Simple PHP Upload Script [AND EXPLANATION]

[RageD]

ALL Original scripts (no need to download) have been moved to this post!

NOTE: The latest versions are in this post for download!

-RageD

• TODO List (v2)
  -Start/Finish Admin Panel
  -Allow admins to select what they wish their users to be able to upload.

^^^ Please give me suggestions for this list!

All scripts have been tested successfully!

DISCLAIMER: Some scripts are indeed insecure. Neither I nor Namepros.com can be held responsible for any hacking/attempts on your site or server.

 

[RageD]

Fixed the demos, adding some add-ons in a bit too!

-RageD

EDIT: added the add-on to accept only .gif files!

 

[unknowngiver]

Demo 2 error:

Parse error: syntax error, unexpected '[' in /home/xero/public_html/demos/upload2.php on line 11

 

[RageD]

Thanks for pointing that out unknowngiver! It has been fixed!

-RageD

 

[bquast]

Be careful when using this script, as it does not check for file extension, nor virus check, nor protect the files it stores. Someone could easily upload any .exe or virus or .php script using this, and then access it easily.

Otherwise, nice tutorial.

well no duh, with an upload script there is always the mention of security, but considering the only thing they can upload is virus's that effect others if they get someone to download it, otherwise its only php scripts you will have to worry about..

Even still add a downloader for the files, I worked on a few uploader scripts myself and they are not hard to create look for tutorials and other info on the web php.net is a big help when it comes to uploading files and editing files.

Little edit to your first script, when file is uploaded successfully, this will return the url in a text box, just like imageshack.us does.

hope you don't mind that I did a tiny bit of editing RageD.

  <?php
/* Upload Script by RageD
© 2006 RageD.  All Rights Reserved.
Filename: upload.php
File Info: Created by RageD.  Upload script for anyone who needs it
File Function: Uploads Files into a hidden directory (In this case by default '/uploads'
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/

// Use this to define your upload directory!
$upload_dir = "uploads";

//edit this so the link displays correcty, no trailing slashes!
$site = "http://www.xiaohost.com"; 

if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="?upload=step2">
  <p>Enter the amount of boxes you will need below. Max = 99</p>
  <p>
    <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
  </p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>
<?php
}
if($upload){
  if($upload == "step2"){ ?>
      <html>
      <head>
      <title>Upload Files</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      </head>

      <body>

      <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
        <p>
        <?
        // start of dynamic form
        $uploadNeed = $_POST['uploadNeed'];
        for($x=0;$x<$uploadNeed;$x++){
        ?>
          <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
        </p>
        <?
        // end of for loop
        }
        ?>
        <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
          <input type="submit" name="Submit" value="Submit">
        </p>
      </form>
      </body>
      </html>
<?php }
  if($upload == "process"){
      $uploadNeed = $_POST['uploadNeed'];
      // start for loop
      for($x=0;$x<$uploadNeed;$x++){
      $file_name = $_FILES['uploadFile'. $x]['name'];
      $show_file = $_FILES['uploadFile'. $x]['name'];
      // strip file_name of slashes
      $file_name = stripslashes("$upload_dir/$file_name");
      $file_name = str_replace("'","",$file_name);
      $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
       // check if successfully copied
       if($copy){
       echo "$show_file | uploaded sucessfully!<br>";
	echo "Link To File: <textarea rows='1' name='select' 	cols='140'>http://www.".$site."/".$upload_dir."/".$file_name."</textarea></p>";
       }else{
       echo "$show_file | could not be uploaded!<br>";
       }
      } // end of loop
   }
}
?>

 

[louisianos]

ill try this one

 

[RageD]

well no duh, with an upload script there is always the mention of security, but considering the only thing they can upload is virus's that effect others if they get someone to download it, otherwise its only php scripts you will have to worry about..

Even still add a downloader for the files, I worked on a few uploader scripts myself and they are not hard to create look for tutorials and other info on the web php.net is a big help when it comes to uploading files and editing files.

Little edit to your first script, when file is uploaded successfully, this will return the url in a text box, just like imageshack.us does.

hope you don't mind that I did a tiny bit of editing RageD.

  <?php
/* Upload Script by RageD
© 2006 RageD.  All Rights Reserved.
Filename: upload.php
File Info: Created by RageD.  Upload script for anyone who needs it
File Function: Uploads Files into a hidden directory (In this case by default '/uploads'
File Notes: Make sure your directory (whatever you make '$upload_dir' equal) is CHMODDED to 0777
Added Notes: You can place this file within a directory such as /public_html/uploads/upload_script and still have it upload files to /public_html/uploads (make sure it is CHMODDED 0777) all you have to do to do this is something like this: $upload_dir = "../"; or another directory within /public_html/uploads (directory qwerty for example) $upload_dir = "../qwerty";
*/

// Use this to define your upload directory!
$upload_dir = "uploads";

//edit this so the link displays correcty, no trailing slashes!
$site = "http://www.xiaohost.com"; 

if(!$upload){
?>
<html>
<head>
<title>Upload Files</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<form name="form1" method="post" action="?upload=step2">
  <p>Enter the amount of boxes you will need below. Max = 99</p>
  <p>
    <input name="uploadNeed" type="text" id="uploadNeed" maxlength="2">
  </p>
  <p>
    <input type="submit" name="Submit" value="Submit">
  </p>
</form>
</body>
</html>
<?php
}
if($upload){
  if($upload == "step2"){ ?>
      <html>
      <head>
      <title>Upload Files</title>
      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
      </head>

      <body>

      <form name="form1" enctype="multipart/form-data" method="post" action="?upload=process">
        <p>
        <?
        // start of dynamic form
        $uploadNeed = $_POST['uploadNeed'];
        for($x=0;$x<$uploadNeed;$x++){
        ?>
          <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
        </p>
        <?
        // end of for loop
        }
        ?>
        <p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
          <input type="submit" name="Submit" value="Submit">
        </p>
      </form>
      </body>
      </html>
<?php }
  if($upload == "process"){
      $uploadNeed = $_POST['uploadNeed'];
      // start for loop
      for($x=0;$x<$uploadNeed;$x++){
      $file_name = $_FILES['uploadFile'. $x]['name'];
      $show_file = $_FILES['uploadFile'. $x]['name'];
      // strip file_name of slashes
      $file_name = stripslashes("$upload_dir/$file_name");
      $file_name = str_replace("'","",$file_name);
      $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
       // check if successfully copied
       if($copy){
       echo "$show_file | uploaded sucessfully!<br>";
	echo "Link To File: <textarea rows='1' name='select' 	cols='140'>http://www.".$site."/".$upload_dir."/".$file_name."</textarea></p>";
       }else{
       echo "$show_file | could not be uploaded!<br>";
       }
      } // end of loop
   }
}
?>

Not a problem, appreciate the update!

-RageD

 

[jontalbot]

one problem... its vulnerable to hacking. All one has to do is upload a certain script and they have the backdoor to the site.

 

[Noobie]

hehe

 

[RageD]

one problem... its vulnerable to hacking. All one has to do is upload a certain script and they have the backdoor to the site.

Again, this has been discussed multiple times. It is true, some scripts are vunerable to hacking, others however (the ones that only allow certain file extensions) allows one to be protected from these exploits.

-RageD

 

[RageD]

UPDATE: I added a new add-on

-RageD

 

[RageD]

Still taking more suggestions to make this script better fitted to anyone's needs! :D

-RageD

 

[Phat-Cat]

As you just mentioned...

how about the add on to only allow people to uplaod certain files to make it more secure, in detail as to where to remove and add extensions if you would please.

 

[RageD]

I'll work on that request Phat-cat

Update: I made the "Upload + Login" script available for download! Just download it and it's ready to go! (As is on my example)

-RageD

 

[netzilla]

Keep up the awesome work rage

 

[RageD]

Here's an addition, I'm sorry it took me so long, I had forgotten about this project for a little while. I am still working toward maximum end-user customizability as you can see on my "TODO List" on the main thread! This is a step in the right direction, this new script (v1.15) allows the following extensions: .zip, .rar, .jpg, .gif, .bmp, .png, & .txt

Hope you guys enjoy

-RageD

 

[e39m5]

What does this script do if the file already exists on the server?

Thanks
e39m5

 

[RageD]

I never made a message for it but it just doesn't upload. The original stays, it does not overwrite.

-RageD

 

[yeppers]

Hey RageD,

Thanks for the free coding.

Just a small security issue.

You might want to consider using the strip_tags function. This removes any php tags that somebody could try and parse through some of your variables. I had a quick scan through and couldn't find anywhere someone may be able to parse their php code through, but you might want to consider it just incase. It's a good habit .
Example:

$uploadNeed = $_POST['uploadNeed'];

Can be:

$uploadNeed = strip_tags($_POST['uploadNeed']);

Just a suggestion,
Rhett.

 

[RageD]

Thanks for the suggestion! I like critiquing of any sort. I appreciate it!

-RageD

 

[RageD]

Ok, I have added a preversion to v2! This version includes much more and a self-install! All you need to do is make the database! You don't even need to CHMODD anymore Tell me how you guys like it.. Find bugs for me too if you want.. Also, add to the TODO list

-RageD