?

Search Help Board

PHP FAQ
PHP Articles
PHP Help
Bulletin Board
PHP Manual (NEW!)
First Time PHP'ers
Help with programming
Sql assignment help
PHP Homework Help


 ?
New Topic??|??Go to Top??|??Go to Topic??|??Threaded View??|??Search?
?Newer Topic??|??Older Topic
?PHP Upload Script
Author:??(---.mia.bellsouth.net)
Date:???10-21-03 13:17

Hello,

I have an upload script on my site which I found on the internet a while back. I'd like to know how to alter it to fix some bugs.

It works with two files, an HTML file with a form, and a php file which the other file posts to. The PHP file is as follows:



pheterson.com - upload script


/*upload.php*/
if ($img1_name != "") {

@copy("$img1", "/home/pheterso/www/upload/$img1_name")
or die("No copy!");

} else {

die("No input file!");

}

?>

Your file has been uploaded successfully. Please wait to continue.



Or... If you're a lazy ass, click here.



The modifications I would like to make to this file are as follows:

1) Not allow index.html, index.htm, index.php to be uploaded.
2) Not allow overwriting of files.



Any help at all is appreciated.


Thanks,
Eric

Reply To This Message
?Re: PHP Upload Script
Author:??(---.ym.rnc.net.cable.rogers.com)
Date:???10-22-03 11:52

1. what does it matter, you assign a new name to them when they are copied from a temp upload folder to the path you want

2. if you are worried about your own files, then simply have a new directory with all the uploads stored in them and see point 1 about renaming

Reply To This Message
?Re: PHP Upload Script
Author:??(4.20.98.---)
Date:???10-22-03 13:31

Or better yet setup a extension checker and only allow certain extentions to be uploaded.. but ya having them uploaded to a unreadable tempdir is a good idea.

Reply To This Message
?Re: PHP Upload Script
Author:??(193.61.103.---)
Date:???12-17-03 01:12

IF ($img1_name = "index.htm"){
die("File not allowed")
} else {
@copy("$img1", "/home/pheterso/www/upload/$img1_name")
}
IF ($img1_name = "index.html"){
die("File not allowed")
} else {
@copy("$img1", "/home/pheterso/www/upload/$img1_name")
}
IF ($img1_name = "index.php"){
die("File not allowed")
} else {
@copy("$img1", "/home/pheterso/www/upload/$img1_name")
}
?>

- Not the best of code I know, but (if there are formatting errors - excuse me) give it a try, it may slow the page down a bit but should wrk :)

sorry I couldnt be of more help

Sam
(samothy.co.uk, samsbox.co.uk)

Reply To This Message
Go to Top??|??Go to Topic??|??Threaded View??|??Search?
??|??
New Topic
?Reply To This Message
?Your Name:
?Your Email:
?Subject:
Email replies to this thread, to the address above.
??

Provided By
Phorum