Senior Member Name: Dennis Location: Joliet, Illinois Trader Rating: (42) Join Date: Apr 2005 Posts: 1,140 NP$: 57.10 (Donate)	Added! -RageD

03-28-2006, 02:54 AM	· #6
XwaR NamePros Member Trader Rating: (0) Join Date: Mar 2006 Posts: 29 NP$: 0.00 (Donate)	Awesom stuff..........

03-28-2006, 03:39 AM

· #7

weblord

www.1weblord.com

Name: William R. Nabaza - williamrnabaza.com

Location: Philippines - www.Nabaza.com

Trader Rating: (224)

Join Date: Dec 2005

Posts: 18,088
NP$: 17046.78 (Donate)

that's great stuff, just what i need, rep coming your way. thanks.

__________________

OFFDAYS: SATS/SUNS POST ADS FOR FREE Names and Hosting
Benefits of Reading Magazines FREE 24/7 Domain Uptime Monitor
2008 Ultimate Internet Promotion and Internet Advertising
U.S.$6/yr domains with purchase of 1 year Enterprise Plan

04-01-2006, 06:19 AM	· #8
sb225 Senior Member Trader Rating: (21) Join Date: Feb 2006 Posts: 3,252 NP$: 1233.05 (Donate)	great stuff __________________ India Forum I Social Bookmarking I ☻∙DN Chat Group∙☻ FreeHostingTalk.com- Talk, Advertise, And Review About Free Webhosting. Dot Us Domains

04-01-2006, 09:34 AM	· #9
RageD Senior Member Name: Dennis Location: Joliet, Illinois Trader Rating: (42) Join Date: Apr 2005 Posts: 1,140 NP$: 57.10 (Donate) <