Jump to content


Photo

upload script help


  • Please log in to reply
2 replies to this topic

#1 catherinePHP

catherinePHP

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 26 April 2013 - 03:21 PM

What should I edit to tell the script to give the uploaded file url instead of refreshing to a website?

 

here is the code:

<?php

define('DESTINATION_FOLDER','C:\xampp\uploads\\');
define('MAX_FILE_SIZE', 0);
define('SUCCESS_URL','http://www.example.com/upload-success.html');
$exts = array();
define('RENAME_FILE', true);
define('APPEND_STRING', '');
define('DO_LOG', true);
define('DB_HOST','localhost'); // host, usually localhost
define('DB_DATABASE','upload'); // database name
define('DB_USERNAME','root'); // username
define('DB_PASSWORD',''); // password


@set_time_limit(172800);



function showUploadForm($message='') {
  $max_file_size_tag = '';
  if (MAX_FILE_SIZE > 0) {
    // convert to bytes
    $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n";
  }

  // Load form template
  include ('file-upload.html');
}

// errors list
$errors = array();

$message = '';

// we should not exceed php.ini max file size
$ini_maxsize = ini_get('upload_max_filesize');
if (!is_numeric($ini_maxsize)) {
  if (strpos($ini_maxsize, 'M') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024;
  elseif (strpos($ini_maxsize, 'K') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024;
  elseif (strpos($ini_maxsize, 'G') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024*1024;
}
if ($ini_maxsize < MAX_FILE_SIZE*1024) {
  $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE";
}

if (!isset($_POST['submit'])) {
  showUploadForm(join('',$errors));
}

else {
  
  while(true) {

    if (!@file_exists(DESTINATION_FOLDER)) {
      $errors[] = "Destination folder does not exist or no permissions to see it.";
      break;
    }

    $error_code = $_FILES['filename']['error'];
    if ($error_code != UPLOAD_ERR_OK) {
      switch($error_code) {
        case UPLOAD_ERR_INI_SIZE: 
          $errors[] = "File is too big (1).";
          break;
        case UPLOAD_ERR_FORM_SIZE: 
          $errors[] = "File is too big (2).";
          break;
        case UPLOAD_ERR_PARTIAL:
          $errors[] = "Could not upload file (1).";
          break;
        case UPLOAD_ERR_NO_FILE:
          $errors[] = "Could not upload file (2).";
          break;
        case UPLOAD_ERR_NO_TMP_DIR:
          $errors[] = "Could not upload file (3).";
          break;
        case UPLOAD_ERR_CANT_WRITE:
          $errors[] = "Could not upload file (4).";
          break;
        case 8:
          $errors[] = "Could not upload file (5).";
          break;
      } 

      break;
    }

    $filename = @basename($_FILES['filename']['name']);

    $tmp_filename = $_FILES['filename']['tmp_name'];

    $file_ext = @strtolower(@strrchr($filename,"."));
    if (@strpos($file_ext,'.') === false) { // no dot? strange
      $errors[] = "Suspicious file name or could not determine file extension.";
      break;
    }
    $file_ext = @substr($file_ext, 1); // remove dot

    if (count($exts)) {   
      if (!@in_array($file_ext, $exts)) {
        $errors[] = "Files of this type are not allowed for upload.";
        break;
      }
    }

    $dest_filename = $filename;
    if (RENAME_FILE) {
      $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext;
    }
    $dest_filename = $dest_filename . APPEND_STRING;

    $filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename);

    if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) {
      $errors[] = "File is too big (3).";
      break;
    }

    if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) {
      $errors[] = "Could not upload file (6).";
      break;
    }

    if (DO_LOG) {
      $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);
      if (!$link) {
        $errors[] = "Could not connect to mysql.";
        break;
      }
      $res = @mysql_select_db(DB_DATABASE, $link);
      if (!$res) {
        $errors[] = "Could not select database.";
        break;
      }
      $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
      $m_size = $filesize;
      $m_fname = mysql_real_escape_string($dest_filename);
      $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')";
      $res = @mysql_query($sql);
      if (!$res) {
        $errors[] = "Could not run query.";
        break;
      }
      @mysql_free_result($res);
      @mysql_close($link);
    } // if (DO_LOG)


    header('Location: ' . SUCCESS_URL);
    die();

    break;

  } // while(true)

  // Errors. Show upload form.
  $message = join('',$errors);
  showUploadForm($message);

}

?>

Edited by catherinePHP, 26 April 2013 - 03:22 PM.


#2 darkfreaks

darkfreaks

    Advanced Member

  • Members
  • PipPipPip
  • 4,943 posts
  • LocationAustin,Texas

Posted 26 April 2013 - 04:40 PM

change

header('Location: ' . SUCCESS_URL);

 to

echo SUCCESS_URL;

 this should output the success_url variable instead of redirecting it.



#3 catherinePHP

catherinePHP

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 27 April 2013 - 05:04 AM

change

header('Location: ' . SUCCESS_URL);

 to

echo SUCCESS_URL;

 this should output the success_url variable instead of redirecting it.

 

Thank you that helped! It works properly but it doesn't give you the correct link. The script is programmed to rename the file after it gets uploaded. your solution outputs the name of the file before it gets renamed. how can I fix this?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com