Jump to content

Recommended Posts

Hello, i am designing a website for my own personal use but im having trouble with upload forms. I found out how to upload the a directory on my site but heres the problem. I need a form that when you select (from a drop down box) the name of the file to be uploaded, when you browes it will only let you upload the file with the exact name and extenction. So like if i want to upload only .jpg's and i select "game" from the menu. The form will only allow "game.jpg" to be uploaded.

 

Thanks in advance,

Pleek

Link to comment
https://forums.phpfreaks.com/topic/134710-upload-forms-help/
Share on other sites

ok sorry, here is the code im currently using. Just a generic code that works to upload any file up to 100kb to the "game" dir. Yes i know its not very safe but its only open to me right now.

 

upload form

<form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

 

upload.php

<?php

$target_path = "Games/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}


?>

 

And if you need javascript to do this that would be fine. This is what i need, i am using games as a generic term for what we're uploading...

 

1. First you select the name of the game you want to upload - i select "bike_game" as my game.

2. Then the upload form appears (optional).

3. Then when you select browse you can only select/upload so i would only be able to upload "bike_game.exe"\

 

if you still have questions please ask.

Link to comment
https://forums.phpfreaks.com/topic/134710-upload-forms-help/#findComment-701440
Share on other sites

im sorry. But looking at this script it is very unsecure. It looks like a 5 year old wrote it. I would strongly advise you NOT to upload this to your webserver because if you do people will start uploading random garbage and even upload stuff that has the exec(); function in it and they will start to mess up your server.

 

Just a warning...

Link to comment
https://forums.phpfreaks.com/topic/134710-upload-forms-help/#findComment-701443
Share on other sites

ok, so i check out the swfupload and it was pretty cool. But not really what i need. So i did a little more google searching and i found this php code which does allow you to check the files extension before uploading. I can modify this to work but i need to know is it secure enough for an admin section in my script?

 

form.php

<form action="upload.php" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="file" size="30"> <input type="submit" value="Upload!">
</form>

upload.php

 

 <?php
// ==============
// Configuration
// ==============
$uploaddir = "uploads"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
$allowed_ext = "jpg, gif, png, pdf"; // These are the allowed extensions of the files that are uploaded
$max_size = "50000"; // 50000 is the same as 50kb
$max_height = "100"; // This is in pixels - Leave this field empty if you don't want to upload images
$max_width = "100"; // This is in pixels - Leave this field empty if you don't want to upload images

// Check Entension
$extension = pathinfo($_FILES['file']['name']);
$extension = $extension[extension];
$allowed_paths = explode(", ", $allowed_ext);
for($i = 0; $i < count($allowed_paths); $i++) {
if ($allowed_paths[$i] == "$extension") {
$ok = "1";
}
}

// Check File Size
if ($ok == "1") {
if($_FILES['file']['size'] > $max_size)
{
print "File size is too big!";
exit;
}

// Check Height & Width
if ($max_width && $max_height) {
list($width, $height, $type, $w) = getimagesize($_FILES['file']['tmp_name']);
if($width > $max_width || $height > $max_height)
{
print "File height and/or width are too big!";
exit;
}
}

// The Upload Part
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}
print "Your file has been uploaded successfully! Yay!";
} else {
print "Incorrect file extension!";
}
?>

Link to comment
https://forums.phpfreaks.com/topic/134710-upload-forms-help/#findComment-702592
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.