iGuest 3 Report post Posted August 24, 2004 Okay, this script takes in an uploaded file from a form, adds it to the web server, and then it adds it to the correct alphabetical letter directory (ie. Active would go in the a directory). The only use I see for it would be for making it easier to find something when it is uploaded. This script takes two .php files: upload.php and upload-check.php. If you are going to use the script, you can rename those files to whatever you want. So, here's the script. Use it at your own discretion (as always). upload.php [/br]<?php[br][/br]echo "<form action = 'upload-check.php' method='post' enctype='multipart/form-data'>";[br]echo "<input type = 'text' name='nameOfFile'>";[/br]echo "<input type = 'file' name='uploadFile'>";[br]echo "<input type = 'submit' value = 'Send'>";[/br]echo "</form>";[br][/br]?> upload-check.php [/br]<?php[br][/br]$letterArray = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', [br]'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z');[br][/br]$arraySize = array_count_values($letterArray);[br][/br]for($n = 0; $n <= $arraySize; $n++)[/br]{[br] if(!is_dir($n))[/br] {[br] mkdir('somefolder/' . $n, 0666);[/br] }[br]}[br][/br]if(strlen($_POST['nameOfFile']) > 1 and substr($_FILES['uploadFile'], -4) != '.exe')[/br]{[br] for($i = 0; $i <= $arraySize; $i++)[/br] {[br] if(substr($_FILES['nameOfFile'], 1) == $i)[/br] {[br] $tmpFile = $_FILES['uploadFile']['tmp_name'];[/br] $dest = "http://yourwebsite.com/somefolder/" . $i . "/" . [br] $_FILES['uploadName']['name'];[/br] copy($tmpFile, $dest);[br] }[/br] } [br]}[/br]else[br]{[/br] echo "Sorry, but your file name was either too short or it had an invalid file [br] extension. Please go back and try again.";[/br]}[br][/br]?> Share this post Link to post Share on other sites
Spectre 0 Report post Posted August 24, 2004 It's just an idea, but I generally like to keep all of it together in a single file. You could achieve this by combining the scripts as shown below, but ensuring that only one portion is executed at a time (hence the need for the use of the if statement, and the exit function). <?php[br][/br]if(!isset($_POST['uploadFile'])) {[br] echo "<form action = 'upload.php' method='post' enctype='multipart/form-data'>";[/br] echo "<input type = 'text' name='nameOfFile'>";[br] echo "<input type = 'file' name='uploadFile'>";[/br] echo "<input type = 'submit' value = 'Send'>";[br] echo "</form>";[/br] exit;[br]}[br][/br][/br]$letterArray = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', [br]'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z');[br][/br]$arraySize = array_count_values($letterArray);[br][/br]for($n = 0; $n <= $arraySize; $n++)[/br]{[br] if(!is_dir($n))[/br] {[br] mkdir('somefolder/' . $n, 0666);[/br] }[br]}[br][/br]if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe')[/br]{[br] for($i = 0; $i <= $arraySize; $i++)[/br] {[br] if(substr($_FILES['nameOfFile'], 1) == $i)[/br] {[br] $tmpFile = $_FILES['uploadFile']['tmp_name'];[/br] $dest = "http://yourwebsite.com/somefolder/" . $i . "/" . [br] $_FILES['uploadName']['name'];[/br] copy($tmpFile, $dest);[br] }[/br] } [br]}[/br]else[br]{[/br] echo "Sorry, but your file name was either too short or it had an invalid file [br] extension. Please go back and try again.";[/br]}[br][/br]?> Share this post Link to post Share on other sites
iGuest 3 Report post Posted August 24, 2004 Good point, Spectre. I suppose I forgot about the is_set() function. Thanks for the"improvement". Share this post Link to post Share on other sites
Triple X 0 Report post Posted August 24, 2004 Hm interesting, good work. I should keep this in mind for when I get my sub-domain. Share this post Link to post Share on other sites
Zenchi 0 Report post Posted August 25, 2004 I was just curious, but what is the reason to exclude exes? (Or am I reading this wrong? ^^ if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe') Share this post Link to post Share on other sites
iGuest 3 Report post Posted August 25, 2004 I was just curious, but what is the reason to exclude exes? (Or am I reading this wrong? ^^ if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe') I excluded .exe as an example. It just shows you how to protect against certain file types. I just chose .exe randomly. Share this post Link to post Share on other sites
Zenchi 0 Report post Posted August 25, 2004 I was just curious, but what is the reason to exclude exes? (Or am I reading this wrong? ^^ if($_POST['nameOfFile'] < 1 and substr($_FILES['uploadFile'], -4) != '.exe') I excluded .exe as an example. It just shows you how to protect against certain file types. I just chose .exe randomly. Ah.. that's very neat. I'm going to go disect that part of the code and figure out what it does. ^^ Share this post Link to post Share on other sites
Spectre 0 Report post Posted August 25, 2004 As for the first part: if($_POST['nameOfFile'] < 1I would assume that is to check that $_POST['nameOfFile'] (which is passed to the script from the form) does actually have a value. The fact that an integer comparison is used sort of makes it a little confusing though. I would have used either:if($_POST['nameOfFile'])[/br]// (because if a variable has an assigned value, then it will be returned as true) or[br]if($_POST['nameOfFile'] != ""[/br]// or[br]if(isset($_POST['nameOfFile'])But that's just me.substr($_FILES['uploadFile'], -4) != '.exe'This uses the substr(); function to select the last 4 characters of the filename entered, and then makes sure that are not '.exe'. Substr(); is used to select a certain portion of a string, eg:substr("My name is Spectre", 3)Will select all of the characters, starting at postion 3, so it would become 'name is Spectre'. Using a negative integer, eg. -4, will select the last -4 characters of the string.In an IF statement, 'x == y' means that 'x' is equal to 'y' (double equals sign is intentional), and 'x != y' means that 'x' is not equal to 'y'.Hope that sort of explains it for you.Checking the filename is certainly a good idea, but a binary check would be much more secure. Share this post Link to post Share on other sites
iGuest 3 Report post Posted August 25, 2004 As for the first part: if($_POST['nameOfFile'] < 1I would assume that is to check that $_POST['nameOfFile'] (which is passed to the script from the form) does actually have a value. The fact that an integer comparison is used sort of makes it a little confusing though. I would have used either: if($_POST['nameOfFile'])[/br]// (because if a variable has an assigned value, then it will be returned as true) or[br]if($_POST['nameOfFile'] != ""[/br]// or[br]if(isset($_POST['nameOfFile'])But that's just me. substr($_FILES['uploadFile'], -4) != '.exe'This uses the substr(); function to select the last 4 characters of the filename entered, and then makes sure that are not '.exe'. Substr(); is used to select a certain portion of a string, eg: substr("My name is Spectre", 3)Will select all of the characters, starting at postion 3, so it would become 'name is Spectre'. Using a negative integer, eg. -4, will select the last -4 characters of the string. In an IF statement, 'x == y' means that 'x' is equal to 'y' (double equals sign is intentional), and 'x != y' means that 'x' is not equal to 'y'. Hope that sort of explains it for you. Checking the filename is certainly a good idea, but a binary check would be much more secure. Spectre, about $_POST['nameOfFile'] < 1. I forgot 2 things here: First, it was supposed to be strlen($_POST['nameOfFIle']) < 1, and second, it's not supposed to be < 1, it's supposed to be > 1. I made two mistakes in that piece of code. Sorry about that. Share this post Link to post Share on other sites