Can Someone help me please?

Namecheap AuctionsNamecheap Auctions
Namecheap AuctionsNamecheap Auctions
SpaceshipSpaceship
Watch

Devon001

Established Member
Impact
0
Ok, can someone help me please? I try to do it but I can't..
http://www.ezfilehosting.com/

I'm trying to remove where the user does not have a say where his file can be uploaded..


I hid blue lines

File: ea7fbf0bd464f40adeb7d1c59926b937.php
Code:
 <?php print '<!-- The upload form -->
<div class="white_box"> 
  <form id="UploadForm" action="index.php" method="post" enctype="multipart/form-data">
    <div> 
      <h1>Select your files</h1>
      ';for($i=0; $i<count($_vars['upload_fields']); $i++){print'<strong>'; print @$_vars['upload_fields'][$i] . '</strong>.      <input type="file" name="file'; print @$_vars['upload_fields'][$i] . '" size="70" style="margin-bottom: 3px"/>
      <br />
      ';}print' <br />
      ****
      <input type="image" src="images/upload.gif" name="action[doupload]" />
    </div>
    <div> <br />
      <[COLOR=Blue]h1>Upload options</h1>
	Upload into: <strong id="selected_destination">Uploader default</strong><br />
      <select name="destination" cols="50" id="destination" onchange="document.getElementById(\'selected_destination\').innerHTML = this.value;">
	';for($j=0; $j<count($_vars['incoming_directories']); $j++){print'	    <option value="'; print @$_vars['incoming_directories'][$j] . '">'; print @$_vars['incoming_directories'][$j] . '</option>
	';}print'
      </select>[/COLOR]
      <br />
      <br />
      Post upload actions.<br />
      <input type="checkbox" id="img_preview" name="img_preview" value="1" checked="checked" />
      <label for="img_preview">Preview uploaded files</label>
      <br />
      <input type="checkbox" id="img_tags" name="img_tags" value="1" checked="checked" />
      <label for="img_tags">vBB [IMG] tags</label>
      <br />
      <input type="checkbox" id="img_tags" name="img_tags" value="1" checked="checked" />
      <label for="img_tags">vBB [QUOTE] tags</label>
      <br />
      <input type="checkbox" id="img_urls" name="img_urls" value="1" />
      <label for="img_urls">List URLs</label>
      <br />
      <br />
      Add more upload fields.<br />
      <input type="text" id="number_of_fields" name="number_of_fields" size="2" value="'; print @$_vars['number_of_fields'] . '" />
      <div style="position: absolute; display:inline;"> 
        <input type="image" src="images/add.gif" name="add" onclick="increment(\'number_of_fields\'); return false; "/>
        <input type="image" src="images/reload.gif" name="action[reload]" />
      </div>
    </div>
    '; if( @$_vars['show_rules']) { print '
    <div> <br />
      <h1>Upload rules</h1>
      Max file size: '; print @$_vars['max_file_size'] . 'KB<br />
      Image only: ' . (isset($_vars['image_only']) ? $this->yes_or_no(@$_vars['image_only']) : 'yes_or_no') . '<br />
      File name cannot contain the following characters: \\ / : * ? < > | &<br />
      Allowed file types: '; print @$_vars['allowed_types'] . ' </div>';}print'
	'; if( @$_vars['show_comments']) { print '
    <div> <br />
      <h1>Administrator comments</h1>
      '; print @$_vars['comments'] . ' </div>';}print'
  </form>
</div>
<!-- End of the upload form -->
'; ?>


When I hid the blue lines I get an error stating
/includes/uploader.php error in line 31-33



File: uploader.php
Code:
<?php
/************************************************\
 * File Uploader
 * **********************************************
 * File Name	: uploader.php
 * Author       : Tuan Do @ www.celerondude.com
 * Email		: [email protected]
 * Purpose      : on form submit, loop through $_FILES
 *                and move it into the incoming_dir.
                  otherwise display the upload form.
\************************************************/

//-----------------------------------------------
// Page has to be included.
//-----------------------------------------------
if(!defined('UPLOADER'))
{
    exit('hi2u');
}

//-----------------------------------------------
// Get action from the form
//-----------------------------------------------
$act = @key($_POST['action']);
if($act == 'doupload')
{
    $uploaded = array();
    $not_uploaded = array();
    $count = 0;
    [COLOR=Red]$destination_name = htmlspecialchars(stripslashes_gpc(trim($_POST['destination'])));
    $destination = $Settings['incoming_directories'][$destination_name]['path'];
    $url_path = $Settings['incoming_directories'][$destination_name]['url'];[/COLOR]
    foreach($_FILES as $file)
    {
        $error = 0;
        $file['name'] = clean($file['name']);
        if ( !isset ($file['error']) )
        {
            $error = is_uploaded_file ($file['name']);
        }
        else
        {
            $error = ($file['error'] != 0);
        }

        // check for empty file
        if(!$error && $file['size'] === 0)
        {
            $error = 1;
            $not_uploaded[] = $file['name'] . ' is empty or invalid.';
        }
        // check for non-images, if image_only was set
        if(!$error && $Settings['image_only'] && !stristr($file['type'], 'image') )
        {
            $error = 1;
            $not_uploaded[] = $file['name'] . ' is not an image.';
        }
        // check if file is php
        if(!$error && !$Settings['allow_php'] && (extension($file['name']) == '.php') )
        {
            $error = 1;
            $not_uploaded[] = $file['name'] . ', php files are not allowed.';
        }
        // check for the size of the file
        if(!$error && $Settings['max_file_size'] && (($file['size']/ 1000) > $Settings['max_file_size']))
        {
            $error = 1;
            $not_uploaded[] = $file['name'] . ", file size(". $file['size']/ 1000 . 'KB) is greater than ' . $Settings['max_file_size'] . 'KB.';
        }
        // check or existing file
        if(!$error && !$Settings['allow_override'] && file_exists($destination . $file['name']))
        {
            $error = 1;
            $not_uploaded[] = $file['name'] . ', this file already exists in the destination folder.';
        }
        // check for bad characters in the file name
        if(!$error && preg_match("#\\|\/|\:|\*|\?|\&|\<|\>|\|#i", $file['name']))
        {
            $error = 1;
            $not_uploaded[] = $file['name'] . ', file has non alphanumeric character(s).';
        }
        // check for file type
        if(!$error && ($Settings['allowed_types'] != 'all') && !preg_match("#{$Settings['allowed_types']}$#i", $file['name']))
        {
            $error = true;
            $not_uploaded[] = $file['name'] . ', file type not permitted.';
        }
        // logging
        if(!$error && ($Settings['logging']))
        {
            // open old logs
            if(!file_exists($log_file) )
            {
                if(!@touch($log_file))
                {
                    fatal_error('Log error not found, attempt to create file failed.');
                }
            }

            $old = load_file($log_file);
            
            if(!isset($current_user))
            {
                $current_user = 'Unregistered User';
            }
            $log['user'] = $current_user;
            $log['ip'] = $_SERVER['REMOTE_ADDR'] .'(' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ')';
            $log['file'] = $file['name'];
            $log['dest'] = $destination_name;
            $log['time'] =  date('m/d/y h:iA');
            $old[] = $log;
            write_file($log_file, $old);
        }

        if(!$error)
        {
            if(!@move_uploaded_file($file['tmp_name'], $destination . $file['name']) )
            {
                $not_uploaded[] = 'Could not move "' . $file['name'] . '" to the incoming directory.';
            }
            else
            {
                $uploaded[$count]['name'] = $file['name'];
                $uploaded[$count]['url'] = $url_path . $file['name'];
                $count++;
            }
        }
    }// foreach
    
    if(!$count && !count($not_uploaded))
    {
        show_message('No file to upload', 'You did not select any file to upload.', 0);
        redirect('', 2);
    }
    else
    {
        $Template->assign_by_ref('uploaded', $uploaded);
        $Template->assign_by_ref('not_uploaded', $not_uploaded);
        $Template->assign_by_ref('uploaded_count', $count);
        $Template->assign('not_uploaded_count', count($not_uploaded));
        $Template->assign('img_tags', isset($_POST['img_tags']));
        $Template->assign('img_preview', isset($_POST['img_preview']));
        $Template->assign('img_urls', isset($_POST['img_urls']));
        $Template->assign('action', 'uploaded');
    }


}
//-----------------------------------------------
// No action from the form, display upload form.
//-----------------------------------------------
else
{
    $upload_fields = array();
    $number_of_fields = isset( $_POST['number_of_fields'] ) && intval($_POST['number_of_fields']) > 0 ? intval($_POST['number_of_fields']) : $Settings['default_upload_fields'];
    if($number_of_fields > $Settings['max_upload_fields'])
    {
        $number_of_fields = $Settings['default_upload_fields'];
    }
    for($i = 1; $i <= $number_of_fields; $i++)
    {
        $upload_fields[] = $i;
    }
    $allowed_types = implode(' ', explode('|', $Settings['allowed_types']));
    $Template->assign('show_rules', $Settings['show_rules']);
    $Template->assign_by_ref('upload_fields', $upload_fields);
    $Template->assign_by_ref('number_of_fields', $number_of_fields);
    $Template->assign_by_ref('max_file_size', $Settings['max_file_size']);
    $Template->assign_by_ref('image_only', $Settings['image_only']);
    $Template->assign_by_ref('allowed_types', $allowed_types);
    $Template->assign_by_ref('comments', $Settings['comments']);
    $Template->assign_by_ref('show_comments', $Settings['show_comments']);
    $Template->assign('url_path', $Settings['url_path']);
    $incoming = array();
    foreach($Settings['incoming_directories'] as $name => $path)
    {
        $incoming[] = $name;
    }
    $Template->assign('incoming_directories', $incoming );
    $Template->assign('action', 'form');
}

?>


So can anyone tell me how to hide the upload option? I would graciosuly appreciated.
 
0
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Unstoppable Domains — AI StorefrontUnstoppable Domains — AI Storefront
How did you hide the blue lines?
 
0
•••
<--- Hide



//----> don't hide
 
0
•••
You could replace the blue lines with
Code:
   <!--   <h1>Upload options</h1>
	Upload into: <strong id="selected_destination">Uploader default</strong><br /> -->
      <select [b]type=hidden[/b] name="destination" cols="50" id="destination" onchange="document.getElementById(\'selected_destination\').  innerHTML = this.value;">
	';for($j=0; $j<count($_vars['incoming_directories']); $j++){print'	    <option value="'; print @$_vars['incoming_directories'][$j] . '">'; print @$_vars['incoming_directories'][$j] . '</option>
	';}print'
      </select>
Only changes that I made were to hide the first two lines of html with <!-- --> and add type=hidden. Not sure if that will do it, but it's worth a try.
 
0
•••
nope doesn't work :( thanks for trying :)
 
0
•••
What kind of error did it give? Because you could also make the <option type=hidden
 
0
•••
No error.... <option type=hidden


was that how I suppose to do it?
 
0
•••
Devon001 said:
No error.... <option type=hidden


was that how I suppose to do it?
Change the line
Code:
<option value="'; print @$_vars['incoming_directories'][$j] . '">
to
Code:
<option type=hidden value="'; print @$_vars['incoming_directories'][$j] . '">
 
0
•••
No error given.. Drop down menu still there..
 
0
•••
Try:

Code:
<option type="hidden" value="'; print @$_vars['incoming_directories'][$j] . '">
 
0
•••
sorry, doesn't work.. Thanks for helping :)
 
0
•••
Saw this in the sites source...

Code:
<select name="destination" cols="50" id="destination" onchange="document.getElementById('selected_destination').innerHTML = this.value;">
		    <option value="Files">Files</option>

Remove it, and it will get rid of the dropdown...save this code tho, just in case. :)
 
0
•••
doesn't work :(
 
0
•••
You'd want to remove that HTML that you said you did to remove that code from showing up in the users browser. Then you'd have to change these variables so that they are hard coded somewhere rather than being set from form input:
Code:
$destination_name = htmlspecialchars(stripslashes_gpc(trim($_POST['destination'])));
$destination = $Settings['incoming_directories'][$destination_name]['path'];
$url_path = $Settings['incoming_directories'][$destination_name]['url'];

It looks like there's a nother file somewhere that contatins the $Settings variables so you may need to go through and edit them in there.
 
0
•••
Dynadot — .com TransferDynadot — .com Transfer
Truehost — .com domains from $4.99, hosting includedTruehost — .com domains from $4.99, hosting included

We're social

Escrow.com
Spaceship
Domain Recover
CryptoExchange.com
Catchy
DomDB
NameFit
  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back