<?php
session_start();
/* Upload Script by RageD
© 2006 RageD. All Rights Reserved.
Filename: upload.php
File Info: Created by RageD. Upload script for anyone who needs it
File Function: Uploads Files into a hidden directory (In this case by default '/uploads'. Forces a user to register and login!
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/
// Define URL extension
$upload = $_GET['upload'];
// Use this to define your upload directory!
$upload_dir = "uploads";
// Include DB connection
include("dbconn.php");
if(!$upload){
?>
<html>
<head>
<title>Upload Files :: Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
</head>
<body>
<form name="login" method="POST" action="?upload=login">
Login Name: <input type="text" name="user"><br>
Password: <input type="password" name="pass"><br>
<input type=submit value="Login"><input type=reset>
</form>
<font size="2">Not registered? <a href="?upload=register">Register</a> to upload!</font>
</body>
</html>
<?php
}
if($upload == "register"){
?>
<html>
<head>
<title>Upload Files :: Login:</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
</head>
<body>
<form name="login" method="POST" action="?upload=registerlogin">
Login Name: <input type="text" name="uname"><br>
Password: <input type="password" name="pass"><br>
<input type=submit value="Signup"><input type=reset>
</form>
<font size="2">Not registered? <a href="?page=register">Register</a> to upload!</font>
</body>
</html>
<?php
}
if($upload == "registerlogin"){
$uname = $_POST['uname'];
$pass = $_POST['pass'];
if(!$uname || !$pass){
echo("Please enter all the fields!");
exit;
}
function do_error($msg)
{
echo '<font color=red><b>ERROR <</font>'.$msg.'</b><br>Please go back to fix the error';
exit;
}
@ $r1 = mysql_query("SELECT * FROM users WHERE username='$uname'");
if (mysql_num_rows($r1) > 0)
{
do_error('That username is already taken.');
}
//MD5 Encrypt
$pass = md5($pass);
$q = "INSERT INTO users VALUES(NULL, '$uname', '$pass')";
@ $result = mysql_query($q);
if (!$result)
{
do_error('Could not insert into database. Error returned is '.mysql_error());
}
echo("Thank you! You can now <a href='?upload'>login</a>!");
}
if($upload == "login"){
$pass = $_POST['pass'];
$user = $_POST['user'];
$pass = md5($pass);
$q = "SELECT * FROM users WHERE username='$user' AND password='$pass' LIMIT 1";
$r = mysql_query($q);
//No matches
if (mysql_num_rows($r) < 1)
{
echo('Invalid username/password combination.');
exit;
}
else
{
echo("Logged in: Please go <a href='?upload=files'>here</a> to upload!");
$_SESSION['username'] = $user;
}
}
if($upload == "files"){
session_start();
if(!$_SESSION['username']){
echo('You are not logged in. <a href="?upload">Login</a>');
exit;
}
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" method="post" action="?upload=step2">
<p>Enter the amount of boxes you will need below. Max = 99</p>
<p>
<input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
</p>
<p>
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php
}
if($upload){
if($upload == "step2"){ ?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
<p>
<?
// start of dynamic form
$uploadNeed = $_POST['uploadNeed'];
for($x=0;$x<$uploadNeed;$x++){
?>
<input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
</p>
<?
// end of for loop
}
?>
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
<?php }
if($upload == "process"){
$uploadNeed = $_POST['uploadNeed'];
// start for loop
for($x=0;$x<$uploadNeed;$x++){
$file_name = $_FILES['uploadFile'. $x]['name'];
$show_file = $_FILES['uploadFile'. $x]['name'];
// strip file_name of slashes
$file_name = stripslashes("$upload_dir/$file_name");
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
// check if successfully copied
if($copy){
echo "$show_file | uploaded sucessfully!<br>";
}else{
echo "$show_file | could not be uploaded!<br>";
}
} // end of loop
}
}
?>