[HTML] Need help with upload scripts

[samppa]

Well, i'm hosting Apache httpd website on my own comp and i want add uploading script but i'm not skilled enought to do that. I tried to look scripts using google but all req.s some extra programs (perl, php stuff), that i don't know how to use...

I want add that uploading possibilty to my site because i want share files with my friends. So i need tutorial how to add upload script & what i need to do that.

My website upload Well, i used one script, but i'm getting error...

I hope you can help.

 

[kip0130]

well use a PHP script instead of a CGI one and use a PHP script that has a SQl database and you will most likely not get that error

 

[samppa]

But then i need to download phpmyadmin and mysql?

 

[KyleEnos]

Uploading File via PHP:

put the following code in one file (upload.php)
create a directory called images or whatever you want. Don't forget to change $upload_dir = "images/";
(images being the name of your directory)

<html>

<head>
<title>Upload File</title>
</head>

<form action="upload.php" method="post" enctype="multipart/form-data">
Browse a File to Upload:<br>
<input type="file" name="filetoupload"><br>
<input type="hidden" name="MAX_FILE_SIZE" value="<?echo $size_bytes; ?>">
<br>
<input type="Submit" value="Upload File">
</form>

<?php
//**********************************************************************//
//  $_FILES['filetoupload']  is the value of                            //
// file field from the form. <input type="file" name="filetoupload">    //
//**********************************************************************//

// this is the upload dir where files will go.
//Don't remove the /
//Chmod it (777)
$upload_dir = "http://forum.ragezone.com/images/";   //change to whatever you want.
// files less than 1MB
$size_bytes = 1048576; //bytes  will be uploaded
$limit_file_type = "no"; //Do you want to limit the types of files uploaded. (yes/no)
// specify file types.
$allowed_file_type = array('image/gif',
                          'image/pjpeg',
                          'image/jpeg',
                          'image/png',
                          'image/jpg');

         //check if the directory exist or not.
         if (!is_dir("$upload_dir")) {
     die ("The directory <b>($upload_dir)</b> doesn't exist");
         }
         //check if the directory is writable.
         if (!is_writeable("$upload_dir")){
            die ("The directory <b>($upload_dir)</b> is NOT writable, Please Chmod (777)");
         }

//Check first if a file has been selected
//is_uploaded_file('filename') returns true if
//a file was uploaded via HTTP POST. Returns false otherwise.
if (is_uploaded_file($_FILES['filetoupload']['tmp_name']))
{//begin of is_uploaded_file

        //Get the Size of the File
        $size = $_FILES['filetoupload']['size'];
        //Make sure that $size is less than 1MB (1000000 bytes)
        if ($size > $size_bytes)
        {
            echo "File Too Large. File must be <b>$size_bytes</b> bytes.";
            exit();
        }
             //check file type
        if (($limit_file_type == "yes") && (!in_array($_FILES['filetoupload']['type'],$allowed_file_type)))
        {
            echo"wrong file type";
            exit();
        }

        // $filename will hold the value of the file name submetted from the form.
        $filename =  $_FILES['filetoupload']['name'];
        // Check if file is Already EXISTS.
        if(file_exists($upload_dir.$filename)){
            echo "Oops! The file named <b>$filename </b>already exists";
            exit();
        }

        //Move the File to the Directory of your choice
        //move_uploaded_file('filename','destination') Moves afile to a new location.
        if (move_uploaded_file($_FILES['filetoupload']['tmp_name'],$upload_dir.$filename)) {

           //tell the user that the file has been uploaded and make him alink too;).
           echo "File (<a href=$upload_dir$filename>$filename</a>) uploaded!";
           exit();

        }
        else
        {
            //Print error
            echo "There was a problem moving your file";
            exit();
        }
}//end of is_uploaded_file


?>

What was used:

-The Super Global Variable $_FILES is used in PHP 4.x.x.

$_FILES['upload']['size'] ==> Get the Size of the File in Bytes.
$_FILES['upload']['tmp_name'] ==> Returns the Temporary Name of the File.
$_FILES['upload']['name'] ==> Returns the Actual Name of the File.
$_FILES['upload']['type'] ==> Returns the Type of the File.

****************
-Functions used

1- (!is_dir("$upload_dir"))
checks if the directory exist or not.

2- (!is_writeable("$upload_dir"))
checks if the directory is writable.

3- (is_uploaded_file($_FILES['filetoupload']['tmp_name'])
Checks first if a file has been selected

4- (!in_array($_FILES['filetoupload']['type'],$allowed_file_type))
checks file type eg. "gif,jpg etc."

5- (file_exists($upload_dir.$filename))
Checks if file is Already EXISTS.

6- (move_uploaded_file($_FILES['filetoupload']['tmp_name'],$upload_dir.$filename))
Moves the File to the Directory of your choice eg. "images"

If there's any errors/mistakes in my code, just tell me and I'll edit.


If you don't know how to perform all of these instructions, just quit right now and don't bother making a website.

 

[samppa]

Well, modifying that is easy but setting up php is not... >.> I tried use one tutorial that i found from internet but now it whines error...

Forbidden
You don't have permission to access /php/php.exe/dl/Upload.php on this server.

 

[Mario_Party]

I would be very careful when it comes to uploading files, especially as you are hosting it yourself. It can be very easy for other people to upload nasty files that could be potentially fatal.

 

[samppa]

Yah, i know, but how i can change file access? I'm running on xp. And when i get that working, i can add password to that file.

 

[KyleEnos]

It's a matter of setting permissions.
It's not the script that's disabling users from uploading a file, it's your whole security setup.

 

[DeathArt]

Well, regarding upload security

<?php
str_replace("php","phps",$extension);
?>

do wonders.

If .php is your only executeable extension, it's foolproof secure. I've been running sites with such for almost five years now, and seen countless amount of shellscripts uploaded without ever working

 

[Darth]

samppa ok u got a script nice, now u need to setup a webserver.. i advice Xampp its a one-click start up for php,mysql,apache... and comes with phpmyadmin.. use this and ur life will be easier sure mine is!

And if u want another way to upload files check out Pixel2Life

 

[samppa]

I'll check that xampp

 

[samppa]

Well... i got new error with xampp.

No more error, fixes now.