Author Topic: some help with php scripts  (Read 1538 times)

some help with php scripts
on: May 01, 2006, 20:32:46 PM
I?m currently using a script designed by someone which allows users to upload files directly to your server through a php script. (working script attached below) I need to amend the script to let me also delete files from the server which have been uploaded to the directory.

Ive worked out you need to use the unlink() function but i cannot get it to work within the script

does anyone know how to or can change the script below?

also i woudl like for when you click the link to download the file it opens in a new window.

the script attached is used within phpnuke but im sure that wont make too much difference.

thanks in advance

 
Code: [Select]

//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 5000000;
                           
//Allowable file Mime Types. Add more mime types if you want
$FILE_MIMES = array(application/pdf);

//Allowable file ext. names. you may add more extension names.            
$FILE_EXTS  = array(.pdf);

//Allow file delete? no, if only allow upload only
$DELETABLE  = false;                              


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
 *     Setup variables
 ************************************************************/
$site_name = $_SERVER[HTTP_HOST];
$url_dir = "http://".$_SERVER[HTTP_HOST].dirname($_SERVER[PHP_SELF]);
$url_this =  "http://".$_SERVER[HTTP_HOST].$_SERVER[PHP_SELF];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("files")) {
  if (!mkdir($upload_dir))
  die ("upload_files directory doesnt exist and creation failed");
  if (!chmod($upload_dir,0755))
  die ("change permission to 755 failed.");
}

/************************************************************
 *     Process Users Request
 ************************************************************/
if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
 
  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)==$upload_dir) {
    unlink($_REQUEST[del]);
    print "";
  }
}
else if ($_FILES[userfile]) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES[userfile][name]." "
            .$_FILES[userfile][type]."\n");
  fclose($resource);

$file_type = $_FILES[userfile][type];
  $file_name = $_FILES[userfile][name];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES[userfile][size] > $MAX_SIZE)
     $message = "The file size is over 2MB.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES)
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, File Extension is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);
 
  print "

$message


";
}
else if (!$_FILES[userfile]);
else
$message = "Invalid File Specified.";

/************************************************************
 *     List Files
 ************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "".$file."";
      if ($DELETABLE)
        $filelist .= " x";
      $filelist .= "  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."
";
      $filelist .="
";
   }
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES[userfile][tmp_name];
$file_name = $_FILES[userfile][name];
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("","",$file_name);
$file_path = $upload_dir.$file_name;

//File Name Check
  if ( $file_name =="") {
  $message = "Invalid File Name Specified";
  return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
    $message = "change permission to 777 failed.";
  else
header( Location: modules.php?name=UploadIt2 ) ;
      }


?>


   
   

   
     Upload File
     


     Please only upload HCC Newsletters with .pdf suffix
   

   
   
Uploaded Files
   

   
   


 


0 Members and 1 Guest are viewing this topic.