Simple PHP Upload Script [AND EXPLANATION]

[RageD]

ALL Original scripts (no need to download) have been moved to this post!

NOTE: The latest versions are in this post for download!

-RageD

• TODO List (v2)
  -Start/Finish Admin Panel
  -Allow admins to select what they wish their users to be able to upload.

^^^ Please give me suggestions for this list!

All scripts have been tested successfully!

DISCLAIMER: Some scripts are indeed insecure. Neither I nor Namepros.com can be held responsible for any hacking/attempts on your site or server.

 

[RageD]

well no duh, with an upload script there is always the mention of security, but considering the only thing they can upload is virus's that effect others if they get someone to download it, otherwise its only php scripts you will have to worry about..

Even still add a downloader for the files, I worked on a few uploader scripts myself and they are not hard to create look for tutorials and other info on the web php.net is a big help when it comes to uploading files and editing files.

Little edit to your first script, when file is uploaded successfully, this will return the url in a text box, just like imageshack.us does.

hope you don't mind that I did a tiny bit of editing RageD.

  <?php
/* Upload Script by RageD
© 2006 RageD.  All Rights Reserved.
Filename: upload.php
File Info: Created by RageD.  Upload script for anyone who needs it
File Function: Uploads Files into a hidden directory (In this case by default '/uploads'
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/

// Use this to define your upload directory!
$upload_dir = "uploads";

//edit this so the link displays correcty, no trailing slashes!
$site = "http://www.xiaohost.com"; 

if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="?upload=step2">
  <p>Enter the amount of boxes you will need below. Max = 99</p>
  <p>
    <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
  </p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>
<?php
}
if($upload){
  if($upload == "step2"){ ?>
      <html>
      <head>
      <title>Upload Files</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      </head>

      <body>

      <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
        <p>
        <?
        // start of dynamic form
        $uploadNeed = $_POST['uploadNeed'];
        for($x=0;$x<$uploadNeed;$x++){
        ?>
          <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
        </p>
        <?
        // end of for loop
        }
        ?>
        <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
          <input type="submit" name="Submit" value="Submit">
        </p>
      </form>
      </body>
      </html>
<?php }
  if($upload == "process"){
      $uploadNeed = $_POST['uploadNeed'];
      // start for loop
      for($x=0;$x<$uploadNeed;$x++){
      $file_name = $_FILES['uploadFile'. $x]['name'];
      $show_file = $_FILES['uploadFile'. $x]['name'];
      // strip file_name of slashes
      $file_name = stripslashes("$upload_dir/$file_name");
      $file_name = str_replace("'","",$file_name);
      $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
       // check if successfully copied
       if($copy){
       echo "$show_file | uploaded sucessfully!<br>";
	echo "Link To File: <textarea rows='1' name='select' 	cols='140'>http://www.".$site."/".$upload_dir."/".$file_name."</textarea></p>";
       }else{
       echo "$show_file | could not be uploaded!<br>";
       }
      } // end of loop
   }
}
?>

Not a problem, appreciate the update!

-RageD

 

[jontalbot]

one problem... its vulnerable to hacking. All one has to do is upload a certain script and they have the backdoor to the site.

 

[Noobie]

hehe

 

[RageD]

one problem... its vulnerable to hacking. All one has to do is upload a certain script and they have the backdoor to the site.

Again, this has been discussed multiple times. It is true, some scripts are vunerable to hacking, others however (the ones that only allow certain file extensions) allows one to be protected from these exploits.

-RageD

 

[RageD]

UPDATE: I added a new add-on

-RageD

 

[RageD]

Still taking more suggestions to make this script better fitted to anyone's needs! :D

-RageD

 

[Phat-Cat]

As you just mentioned...

how about the add on to only allow people to uplaod certain files to make it more secure, in detail as to where to remove and add extensions if you would please.

 

[RageD]

I'll work on that request Phat-cat

Update: I made the "Upload + Login" script available for download! Just download it and it's ready to go! (As is on my example)

-RageD

 

[netzilla]

Keep up the awesome work rage

 

[RageD]

Here's an addition, I'm sorry it took me so long, I had forgotten about this project for a little while. I am still working toward maximum end-user customizability as you can see on my "TODO List" on the main thread! This is a step in the right direction, this new script (v1.15) allows the following extensions: .zip, .rar, .jpg, .gif, .bmp, .png, & .txt

Hope you guys enjoy

-RageD

 

[e39m5]

What does this script do if the file already exists on the server?

Thanks
e39m5

 

[RageD]

I never made a message for it but it just doesn't upload. The original stays, it does not overwrite.

-RageD

 

[BillyConnite]

Hey RageD,

Thanks for the free coding.

Just a small security issue.

You might want to consider using the strip_tags function. This removes any php tags that somebody could try and parse through some of your variables. I had a quick scan through and couldn't find anywhere someone may be able to parse their php code through, but you might want to consider it just incase. It's a good habit .
Example:

$uploadNeed = $_POST['uploadNeed'];

Can be:

$uploadNeed = strip_tags($_POST['uploadNeed']);

Just a suggestion,
Rhett.

 

[RageD]

Thanks for the suggestion! I like critiquing of any sort. I appreciate it!

-RageD

 

[RageD]

Ok, I have added a preversion to v2! This version includes much more and a self-install! All you need to do is make the database! You don't even need to CHMODD anymore Tell me how you guys like it.. Find bugs for me too if you want.. Also, add to the TODO list

-RageD

 

[unknowngiver]

hey did u take the demo off?

 

[RageD]

Yes, if you read, I took it off a while ago because it was using to my BW on my server.

-RageD

 

[Coolprogram]

Nice script man. I will have to use this for my site
-CP

 

[mikevid]

great script!

I'm testing it now. I chmod 777 dir (named it files) and try to upload .zip or .jpg files using v1.5 and it says violate TOS.

It works for .gif and .txt files, but not zip or jpg.

Any ideas what i'm doing wrong?

 

[unknowngiver]

hm this is weird...it wont download the attachment :S

 

[RageD]

You can now get this at sourceforge! Version 2 that is. I am starting there from v2 only (although it says it is v1) For sourceforge, it is v1 although you guys know it as v2

http://ragedupload.sf.net (Page Under Construction)
http://sf.net/projects/ragedupload <--- Find it there

I will continue to update the thread upon new releases

-RageD

 

[YesBrilliant]

Nice script, RageD!

Thanks for sharing and let us know when updated.

Repd!

 

[dzdot]

thank you
nice scripts

 

[blackwizard]

Can We see a demo of the script?

Thanks

 

[RageD]

I used to have some demos but I could certainly put some more up. I've actually forgotten about this script. I will continue my work on v2 and as I get closer and closer to completing a RC at least I'll give some demos of it for sure.

-RageD