Jump to content

upload script help

catherinePHP

By catherinePHP
in Third Party Scripts

Recommended Posts

catherinePHP Newbie

catherinePHP

Posted
Posted

What should I edit to tell the script to give the uploaded file url instead of refreshing to a website?

 

here is the code:

<?php

define('DESTINATION_FOLDER','C:\xampp\uploads\\');
define('MAX_FILE_SIZE', 0);
define('SUCCESS_URL','http://www.example.com/upload-success.html');
$exts = array();
define('RENAME_FILE', true);
define('APPEND_STRING', '');
define('DO_LOG', true);
define('DB_HOST','localhost'); // host, usually localhost
define('DB_DATABASE','upload'); // database name
define('DB_USERNAME','root'); // username
define('DB_PASSWORD',''); // password


@set_time_limit(172800);



function showUploadForm($message='') {
  $max_file_size_tag = '';
  if (MAX_FILE_SIZE > 0) {
    // convert to bytes
    $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n";
  }

  // Load form template
  include ('file-upload.html');
}

// errors list
$errors = array();

$message = '';

// we should not exceed php.ini max file size
$ini_maxsize = ini_get('upload_max_filesize');
if (!is_numeric($ini_maxsize)) {
  if (strpos($ini_maxsize, 'M') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024;
  elseif (strpos($ini_maxsize, 'K') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024;
  elseif (strpos($ini_maxsize, 'G') !== false)
    $ini_maxsize = intval($ini_maxsize)*1024*1024*1024;
}
if ($ini_maxsize < MAX_FILE_SIZE*1024) {
  $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE";
}

if (!isset($_POST['submit'])) {
  showUploadForm(join('',$errors));
}

else {
  
  while(true) {

    if (!@file_exists(DESTINATION_FOLDER)) {
      $errors[] = "Destination folder does not exist or no permissions to see it.";
      break;
    }

    $error_code = $_FILES['filename']['error'];
    if ($error_code != UPLOAD_ERR_OK) {
      switch($error_code) {
        case UPLOAD_ERR_INI_SIZE: 
          $errors[] = "File is too big (1).";
          break;
        case UPLOAD_ERR_FORM_SIZE: 
          $errors[] = "File is too big (2).";
          break;
        case UPLOAD_ERR_PARTIAL:
          $errors[] = "Could not upload file (1).";
          break;
        case UPLOAD_ERR_NO_FILE:
          $errors[] = "Could not upload file (2).";
          break;
        case UPLOAD_ERR_NO_TMP_DIR:
          $errors[] = "Could not upload file (3).";
          break;
        case UPLOAD_ERR_CANT_WRITE:
          $errors[] = "Could not upload file (4).";
          break;
        case 8:
          $errors[] = "Could not upload file (5).";
          break;
      } 

      break;
    }

    $filename = @basename($_FILES['filename']['name']);

    $tmp_filename = $_FILES['filename']['tmp_name'];

    $file_ext = @strtolower(@strrchr($filename,"."));
    if (@strpos($file_ext,'.') === false) { // no dot? strange
      $errors[] = "Suspicious file name or could not determine file extension.";
      break;
    }
    $file_ext = @substr($file_ext, 1); // remove dot

    if (count($exts)) {   
      if (!@in_array($file_ext, $exts)) {
        $errors[] = "Files of this type are not allowed for upload.";
        break;
      }
    }

    $dest_filename = $filename;
    if (RENAME_FILE) {
      $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext;
    }
    $dest_filename = $dest_filename . APPEND_STRING;

    $filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename);

    if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) {
      $errors[] = "File is too big (3).";
      break;
    }

    if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) {
      $errors[] = "Could not upload file (6).";
      break;
    }

    if (DO_LOG) {
      $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD);
      if (!$link) {
        $errors[] = "Could not connect to mysql.";
        break;
      }
      $res = @mysql_select_db(DB_DATABASE, $link);
      if (!$res) {
        $errors[] = "Could not select database.";
        break;
      }
      $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
      $m_size = $filesize;
      $m_fname = mysql_real_escape_string($dest_filename);
      $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')";
      $res = @mysql_query($sql);
      if (!$res) {
        $errors[] = "Could not run query.";
        break;
      }
      @mysql_free_result($res);
      @mysql_close($link);
    } // if (DO_LOG)


    header('Location: ' . SUCCESS_URL);
    die();

    break;

  } // while(true)

  // Errors. Show upload form.
  $message = join('',$errors);
  showUploadForm($message);

}

?>
Link to comment
https://forums.phpfreaks.com/topic/277346-upload-script-help/
Share on other sites
catherinePHP Newbie

catherinePHP

Posted
  • Author
Posted

change

header('Location: ' . SUCCESS_URL);

 to

echo SUCCESS_URL;

 this should output the success_url variable instead of redirecting it.

 

Thank you that helped! It works properly but it doesn't give you the correct link. The script is programmed to rename the file after it gets uploaded. your solution outputs the name of the file before it gets renamed. how can I fix this?

Link to comment
https://forums.phpfreaks.com/topic/277346-upload-script-help/#findComment-1426829
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.