|
|
|
|
  |
Guest_Pandemonium_*
 Guests
 |
Post
#1
 Aug 24 2004, 04:46 PM
Okay, this script takes in an uploaded file from a form, adds it to the web server, and then it adds it to the correct alphabetical letter directory (ie. Active would go in the a directory). The only use I see for it would be for making it easier to find something when it is uploaded. This script takes two .php files: upload.php and upload-check.php. If you are going to use the script, you can rename those files to whatever you want. So, here's the script. Use it at your own discretion (as always). [br]upload.php CODE [/br]<?php[br][/br]echo "<form action = 'upload-check.php' method='post' enctype='multipart/form-data'>";[br]echo "<input type = 'text' name='nameOfFile'>";[/br]echo "<input type = 'file' name='uploadFile'>";[br]echo "<input type = 'submit' value = 'Send'>";[/br]echo "</form>";[br][/br]?> [br]upload-check.php CODE [/br]<?php[br][/br]$letterArray = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', [br]'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z');[br][/br]$arraySize = array_count_values($letterArray);[br][/br]for($n = 0; $n <= $arraySize; $n++)[/br]{[br] if(!is_dir($n))[/br] {[br] mkdir('somefolder/' . $n, 0666);[/br] }[br]}[br][/br]if(strlen($_POST['nameOfFile']) > 1 and substr($_FILES['uploadFile'], -4) != '.exe')[/br]{[br] for($i = 0; $i <= $arraySize; $i++)[/br] {[br] if(substr($_FILES['nameOfFile'], 1) == $i)[/br] {[br] $tmpFile = $_FILES['uploadFile']['tmp_name'];[/br] $dest = "http://yourwebsite.com/somefolder/" . $i . "/" . [br] $_FILES['uploadName']['name'];[/br] copy($tmpFile, $dest);[br] }[/br] } [br]}[/br]else[br]{[/br] echo "Sorry, but your file name was either too short or it had an invalid file [br] extension. Please go back and try again.";[/br]}[br][/br]?>
 
|
 Group: Members
Posts: 873 Joined: 30-July 04 Member No.: 246 |
Post
#2
Aug 24 2004, 06:01 PM
It's just an idea, but I generally like to keep all of it together in a single file. You could achieve this by combining the scripts as shown below, but ensuring that only one portion is executed at a time (hence the need for the use of the if statement, and the exit function). CODE <?php[br][/br]if(!isset($_POST['uploadFile'])) {[br] echo "<form action = 'upload.php' method='post' enctype='multipart/form-data'>";[/br] echo "<input type = 'text' name='nameOfFile'>";[br] echo "<input type = 'file' name='uploadFile'>";[/br] echo "<input type = 'submit' value = 'Send'>";[br] echo "</form>";[/br] exit;[br]}[br][/br][/br]$letterArray = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', [br]'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z');[br][/br]$arraySize = array_count_values($letterArray);[br][/br]for($n = 0; $n <= $arraySize; $n++)[/br]{[br] if(!is_dir($n))[/br] {[br] mkdir('somefolder/' . $n, 0666);[/br] }[br]}[br][/br]if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe')[/br]{[br] for($i = 0; $i <= $arraySize; $i++)[/br] {[br] if(substr($_FILES['nameOfFile'], 1) == $i)[/br] {[br] $tmpFile = $_FILES['uploadFile']['tmp_name'];[/br] $dest = "http://yourwebsite.com/somefolder/" . $i . "/" . [br] $_FILES['uploadName']['name'];[/br] copy($tmpFile, $dest);[br] }[/br] } [br]}[/br]else[br]{[/br] echo "Sorry, but your file name was either too short or it had an invalid file [br] extension. Please go back and try again.";[/br]}[br][/br]?>
|
|
Guest_Pandemonium_*
Guests
|
Post
#3
Aug 24 2004, 06:20 PM
Good point, Spectre. I suppose I forgot about the is_set() function. Thanks for the "improvement". 
|
|
Group: Members
Posts: 390 Joined: 22-August 04 From: No Where Member No.: 876 |
Post
#4
Aug 24 2004, 06:22 PM
Hm interesting, good work. I should keep this in mind for when I get my sub-domain.
|
|
Group: Members
Posts: 498 Joined: 23-August 04 Member No.: 878 |
Post
#5
Aug 25 2004, 12:22 AM
I was just curious, but what is the reason to exclude exes? (Or am I reading this wrong? ^^;) CODE if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe')
|
|
Guest_Pandemonium_*
Guests
|
Post
#6
Aug 25 2004, 01:00 AM
QUOTE (Zenchi @ Aug 24 2004, 08:22 PM) I was just curious, but what is the reason to exclude exes? (Or am I reading this wrong? ^^  CODE if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe') I excluded .exe as an example. It just shows you how to protect against certain file types. I just chose .exe randomly.
|
|
Group: Members
Posts: 498 Joined: 23-August 04 Member No.: 878 |
Post
#7
Aug 25 2004, 01:06 AM
QUOTE (Pandemonium @ Aug 24 2004, 08:00 PM) QUOTE (Zenchi @ Aug 24 2004, 08:22 PM) I was just curious, but what is the reason to exclude exes? (Or am I reading this wrong? ^^ CODE if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe') I excluded .exe as an example. It just shows you how to protect against certain file types. I just chose .exe randomly. Ah.. that's very neat. I'm going to go disect that part of the code and figure out what it does. ^^
|
|
Group: Members
Posts: 873 Joined: 30-July 04 Member No.: 246 |
Post
#8
Aug 25 2004, 04:44 AM
As for the first part: CODE if($_POST['nameOfFile'] < 1 I would assume that is to check that $_POST['nameOfFile'] (which is passed to the script from the form) does actually have a value. The fact that an integer comparison is used sort of makes it a little confusing though. I would have used either: CODE if($_POST['nameOfFile'])[/br]// (because if a variable has an assigned value, then it will be returned as true) or[br]if($_POST['nameOfFile'] != ""[/br]// or[br]if(isset($_POST['nameOfFile']) But that's just me. CODE substr($_FILES['uploadFile'], -4) != '.exe' This uses the substr(); function to select the last 4 characters of the filename entered, and then makes sure that are not '.exe'. Substr(); is used to select a certain portion of a string, eg: CODE substr("My name is Spectre", 3) Will select all of the characters, starting at postion 3, so it would become 'name is Spectre'. Using a negative integer, eg. -4, will select the last -4 characters of the string. In an IF statement, 'x == y' means that 'x' is equal to 'y' (double equals sign is intentional), and 'x != y' means that 'x' is not equal to 'y'. Hope that sort of explains it for you. Checking the filename is certainly a good idea, but a binary check would be much more secure.
|
|
Guest_Pandemonium_*
Guests
|
Post
#9
Aug 25 2004, 04:00 PM
QUOTE (Spectre @ Aug 25 2004, 12:44 AM) As for the first part: CODE if($_POST['nameOfFile'] < 1 I would assume that is to check that $_POST['nameOfFile'] (which is passed to the script from the form) does actually have a value. The fact that an integer comparison is used sort of makes it a little confusing though. I would have used either: CODE if($_POST['nameOfFile'])[/br]// (because if a variable has an assigned value, then it will be returned as true) or[br]if($_POST['nameOfFile'] != ""[/br]// or[br]if(isset($_POST['nameOfFile']) But that's just me. CODE substr($_FILES['uploadFile'], -4) != '.exe' This uses the substr(); function to select the last 4 characters of the filename entered, and then makes sure that are not '.exe'. Substr(); is used to select a certain portion of a string, eg: CODE substr("My name is Spectre", 3) Will select all of the characters, starting at postion 3, so it would become 'name is Spectre'. Using a negative integer, eg. -4, will select the last -4 characters of the string. In an IF statement, 'x == y' means that 'x' is equal to 'y' (double equals sign is intentional), and 'x != y' means that 'x' is not equal to 'y'. Hope that sort of explains it for you. Checking the filename is certainly a good idea, but a binary check would be much more secure. Spectre, about $_POST['nameOfFile'] < 1. I forgot 2 things here: First, it was supposed to be strlen($_POST['nameOfFIle']) < 1, and second, it's not supposed to be < 1, it's supposed to be > 1. I made two mistakes in that piece of code. Sorry about that.
|
|
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
5 | Shibbeh | 16,134 | 20th August 2004 - 10:04 PM Last post by: ill |
|||
|
9 | shadowx | 3,328 | 12th October 2009 - 07:12 PM Last post by: manish-mohania |
|||
|
4 | xmae | 9,164 | 24th August 2006 - 03:21 PM Last post by: juice |
|||
|
7 | football123213 | 15,617 | 20th August 2004 - 12:25 AM Last post by: ill |
|||
 |
15 | -prodigy- | 14,184 | 27th February 2005 - 10:22 PM Last post by: alexia |
|||
|
2 | -Pandemonium- | 12,095 | 22nd August 2004 - 04:25 AM Last post by: -Pandemonium- |
|||
|
 |
5 | BoSZ | 10,317 | 8th January 2009 - 07:35 PM Last post by: Arthur Dent |
||
|
0 | Raptrex | 7,131 | 6th September 2004 - 11:19 PM Last post by: Raptrex |
|||
|
11 | dozen | 10,481 | 13th September 2004 - 07:26 PM Last post by: melkonianarg |
|||
|
 |
6 | dozen | 4,673 | 9th September 2004 - 11:58 PM Last post by: Triple X |
||
|
4 | annylei | 4,671 | 14th September 2004 - 09:38 PM Last post by: Triple X |
|||
|
 |
10 | jailbox | 4,932 | 19th August 2009 - 07:17 PM Last post by: iworld200 |
||
|
 |
4 | spyshow | 6,571 | 21st September 2004 - 03:19 AM Last post by: Spectre |
||
|
3 | XtremeGamer99 | 6,318 | 27th September 2004 - 12:31 PM Last post by: LuciferStar |
|||
|
0 | deejames | 4,515 | 24th September 2004 - 02:23 AM Last post by: deejames |
|||
|
Open Discussion | Time is now: 22nd November 2009 - 01:05 AM |
Web Hosting Powered by ComputingHost.com.
