cheezian

O_O Scary file named del.php...but I don't think it worked?

Yes :-\ I like giving users that freedom...plus they can't execute any files can they?

Hi, I've created a simple file uploading form and a page that allows people to download their file without linking directly to it. I've not allowed direct linking, and if someone does, their link becomes invalid within 24 hours. I've also not allowed the running of PHP scripts from the upload directory via a .htaccess setting. I'm sure there security flaws in this script but I'm not experienced enough in PHP to know. You can check out the code in action here: http://cheezit.zapto.org/index.php?p=upload and the code for the upload form... echo '<h2>Easy File Sharing</h2> Upload files easily and share them with your friends or on a forum! After you hit "Upload" you will be given a link that anyone can use anywhere to download your file. <br><br> <div style="font-variant: small-caps">Disclaimer: We cannot guarantee that your files will remain online. Illegal material will be removed immediately. Other that, we have a freedom of access policy. Do not use this as your only form of backup. The only way to delete your files is to contact us.</div> <br><br> <center><form action="index.php?p=uploader" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br />'; require_once('recaptchalib.php'); $publickey = "6LeMOwcAAAAAAL-3-BKTjzd1sqSCmOwrMpQoMx0p"; // you got this from the signup page echo recaptcha_get_html($publickey); echo '<br><input type="submit" name="submit" value="Upload" /> </form></center>'; the code that handles the form.. echo "<h2>Easy File Sharing</h2>"; $myFile = "uploaddirectory"; $fh = fopen($myFile, 'r'); $theData = fread($fh, 9); fclose($fh); require_once('recaptchalib.php'); $privatekey = " 6LeMOwcAAAAAAPwUdh8QoFw8T4VwPLX8_Z6__PjF "; $resp = recaptcha_check_answer ($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if (!$resp->is_valid) { die ("The reCAPTCHA wasn't entered correctly. Go back and try it again." . "(reCAPTCHA said: " . $resp->error . ")"); } else{ if ($_FILES["file"]["size"] < 2000000000000){ if ($_FILES["file"]["error"] > 1) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Filename: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; //echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("$theData" . "/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. Just rename your file before uploading. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "$theData" . "/" . $_FILES["file"]["name"]); //echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; echo "<br><br>You may access your file at the following link >><br> <a href=\"http://cheezit.zapto.org/fileviewer.php?t=upload&f=" . $_FILES["file"]["name"] . "\">" . "http://cheezit.zapto.org/fileviewer.php?t=upload&f=" . $_FILES["file"]["name"] . "</a>"; } } } else echo "File too large! If you are spamming you will be banned swiftly with the power like that of a god."; } and finally the code that lets users download a file $filename = $_GET['f']; $type = $_GET['t']; if($type == "img"){ echo "<b>You are viewing $filename </b><br><br>"; echo "<img src=\"files/$filename\">"; } if($type == "upload"){ //echo "Please be patient! You're on your way to download a file! This will take FIVE seconds, do not leave this page!<br>File sharers: DO NOT directly link to the file you are about to see! In 5 minutes the direct link will not work, use the URL you see in your address bar now!<br>Make sure you're sharing the correct link <a href=\"fileviewer.php?t=img&f=correctLink.png\">here.</a>"; echo "Attention File Sharers! DO NOT directly link to the file below! Use the URL that is currently in your address bar, or the link that appeared on the previous page. <a href=\"fileviewer.php?t=img&f=correctLink.png\">Click here</a> to make sure you're sharing/saving the correct link.<br><br><br><br><a href=\"http://cheezit.zapto.org/" . $theData . "/" . $filename . "\"><h2><b>CLICK HERE TO DOWNLOAD THE FILE</b></h2></a>"; } else{ echo ""; } Can you point out any flaws? Thanks