upload script help

catherinePHP · April 26, 2013

What should I edit to tell the script to give the uploaded file url instead of refreshing to a website?

here is the code:

<?php

define('DESTINATION_FOLDER','C:\xampp\uploads\\');
define('MAX_FILE_SIZE', 0);
define('SUCCESS_URL','http://www.example.com/upload-success.html');
$exts = array();
define('RENAME_FILE', true);
define('APPEND_STRING', '');
define('DO_LOG', true);
define('DB_HOST','localhost'); // host, usually localhost
define('DB_DATABASE','upload'); // database name
define('DB_USERNAME','root'); // username
define('DB_PASSWORD',''); // password


@set_time_limit(172800);



function showUploadForm($message='') {
  $max_file_size_tag = '';
  if (MAX_FILE_SIZE > 0) {
    // convert to bytes
    $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n";
  }

  // Load form template
  include ('file-upload.html');
}

// errors list
$errors = array();

$message = '';

// we should not exceed php.ini max file size
$ini_maxsize = ini_get('upload_max_filesize');
if (!is_numeric($ini_maxsize)) {
  if (strpos($ini_maxsize, 'M') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024;
  elseif (strpos($ini_maxsize, 'K') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024;
  elseif (strpos($ini_maxsize, 'G') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024*1024;
}
if ($ini_maxsize < MAX_FILE_SIZE*1024) {
  $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE";
}

if (!isset($_POST['submit'])) {
  showUploadForm(join('',$errors));
}

else {
  
  while(true) {

    if (!@file_exists(DESTINATION_FOLDER)) {
      $errors[] = "Destination folder does not exist or no permissions to see it.";
      break;
    }

    $error_code = $_FILES['filename']['error'];
    if ($error_code != UPLOAD_ERR_OK) {
      switch($error_code) {
        case UPLOAD_ERR_INI_SIZE: 
          $errors[] = "File is too big (1).";
          break;
        case UPLOAD_ERR_FORM_SIZE: 
          $errors[] = "File is too big (2).";
          break;
        case UPLOAD_ERR_PARTIAL:
          $errors[] = "Could not upload file (1).";
          break;
        case UPLOAD_ERR_NO_FILE:
          $errors[] = "Could not upload file (2).";
          break;
        case UPLOAD_ERR_NO_TMP_DIR:
          $errors[] = "Could not upload file (3).";
          break;
        case UPLOAD_ERR_CANT_WRITE:
          $errors[] = "Could not upload file (4).";
          break;
        case 8:
          $errors[] = "Could not upload file (5).";
          break;
      } 

      break;
    }

    $filename = @basename($_FILES['filename']['name']);

    $tmp_filename = $_FILES['filename']['tmp_name'];

    $file_ext = @strtolower(@strrchr($filename,"."));
    if (@strpos($file_ext,'.') === false) { // no dot? strange
      $errors[] = "Suspicious file name or could not determine file extension.";
      break;
    }
    $file_ext = @substr($file_ext, 1); // remove dot

    if (count($exts)) {   
      if (!@in_array($file_ext, $exts)) {
        $errors[] = "Files of this type are not allowed for upload.";
        break;
      }
    }

    $dest_filename = $filename;
    if (RENAME_FILE) {
      $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext;
    }
    $dest_filename = $dest_filename . APPEND_STRING;

    $filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename);

    if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) {
      $errors[] = "File is too big (3).";
      break;
    }

    if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) {
      $errors[] = "Could not upload file (6).";
      break;
    }

    if (DO_LOG) {
      $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);
      if (!$link) {
        $errors[] = "Could not connect to mysql.";
        break;
      }
      $res = @mysql_select_db(DB_DATABASE, $link);
      if (!$res) {
        $errors[] = "Could not select database.";
        break;
      }
      $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
      $m_size = $filesize;
      $m_fname = mysql_real_escape_string($dest_filename);
      $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')";
      $res = @mysql_query($sql);
      if (!$res) {
        $errors[] = "Could not run query.";
        break;
      }
      @mysql_free_result($res);
      @mysql_close($link);
    } // if (DO_LOG)


    header('Location: ' . SUCCESS_URL);
    die();

    break;

  } // while(true)

  // Errors. Show upload form.
  $message = join('',$errors);
  showUploadForm($message);

}

?>

Edited April 26, 2013 by catherinePHP

darkfreaks · April 26, 2013

change

header('Location: ' . SUCCESS_URL);

to

echo SUCCESS_URL;

this should output the success_url variable instead of redirecting it.

catherinePHP · April 27, 2013

change
header('Location: ' . SUCCESS_URL);
to
echo SUCCESS_URL;
this should output the success_url variable instead of redirecting it.

Thank you that helped! It works properly but it doesn't give you the correct link. The script is programmed to rename the file after it gets uploaded. your solution outputs the name of the file before it gets renamed. how can I fix this?

Sign In

upload script help

Recommended Posts

catherinePHP

Link to comment

Share on other sites

darkfreaks

Link to comment

Share on other sites

catherinePHP

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information