Simple PHP Upload Script [AND EXPLANATION]

[RageD]

ALL Original scripts (no need to download) have been moved to this post!

NOTE: The latest versions are in this post for download!

-RageD

• TODO List (v2)
  -Start/Finish Admin Panel
  -Allow admins to select what they wish their users to be able to upload.

^^^ Please give me suggestions for this list!

All scripts have been tested successfully!

DISCLAIMER: Some scripts are indeed insecure. Neither I nor Namepros.com can be held responsible for any hacking/attempts on your site or server.

 

[NetworkTown.Net]

Got any demos?

 

[RageD]

Original Post

Here is the original post:

<?php
/* Upload Script by RageD
© 2006 RageD.  All Rights Reserved.
Filename: upload.php
File Info: Created by RageD.  Upload script for anyone who needs it
File Function: Uploads Files into a hidden directory (In this case by default '/uploads'
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/

// Use this to define your upload directory!
$upload_dir = "uploads";

if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="?upload=step2">
  <p>Enter the amount of boxes you will need below. Max = 99</p>
  <p>
    <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
  </p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>
<?php
}
if($upload){
  if($upload == "step2"){ ?>
      <html>
      <head>
      <title>Upload Files</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      </head>

      <body>

      <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
        <p>
        <?
        // start of dynamic form
        $uploadNeed = $_POST['uploadNeed'];
        for($x=0;$x<$uploadNeed;$x++){
        ?>
          <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
        </p>
        <?
        // end of for loop
        }
        ?>
        <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
          <input type="submit" name="Submit" value="Submit">
        </p>
      </form>
      </body>
      </html>
<?php }
  if($upload == "process"){
      $uploadNeed = $_POST['uploadNeed'];
      // start for loop
      for($x=0;$x<$uploadNeed;$x++){
      $file_name = $_FILES['uploadFile'. $x]['name'];
      $show_file = $_FILES['uploadFile'. $x]['name'];
      // strip file_name of slashes
      $file_name = stripslashes("$upload_dir/$file_name");
      $file_name = str_replace("'","",$file_name);
      $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
       // check if successfully copied
       if($copy){
       echo "$show_file | uploaded sucessfully!<br>";
       }else{
       echo "$show_file | could not be uploaded!<br>";
       }
      } // end of loop
   }
}
?>

This one uploads directly to the directory the upload script is in! READ NOTES IN THE BEGINNING OF FILE!

<?php
/* Upload Script by RageD
© 2006 RageD.  All Rights Reserved.
Filename: upload.php
File Info: Created by RageD.  Upload script for anyone who needs it
File Function: Uploads Files directly into directory of this script!
File Notes: Make sure your directory where this file is located is CHMODDED to 0777
*/

if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="?upload=step2">
  <p>Enter the amount of boxes you will need below. Max = 99</p>
  <p>
    <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
  </p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>
<?php
}
if($upload){
  if($upload == "step2"){ ?>
      <html>
      <head>
      <title>Upload Files</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      </head>

      <body>

      <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
        <p>
        <?
        // start of dynamic form
        $uploadNeed = $_POST['uploadNeed'];
        for($x=0;$x<$uploadNeed;$x++){
        ?>
          <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
        </p>
        <?
        // end of for loop
        }
        ?>
        <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
          <input type="submit" name="Submit" value="Submit">
        </p>
      </form>
      </body>
      </html>
<?php }
  if($upload == "process"){
      $uploadNeed = $_POST['uploadNeed'];
      // start for loop
      for($x=0;$x<$uploadNeed;$x++){
      $file_name = $_FILES['uploadFile'. $x]['name'];
      $show_file = $_FILES['uploadFile'. $x]['name'];
      // strip file_name of slashes
      $file_name = stripslashes("$file_name");
      $file_name = str_replace("'","",$file_name);
      $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
       // check if successfully copied
       if($copy){
       echo "$show_file | uploaded sucessfully!<br>";
       }else{
       echo "$show_file | could not be uploaded!<br>";
       }
      } // end of loop
   }
}
?>

This one shows the user where the file is uploaded to (The directory if you do not want it uploaded to the same directory as this script)

<?php
/* Upload Script by RageD
© 2006 RageD.  All Rights Reserved.
Filename: upload.php
File Info: Created by RageD.  Upload script for anyone who needs it
File Function: Uploads Files into a directory other than the one the script is in!  Shows user the upload directory!
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/

// Use this to define your upload directory!
$upload_dir = "uploads";

if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="?upload=step2">
  <p>Enter the amount of boxes you will need below. Max = 99</p>
  <p>
    <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
  </p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>
<?php
}
if($upload){
  if($upload == "step2"){ ?>
      <html>
      <head>
      <title>Upload Files</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      </head>

      <body>

      <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
        <p>
        <?
        // start of dynamic form
        $uploadNeed = $_POST['uploadNeed'];
        for($x=0;$x<$uploadNeed;$x++){
        ?>
          <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
        </p>
        <?
        // end of for loop
        }
        ?>
        <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
          <input type="submit" name="Submit" value="Submit">
        </p>
      </form>
      </body>
      </html>
<?php }
  if($upload == "process"){
      $uploadNeed = $_POST['uploadNeed'];
      // start for loop
      for($x=0;$x<$uploadNeed;$x++){
      $file_name = $_FILES['uploadFile'. $x]['name'];
      // strip file_name of slashes
      $file_name = stripslashes("$upload_dir/$file_name");
      $file_name = str_replace("'","",$file_name);
      $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
       // check if successfully copied
       if($copy){
       echo "$file_name | uploaded sucessfully!<br>";
       }else{
       echo "$file_name | could not be uploaded!<br>";
       }
      } // end of loop
   }
}
?>

-RageD


For webservers running PHP version 4.x+ add these lines somewhere near the top somewhere.

// Define our URL extension
$upload = $_GET['upload'];

========
Add-ons
========

• Accept .gif files only
  
  Add
  

        $file_type = $_FILES['uploadFile'. $x]['type'];
        if($file_type != "image/gif"){
              echo("The server is only accepting .gif files!");
              exit;
         }

  
  Before
  

        $file_name = $_FILES['uploadFile'. $x]['name'];

  That works for any of the files... Here is the exact "upload4.php" example:
  

    <?php
  /* Upload Script by RageD
  © 2006 RageD.  All Rights Reserved.
  Filename: upload.php
  File Info: Created by RageD.  Upload script for anyone who needs it
  File Function: This is just like the example 3 script except it only allows .gif files
  File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
  Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
  */
  
  // Define Function for uploading..
  $upload = $_GET['upload'];
  
  // Use this to define your upload directory!
  $upload_dir = "uploads";
  
  if(!$upload){
  ?>
  <html>
  <head>
  <title>Upload Files --- Demo</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  </head>
  
  <body>
  <form name="form1" method="post" action="?upload=step2">
    <p>Enter the amount of boxes you will need below. Max = 99</p>
    <p>
      <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
    </p>
    <p>
      <input type="submit" name="Submit" value="Submit">
    </p>
  </form>
  </body>
  </html>
  <?php
  }
  if($upload){
    if($upload == "step2"){ ?>
        <html>
        <head>
        <title>Upload Files</title>
        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
        </head>
  
        <body>
  
        <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
          <p>
          <?
          // start of dynamic form
          $uploadNeed = $_POST['uploadNeed'];
          for($x=0;$x<$uploadNeed;$x++){
          ?>
            <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
          </p>
          <?
          // end of for loop
          }
          ?>
          <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
            <input type="submit" name="Submit" value="Submit">
          </p>
        </form>
        </body>
        </html>
  <?php }
    if($upload == "process"){
        $uploadNeed = $_POST['uploadNeed'];
        // start for loop
        for($x=0;$x<$uploadNeed;$x++){
        $file_type = $_FILES['uploadFile'. $x]['type'];
        if($file_type != "image/gif"){
              echo("The server is only accepting .gif files!");
              exit;
         }
        $file_name = $_FILES['uploadFile'. $x]['name'];
        $show_file = $_FILES['uploadFile'. $x]['name'];
        // strip file_name of slashes
        $file_name = stripslashes("$upload_dir/$file_name");
        $file_name = str_replace("'","",$file_name);
        $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
         // check if successfully copied
         if($copy){
         echo "$show_file | uploaded sucessfully!<br>";
         }else{
         echo "$show_file | could not be uploaded!<br>";
         }
        } // end of loop
     }
  }
  ?>

• Force users to register and login to upload
  
  This makes a user register and login before having the ability to upload files to the server! Requires PHP and MySQL.
  
  Open: file.php (Main upload script)
  
  Add: (On line 2)
  

  session_start();

  
  After: (On line 1)
  

  <?php

  
  Add:
  

  //Include DB Connections
  include("dbconn.php");

  
  After:
  

  // Use this to define your upload directory!
  $upload_dir = "uploads";

  
  Now After:
  

  if(!$upload){
  ?>

  
  Add:
  

  <html>
  <head>
  <title>Upload Files :: Login</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
  </head>
  
  <body>
  <form name="login" method="POST" action="?upload=login">
  Login Name: <input type="text" name="user"><br>
  Password: <input type="password" name="pass"><br>
  <input type=submit value="Login"><input type=reset>
  </form>
  <font size="2">Not registered?  <a href="?upload=register">Register</a> to upload!</font>
  </body>
  </html>
  <?php
  }
    if($upload == "register"){
  ?>
  <html>
  <head>
  <title>Upload Files :: Login:</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
  </head>
  
  <body>
  <form name="login" method="POST" action="?upload=registerlogin">
  Login Name: <input type="text" name="uname"><br>
  Password: <input type="password" name="pass"><br>
  <input type=submit value="Signup"><input type=reset>
  </form>
  <font size="2">Not registered?  <a href="?page=register">Register</a> to upload!</font>
  </body>
  </html>
  <?php
  }
    if($upload == "registerlogin"){
      $uname = $_POST['uname'];
      $pass = $_POST['pass'];
      if(!$uname || !$pass){
        echo("Please enter all the fields!");
        exit;
      }
  	function do_error($msg)
  	{
  		echo '<font color=red><b>ERROR <</font>'.$msg.'</b><br>Please go back to fix the error';
  		exit;
  	}
  	@ $r1 = mysql_query("SELECT * FROM users WHERE username='$uname'");
  	if (mysql_num_rows($r1) > 0)
  	{
  		do_error('That username is already taken.');
  	}
          //MD5 Encrypt
          $pass = md5($pass);
         	$q = "INSERT INTO users VALUES(NULL, '$uname', '$pass')";
  	@ $result = mysql_query($q);
  	
  	if (!$result)
  	{
  		do_error('Could not insert into database. Error returned is '.mysql_error());
  	}
  	echo("Thank you!  You can now <a href='?upload'>login</a>!");
    }
    if($upload == "login"){
      $pass = $_POST['pass'];
      $user = $_POST['user'];
      $pass = md5($pass);
  
      $q = "SELECT * FROM users WHERE username='$user' AND password='$pass' LIMIT 1";
      $r = mysql_query($q);
      //No matches
      if (mysql_num_rows($r) < 1)
      {
  	echo('Invalid username/password combination.');
  	exit;
      }
      else
      {
          echo("Logged in: Please go <a href='?upload=files'>here</a> to upload!");
          
          $_SESSION['username'] = $user;
      }
    }
    if($upload == "files"){
    session_start();
    if(!$_SESSION['username']){
  	echo('You are not logged in. <a href="?upload">Login</a>');
  	exit;
    }
  ?>

  
  Save & Close file.php (Main upload script)
  
  Now create a new file called "dbconn.php"
  
  Change the variables as needed:
  

  <?php
  /* Script by RageD to connect to MySQL DB */
  
  @ $conn = mysql_connect('localhost', 'mysql_username_here', 'mysql_pass_here');
  @ $db = mysql_select_db('mysql_dbname_here');
  
  if (!$conn || !$db)
  {
  	echo('Could not connect to database. Error returned is: '.mysql_error());
  	exit;
  }
  ?>

  
  Save & Close dbconn.php
  
  Finally, create a database (MySQL) and insert this query:
  

  CREATE TABLE `users` (
  `id` BIGINT( 10 ) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY ,
  `username` VARCHAR( 16 ) NOT NULL ,
  `password` VARCHAR( 32 ) NOT NULL
  ) ENGINE = MYISAM CHARACTER SET latin1 COLLATE latin1_swedish_ci COMMENT = 'Everyone loves a databse :)'

  
  
  Here is a full working script (need dbconn.php and the MySQL query done for it to work) for this. It is the add-on plus the first script!
  
  

  <?php
  session_start();
  /* Upload Script by RageD
  © 2006 RageD.  All Rights Reserved.
  Filename: upload.php
  File Info: Created by RageD.  Upload script for anyone who needs it
  File Function: Uploads Files into a hidden directory (In this case by default '/uploads'.  Forces a user to register and login!
  File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
  Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
  */
  
  // Define URL extension
  $upload = $_GET['upload'];
  
  // Use this to define your upload directory!
  $upload_dir = "uploads";
  
  // Include DB connection
  include("dbconn.php");
  
  if(!$upload){
  ?>
  <html>
  <head>
  <title>Upload Files :: Login</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
  </head>
  
  <body>
  <form name="login" method="POST" action="?upload=login">
  Login Name: <input type="text" name="user"><br>
  Password: <input type="password" name="pass"><br>
  <input type=submit value="Login"><input type=reset>
  </form>
  <font size="2">Not registered?  <a href="?upload=register">Register</a> to upload!</font>
  </body>
  </html>
  <?php
  }
    if($upload == "register"){
  ?>
  <html>
  <head>
  <title>Upload Files :: Login:</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso8859-1">
  </head>
  
  <body>
  <form name="login" method="POST" action="?upload=registerlogin">
  Login Name: <input type="text" name="uname"><br>
  Password: <input type="password" name="pass"><br>
  <input type=submit value="Signup"><input type=reset>
  </form>
  <font size="2">Not registered?  <a href="?page=register">Register</a> to upload!</font>
  </body>
  </html>
  <?php
  }
    if($upload == "registerlogin"){
      $uname = $_POST['uname'];
      $pass = $_POST['pass'];
      if(!$uname || !$pass){
        echo("Please enter all the fields!");
        exit;
      }
  	function do_error($msg)
  	{
  		echo '<font color=red><b>ERROR <</font>'.$msg.'</b><br>Please go back to fix the error';
  		exit;
  	}
  	@ $r1 = mysql_query("SELECT * FROM users WHERE username='$uname'");
  	if (mysql_num_rows($r1) > 0)
  	{
  		do_error('That username is already taken.');
  	}
          //MD5 Encrypt
          $pass = md5($pass);
         	$q = "INSERT INTO users VALUES(NULL, '$uname', '$pass')";
  	@ $result = mysql_query($q);
  	
  	if (!$result)
  	{
  		do_error('Could not insert into database. Error returned is '.mysql_error());
  	}
  	echo("Thank you!  You can now <a href='?upload'>login</a>!");
    }
    if($upload == "login"){
      $pass = $_POST['pass'];
      $user = $_POST['user'];
      $pass = md5($pass);
  
      $q = "SELECT * FROM users WHERE username='$user' AND password='$pass' LIMIT 1";
      $r = mysql_query($q);
      //No matches
      if (mysql_num_rows($r) < 1)
      {
  	echo('Invalid username/password combination.');
  	exit;
      }
      else
      {
          echo("Logged in: Please go <a href='?upload=files'>here</a> to upload!");
          
          $_SESSION['username'] = $user;
      }
    }
    if($upload == "files"){
    session_start();
    if(!$_SESSION['username']){
  	echo('You are not logged in. <a href="?upload">Login</a>');
  	exit;
    }
  ?>
  <html>
  <head>
  <title>Upload Files</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  </head>
  
  <body>
  <form name="form1" method="post" action="?upload=step2">
    <p>Enter the amount of boxes you will need below. Max = 99</p>
    <p>
      <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
    </p>
    <p>
      <input type="submit" name="Submit" value="Submit">
    </p>
  </form>
  </body>
  </html>
  <?php
  }
  if($upload){
    if($upload == "step2"){ ?>
        <html>
        <head>
        <title>Upload Files</title>
        <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
        </head>
  
        <body>
  
        <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
          <p>
          <?
          // start of dynamic form
          $uploadNeed = $_POST['uploadNeed'];
          for($x=0;$x<$uploadNeed;$x++){
          ?>
            <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
          </p>
          <?
          // end of for loop
          }
          ?>
          <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
            <input type="submit" name="Submit" value="Submit">
          </p>
        </form>
        </body>
        </html>
  <?php }
    if($upload == "process"){
        $uploadNeed = $_POST['uploadNeed'];
        // start for loop
        for($x=0;$x<$uploadNeed;$x++){
        $file_name = $_FILES['uploadFile'. $x]['name'];
        $show_file = $_FILES['uploadFile'. $x]['name'];
        // strip file_name of slashes
        $file_name = stripslashes("$upload_dir/$file_name");
        $file_name = str_replace("'","",$file_name);
        $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
         // check if successfully copied
         if($copy){
         echo "$show_file | uploaded sucessfully!<br>";
         }else{
         echo "$show_file | could not be uploaded!<br>";
         }
        } // end of loop
     }
  }
  ?>

  
  Allow only: .zip, .rar, .jpg, .gif, .bmp, .png, & .txt extensions!
  
  This modification is too big just for a simple modding, so I have provided 2 downloads.
  
  1 with Login + this
  and one with NO login!
  Note: These scripts can be found in the v1.15 series!

 

[NetworkTown.Net]

Ok ill be waiting

 

[RageD]

Added!

-RageD

 

[XwaR]

Awesom stuff..........

 

[weblord]

that's great stuff, just what i need, rep coming your way. thanks.

 

[sb225]

great stuff

 

[RageD]

Glad you guys like it If you need something else, tell me.. If it is relavant to this I'll add it here or make a new post!

-RageD

 

[Ray]

nice tut mate...

 

[santro]

Superb!

"Uploads Files into a hidden directory "

Is is absolutely hidden?

 

[mikesherov]

Be careful when using this script, as it does not check for file extension, nor virus check, nor protect the files it stores. Someone could easily upload any .exe or virus or .php script using this, and then access it easily.

Otherwise, nice tutorial.

 

[RageD]

I know. If people want, I could also post an extension limited version as well I'll work on adding it! And the hidden directory is unknown to the user..

-RageD

 

[bbalegere]

Great scripts.
Keep it up.

 

[redhippo]

cool nifty script..!!!!!!looking for one that can display random or recent images of those uploaded images on the web page itself

 

[RageD]

redhippo: I'll work on a script like that Look for a new post on it soon!

-RageD

 

[Coron]

Really nice script RageD keep up the good work!

 

[RageD]

Added a line to fix page change errors..

-RageD

 

[.root]

The first script works like a charm!

 

[unknowngiver]

great tutorial bro..but the demo links are not opening