upload forms help

[pleek]

Hello, i am designing a website for my own personal use but im having trouble with upload forms. I found out how to upload the a directory on my site but heres the problem. I need a form that when you select (from a drop down box) the name of the file to be uploaded, when you browes it will only let you upload the file with the exact name and extenction. So like if i want to upload only .jpg's and i select "game" from the menu. The form will only allow "game.jpg" to be uploaded.

 

Thanks in advance,

Pleek

[dezkit]

I don't understand what you want do to, is that supposed to be done with javascript too? Can you further elaborate, we will help you, but you also need a code for us to look at.

[pleek]

ok sorry, here is the code im currently using. Just a generic code that works to upload any file up to 100kb to the "game" dir. Yes i know its not very safe but its only open to me right now.

 

upload form

<form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form>

 

upload.php

<?php

$target_path = "Games/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has been uploaded";
} else{
    echo "There was an error uploading the file, please try again!";
}


?>

 

And if you need javascript to do this that would be fine. This is what i need, i am using games as a generic term for what we're uploading...

 

1. First you select the name of the game you want to upload - i select "bike_game" as my game.

2. Then the upload form appears (optional).

3. Then when you select browse you can only select/upload so i would only be able to upload "bike_game.exe"\

 

if you still have questions please ask.

[dezkit]

does it have to be any extension, or just .exe?

[ShiloVir]

im sorry. But looking at this script it is very unsecure. It looks like a 5 year old wrote it. I would strongly advise you NOT to upload this to your webserver because if you do people will start uploading random garbage and even upload stuff that has the exec(); function in it and they will start to mess up your server.

 

Just a warning...

[pleek]

to the first question, no it does not have to be exe. but i would like to be able to set which extentions are allowed. to the second post, yes i know. thats what one thing i need help with.

[PFMaBiSmAd]

HTML forms cannot set or specify a file extension to be listed in the file selection list. To do what you ask requires that you use a flash form. Take a look at this link - http://swfupload.org/

[pleek]

ok, thanks for that site man. Im trying out that right now. Ill get back to you if i have any more problems. thanks!

[pleek]

ok, so i check out the swfupload and it was pretty cool. But not really what i need. So i did a little more google searching and i found this php code which does allow you to check the files extension before uploading. I can modify this to work but i need to know is it secure enough for an admin section in my script?

 

form.php

<form action="upload.php" method="post" ENCTYPE="multipart/form-data">
File: <input type="file" name="file" size="30"> <input type="submit" value="Upload!">
</form>

upload.php

 

 <?php
// ==============
// Configuration
// ==============
$uploaddir = "uploads"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
$allowed_ext = "jpg, gif, png, pdf"; // These are the allowed extensions of the files that are uploaded
$max_size = "50000"; // 50000 is the same as 50kb
$max_height = "100"; // This is in pixels - Leave this field empty if you don't want to upload images
$max_width = "100"; // This is in pixels - Leave this field empty if you don't want to upload images

// Check Entension
$extension = pathinfo($_FILES['file']['name']);
$extension = $extension[extension];
$allowed_paths = explode(", ", $allowed_ext);
for($i = 0; $i < count($allowed_paths); $i++) {
if ($allowed_paths[$i] == "$extension") {
$ok = "1";
}
}

// Check File Size
if ($ok == "1") {
if($_FILES['file']['size'] > $max_size)
{
print "File size is too big!";
exit;
}

// Check Height & Width
if ($max_width && $max_height) {
list($width, $height, $type, $w) = getimagesize($_FILES['file']['tmp_name']);
if($width > $max_width || $height > $max_height)
{
print "File height and/or width are too big!";
exit;
}
}

// The Upload Part
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
}
print "Your file has been uploaded successfully! Yay!";
} else {
print "Incorrect file extension!";
}
?>

[pleek]

grrr. all i need is a secure form that will only upload the specified file size and extension. please somebody help me!!!!!!! lol but i do need help.