Jump to content

[SOLVED] Uploader

unidox

By unidox
in PHP Coding Help

Recommended Posts

unidox Advanced Member

unidox

Posted
Posted

I am trying to make a script that uploads a file. But it keeps forwarding. Heres my code:

 

 elseif (($_GET['a'] == 'add_file') && ($_GET['go'] == true)) {
			if (($_POST['file'] != "") && ($_POST['file2'] == "")) {
				$id = $_GET['id'];
				if (!is_numeric($id)) {
					header("Location: index.php?p=error&h=pages&s=downloads&e=" . md5("id_12") . "");
					exit();
				}
				// Configuration
			    $upload_path = "../uploads/files/"; // The place the files will be uploaded to (currently a 'files' directory).

			   	$filename = $_FILES['file']['name']; // Get the name of the file (including file extension).
			   	$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
				$size = filesize($filename);

				if ($filename == "") {
					header("Location: index.php?p=pages&s=downloads&a=add_file&e=1");
					exit();
				}				

			   // Check if we can upload to the specified path, if not DIE and inform the user.
			   	if (!is_writable($upload_path)) {
			      	header("Location: index.php?p=pages&s=downloads&a=add_file&e=3");
			      	exit();
				}

				if (file_exists($upload_path . "download_" . $id . " - " . $filename)) {
					unlink($upload_path . "download_" . $id . " - " . $filename);
				}

				if ((move_uploaded_file($_FILES['file']['tmp_name'], $upload_path . "download_" . $id . " - " . $filename)) && (filesize($_FILES['file']['tmp_name']) > 0)) {
         			header("Location: index.php?p=success&h=pages&s=downloads&e=" . md5("upload_1") . "&name=" . $filename . "");
         			$url = "uploads/pics/" . "download_" . $id . " - " . $filename . "";
         			mysql_query("UPDATE `pcp_download` SET `file` = '$url', `size` = '$size' WHERE `download_id` = '$id'") or die(mysql_error());
         			$q = mysql_query("SELECT * FROM `pcp_downloads` WHERE `download_id` = '$id'") or die(mysql_error());
					$r = mysql_fetch_array($q);
					create_log("Added File to Download: \"" . $r['name'] . "\"", $user_name);
         			exit();
         		} else {
         			header("Location: index.php?p=error&h=pages&s=downloads&e=" . md5("upload_2") . "&name=" . $filename . "");
         		}
         	} elseif (($_POST['file'] == "") && ($_POST['file2'] != "")) {
				$id = $_GET['id'];
				if (!is_numeric($id)) {
					header("Location: index.php?p=error&h=pages&s=downloads&e=" . md5("id_12") . "");
					exit();
				}
				$file = $_POST['file2'];
				$size = filesize($file);
				header("Location: index.php?p=success&h=pages&s=downloads&e=" . md5("upload_1") . "&name=" . $file . "");
         			mysql_query("UPDATE `pcp_download` SET `file` = '$file', `size` = '$size' WHERE `download_id` = '$id'") or die(mysql_error());
         			$q = mysql_query("SELECT * FROM `pcp_downloads` WHERE `download_id` = '$id'") or die(mysql_error());
				$r = mysql_fetch_array($q);
				create_log("Added File to Download: \"" . $r['name'] . "\"", $user_name);
         			exit();
			} else {
				header("Location: index.php?p=pages&s=downloads&a=add_file&e=4");
			    exit();
			}
		}

 

and the form:

<form action="index.php?p=pages&s=downloads&a=add_file&go=true&id=2" enctype="multipart/form-data" method="POST">
<table width="600" border="0" cellpadding="5" cellspacing="1" class="entryTable">
	<tr class="entryTableHeader"> 
		<td colspan="2" style="text-align: left">Add File:</td>
	</tr>
	<?
	$q = mysql_query("SELECT * FROM `pcp_downloads` WHERE `download_id` = '$id'") or die(mysql_error());
	$r = mysql_fetch_array($q);	
	if ($r['file'] != "") {
	?>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">Current File:<br /><a href="index.php?p=pages&s=downloads&a=del_file&go=true&id=<?=$id?>" class="link2">Remove File</a></td>
		<td class="content" style="text-align: left" valign="top"><a href="../<?=$r['file']?>"><?=$r['file']?></a><br />The file will be overrighten.</td>
	</tr>
	<?
	} else {
	?>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">Current File:</td>
		<td class="content" style="text-align: left" valign="top">No File</td>
	</tr>
	<?
	}
	?>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">
		File: <? req(); ?>
		<?
		if ($_GET['e'] == 1) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> Please upload a file.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            } elseif ($_GET['e'] == 3) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> Not allowed to write to the uploads dir! Please chmod to 777!', 300)\"; onMouseout=\"hideddrivetip()\" />";
            } elseif ($_GET['e'] == 4) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> You can not upload both a local file and a remote file. Please choose.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            }
		?></td>
		<td class="content" style="text-align: left" valign="top">
		<input name="file" class="login" type="file" /></td>
	</tr>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">
		</td>
		<td class="content" style="text-align: left" valign="top">
		Or</td>
	</tr>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">
		File: <? req(); ?>
		<?
		if ($_GET['e'] == 1) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> Please upload a file.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            } elseif ($_GET['e'] == 4) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> You can not upload both a local file and a remote file. Please choose.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            }
		?></td>
		<td class="content" style="text-align: left" valign="top">
		<input name="file2" class="login" size="18" value="<?=$r['file']?>" /></td>
	</tr>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top"></td>
		<td class="content" style="text-align: left" valign="top"><input class="submit2" value="" type="submit"></td>
	</tr>
</table>
</form>

 

When I look at the html source for the form, it shows the correct id, as 2. But when I submit the form with a download, it forwards to the invalid id, line "if (!is_numeric($id)) {"

 

Can someone help please? Thanks

Link to comment
https://forums.phpfreaks.com/topic/111363-solved-uploader/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.