simpel-upload-script-met-exstensie-controle-xd
Gesponsorde koppelingen
PHP script bestanden
Code (php)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
////////////////////////////////////
// © 2009 Wouter De Schuyter
// info[@]paradox-productions[.]net
// http://paradox-productions.net/
// UPLOAD SCRIPT V1.0
////////////////////////////////////
/* NOTE
*******
!! DON'T FORGET TO CHMOD THE UPLOAD FOLDER TO 0777
THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 3.0 LICENSE.
THIS MEANS YOU MAY USE IT FOR ANY PURPOSE, AND MAKE ANY CHANGES YOU LIKE.
ALL I ASK IS TO LEAVE THE ORIGINAL COPYRIGHT AT TOP OF THE SCRIPT.
VIEW LICENSE ONLINE: http://creativecommons.org/licenses/by/3.0/
*/
/* CONFIG
*********/
$extensions = array('png', 'gif', 'jpg', 'jpeg', 'bmp', 'pdf', 'doc', 'docx', 'html', 'psd', 'css'); // ALLOWED EXTENSIONS
$tfolder = "uploads/"; // UPLOADS FOLDER WITH "/" AT THE END (JUST DIR)!
$scriptloc = "http://paradox-productions.net/upload-project/"; // SCRIPT LOCATION WITH "/" AT THE END (FULL URL)!
$maxfsize = 3; // MAXIMUM FILESIZE (IN MEGABYTES)
// CHECK IF THE FORM HAS BEEN SUBMITTED
if($_SERVER['REQUEST_METHOD'] == "POST") {
$fname = $_FILES['filen']['name']; // FILE NAME FOR EXTENSION CHECK
$fext = strtolower(end(explode('.', $fname))); // GET EXTENSION
$ftemp = $_FILES['filen']['tmp_name']; // TEMP NAME
$newname = md5(rand(rand(1, 9999), rand(1, 9999))) . "." . $fext; // RANDOM NUMBER BETWEEN 2 RANDOM NUMBERS BETWEEN 1 AND 9999 AND MD5 ENCODED = RANDOM FILE NAME
$target = $tfolder . $newname; // LOCATION FILE
// CHECK IF THERE IS A FILE SELECTED
if(!empty($fname)) {
// CHECK THE EXTENSION
foreach($extensions as $check) {
if($check == $fext) {
$extensioncheck = true;
}
}
// IF EXTENSION IS ALLOWED
if($extensioncheck == true) {
// IF FILE IS TOO BIG
if(filesize($ftemp) > $maxfsize * (1024*1024)) {
echo "Your file is too big. The maximum filesize is <b>" . $maxfsize . "</b>MB.";
}
// IF FILESIZE IS ALLOWED
else {
// CHECK FOR FALSE FILES EG image.php.gif (SOME SERVERS JUST TAKE .php AND THIS IS A POSSIBLE RISK)
if(!strstr(strtolower($fname), "php")) {
$upload = move_uploaded_file($ftemp, $target); // MOVE TO FOLDER WITH NEW RANDOM NAME
// TRY TO MOVE THE FILE TO THE DIRECTORY
if($upload) {
echo "Your file has succesfully been uploaded.<br />Download link: <b>" . $scriptloc . $target . "</b>";
$succes = true;
}
// UPLOAD ERROR
else {
echo "upload error";
}
}
// WHEN THE FILE NAME CONTAINS php
else {
echo "Your file cannot contain the string 'php'!";
}
} // CLOSE FILESIZE ALLOWED ELSE FUNCTION
} // CLOSE EXTENSION ALLOWED IF FUNCTION
// EXTENSION ERROR
else {
echo "This extension is not allowed.";
}
} // CLOSE IF FILE SELECTED IF FUNCTION
// NO FILE SELECTED ERROR
else {
echo "Please select a file to upload.";
}
} // CLOSE IF SUBMIT IS PRESSED FUNCTION
// IF FILE WAS UPLOADED SUCESSFULLY HIDE FORM
if($succes !== true) {
echo '<form action="" method="post" enctype="multipart/form-data">';
echo 'File: <input type="file" name="filen" /> <input type="submit" name="subform" value="Upload File!" />';
echo '</form>';
}
?>
////////////////////////////////////
// © 2009 Wouter De Schuyter
// info[@]paradox-productions[.]net
// http://paradox-productions.net/
// UPLOAD SCRIPT V1.0
////////////////////////////////////
/* NOTE
*******
!! DON'T FORGET TO CHMOD THE UPLOAD FOLDER TO 0777
THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 3.0 LICENSE.
THIS MEANS YOU MAY USE IT FOR ANY PURPOSE, AND MAKE ANY CHANGES YOU LIKE.
ALL I ASK IS TO LEAVE THE ORIGINAL COPYRIGHT AT TOP OF THE SCRIPT.
VIEW LICENSE ONLINE: http://creativecommons.org/licenses/by/3.0/
*/
/* CONFIG
*********/
$extensions = array('png', 'gif', 'jpg', 'jpeg', 'bmp', 'pdf', 'doc', 'docx', 'html', 'psd', 'css'); // ALLOWED EXTENSIONS
$tfolder = "uploads/"; // UPLOADS FOLDER WITH "/" AT THE END (JUST DIR)!
$scriptloc = "http://paradox-productions.net/upload-project/"; // SCRIPT LOCATION WITH "/" AT THE END (FULL URL)!
$maxfsize = 3; // MAXIMUM FILESIZE (IN MEGABYTES)
// CHECK IF THE FORM HAS BEEN SUBMITTED
if($_SERVER['REQUEST_METHOD'] == "POST") {
$fname = $_FILES['filen']['name']; // FILE NAME FOR EXTENSION CHECK
$fext = strtolower(end(explode('.', $fname))); // GET EXTENSION
$ftemp = $_FILES['filen']['tmp_name']; // TEMP NAME
$newname = md5(rand(rand(1, 9999), rand(1, 9999))) . "." . $fext; // RANDOM NUMBER BETWEEN 2 RANDOM NUMBERS BETWEEN 1 AND 9999 AND MD5 ENCODED = RANDOM FILE NAME
$target = $tfolder . $newname; // LOCATION FILE
// CHECK IF THERE IS A FILE SELECTED
if(!empty($fname)) {
// CHECK THE EXTENSION
foreach($extensions as $check) {
if($check == $fext) {
$extensioncheck = true;
}
}
// IF EXTENSION IS ALLOWED
if($extensioncheck == true) {
// IF FILE IS TOO BIG
if(filesize($ftemp) > $maxfsize * (1024*1024)) {
echo "Your file is too big. The maximum filesize is <b>" . $maxfsize . "</b>MB.";
}
// IF FILESIZE IS ALLOWED
else {
// CHECK FOR FALSE FILES EG image.php.gif (SOME SERVERS JUST TAKE .php AND THIS IS A POSSIBLE RISK)
if(!strstr(strtolower($fname), "php")) {
$upload = move_uploaded_file($ftemp, $target); // MOVE TO FOLDER WITH NEW RANDOM NAME
// TRY TO MOVE THE FILE TO THE DIRECTORY
if($upload) {
echo "Your file has succesfully been uploaded.<br />Download link: <b>" . $scriptloc . $target . "</b>";
$succes = true;
}
// UPLOAD ERROR
else {
echo "upload error";
}
}
// WHEN THE FILE NAME CONTAINS php
else {
echo "Your file cannot contain the string 'php'!";
}
} // CLOSE FILESIZE ALLOWED ELSE FUNCTION
} // CLOSE EXTENSION ALLOWED IF FUNCTION
// EXTENSION ERROR
else {
echo "This extension is not allowed.";
}
} // CLOSE IF FILE SELECTED IF FUNCTION
// NO FILE SELECTED ERROR
else {
echo "Please select a file to upload.";
}
} // CLOSE IF SUBMIT IS PRESSED FUNCTION
// IF FILE WAS UPLOADED SUCESSFULLY HIDE FORM
if($succes !== true) {
echo '<form action="" method="post" enctype="multipart/form-data">';
echo 'File: <input type="file" name="filen" /> <input type="submit" name="subform" value="Upload File!" />';
echo '</form>';
}
?>