Jump to content

[SOLVED] Uploader

unidox

By unidox
in PHP Coding Help

 Share

Recommended Posts

unidox Advanced Member

unidox

Posted
Posted

I am trying to make a script that uploads a file. But it keeps forwarding. Heres my code:

 

 elseif (($_GET['a'] == 'add_file') && ($_GET['go'] == true)) {
			if (($_POST['file'] != "") && ($_POST['file2'] == "")) {
				$id = $_GET['id'];
				if (!is_numeric($id)) {
					header("Location: index.php?p=error&h=pages&s=downloads&e=" . md5("id_12") . "");
					exit();
				}
				// Configuration
			    $upload_path = "../uploads/files/"; // The place the files will be uploaded to (currently a 'files' directory).

			   	$filename = $_FILES['file']['name']; // Get the name of the file (including file extension).
			   	$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
				$size = filesize($filename);

				if ($filename == "") {
					header("Location: index.php?p=pages&s=downloads&a=add_file&e=1");
					exit();
				}				

			   // Check if we can upload to the specified path, if not DIE and inform the user.
			   	if (!is_writable($upload_path)) {
			      	header("Location: index.php?p=pages&s=downloads&a=add_file&e=3");
			      	exit();
				}

				if (file_exists($upload_path . "download_" . $id . " - " . $filename)) {
					unlink($upload_path . "download_" . $id . " - " . $filename);
				}

				if ((move_uploaded_file($_FILES['file']['tmp_name'], $upload_path . "download_" . $id . " - " . $filename)) && (filesize($_FILES['file']['tmp_name']) > 0)) {
         			header("Location: index.php?p=success&h=pages&s=downloads&e=" . md5("upload_1") . "&name=" . $filename . "");
         			$url = "uploads/pics/" . "download_" . $id . " - " . $filename . "";
         			mysql_query("UPDATE `pcp_download` SET `file` = '$url', `size` = '$size' WHERE `download_id` = '$id'") or die(mysql_error());
         			$q = mysql_query("SELECT * FROM `pcp_downloads` WHERE `download_id` = '$id'") or die(mysql_error());
					$r = mysql_fetch_array($q);
					create_log("Added File to Download: \"" . $r['name'] . "\"", $user_name);
         			exit();
         		} else {
         			header("Location: index.php?p=error&h=pages&s=downloads&e=" . md5("upload_2") . "&name=" . $filename . "");
         		}
         	} elseif (($_POST['file'] == "") && ($_POST['file2'] != "")) {
				$id = $_GET['id'];
				if (!is_numeric($id)) {
					header("Location: index.php?p=error&h=pages&s=downloads&e=" . md5("id_12") . "");
					exit();
				}
				$file = $_POST['file2'];
				$size = filesize($file);
				header("Location: index.php?p=success&h=pages&s=downloads&e=" . md5("upload_1") . "&name=" . $file . "");
         			mysql_query("UPDATE `pcp_download` SET `file` = '$file', `size` = '$size' WHERE `download_id` = '$id'") or die(mysql_error());
         			$q = mysql_query("SELECT * FROM `pcp_downloads` WHERE `download_id` = '$id'") or die(mysql_error());
				$r = mysql_fetch_array($q);
				create_log("Added File to Download: \"" . $r['name'] . "\"", $user_name);
         			exit();
			} else {
				header("Location: index.php?p=pages&s=downloads&a=add_file&e=4");
			    exit();
			}
		}

 

and the form:

<form action="index.php?p=pages&s=downloads&a=add_file&go=true&id=2" enctype="multipart/form-data" method="POST">
<table width="600" border="0" cellpadding="5" cellspacing="1" class="entryTable">
	<tr class="entryTableHeader"> 
		<td colspan="2" style="text-align: left">Add File:</td>
	</tr>
	<?
	$q = mysql_query("SELECT * FROM `pcp_downloads` WHERE `download_id` = '$id'") or die(mysql_error());
	$r = mysql_fetch_array($q);	
	if ($r['file'] != "") {
	?>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">Current File:<br /><a href="index.php?p=pages&s=downloads&a=del_file&go=true&id=<?=$id?>" class="link2">Remove File</a></td>
		<td class="content" style="text-align: left" valign="top"><a href="../<?=$r['file']?>"><?=$r['file']?></a><br />The file will be overrighten.</td>
	</tr>
	<?
	} else {
	?>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">Current File:</td>
		<td class="content" style="text-align: left" valign="top">No File</td>
	</tr>
	<?
	}
	?>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">
		File: <? req(); ?>
		<?
		if ($_GET['e'] == 1) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> Please upload a file.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            } elseif ($_GET['e'] == 3) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> Not allowed to write to the uploads dir! Please chmod to 777!', 300)\"; onMouseout=\"hideddrivetip()\" />";
            } elseif ($_GET['e'] == 4) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> You can not upload both a local file and a remote file. Please choose.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            }
		?></td>
		<td class="content" style="text-align: left" valign="top">
		<input name="file" class="login" type="file" /></td>
	</tr>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">
		</td>
		<td class="content" style="text-align: left" valign="top">
		Or</td>
	</tr>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top">
		File: <? req(); ?>
		<?
		if ($_GET['e'] == 1) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> Please upload a file.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            } elseif ($_GET['e'] == 4) {
                echo "<img src=\"images/info.gif\" width=\"11\" height=\"11\" alt=\"\" onMouseover=\"ddrivetip('<strong class=red>Error:</strong> You can not upload both a local file and a remote file. Please choose.', 300)\"; onMouseout=\"hideddrivetip()\" />";
            }
		?></td>
		<td class="content" style="text-align: left" valign="top">
		<input name="file2" class="login" size="18" value="<?=$r['file']?>" /></td>
	</tr>
	<tr>
		<td width="150" class="content" style="text-align: left" valign="top"></td>
		<td class="content" style="text-align: left" valign="top"><input class="submit2" value="" type="submit"></td>
	</tr>
</table>
</form>

 

When I look at the html source for the form, it shows the correct id, as 2. But when I submit the form with a download, it forwards to the invalid id, line "if (!is_numeric($id)) {"

 

Can someone help please? Thanks

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.