Generate new string

[darox]

Hi guys, so i have this file upload script. When i upload a file it gets stored in /uploads and keeps the same file name. So if i upload a file "test.exe" the file will be available at uploads/test.exe

What i want is that it generates a new file name like: "9daln292os.exe" so upload/9daln292os.exe

 

This is my code:

<?php

// Where the file is going to be placed
$target_path = "uploads/";

/* Add the original filename to our target path.
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$_FILES['uploadedfile']['tmp_name'];

?>


<?php


$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if (!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS) )
$message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
else
$message = do_upload_function_here($upload_path_here, $upload_ur_upload_url_herel);
?>
<?php



$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded. Here is the link to your file: <a href=uploads/". basename( $_FILES['uploadedfile']['name']). ">". basename( $_FILES['uploadedfile']['name'])."</a>";

} else{
echo "There was an error uploading the file, please try again!";
}

?>

I don't know any basic php i really need someone to give me the code ready please. Thanks much appreciated.

Edited July 21, 2014 by darox

[Ch0cu3r]

 

 

don't know any basic php i really need someone to give me the code ready please. 

That is not the sort of community we are.

 

If you want someone to do the necessary edits then post in the freelance forum

[TrickyInt]

I don't know any basic php i really need someone to give me the code ready please. Thanks much appreciated.

 

Then go ahead and learn it. You will have a hard time finding someone willing to program for you without paying.

Besides, it's great to know a programming language - and also fun and interesting to learn.

[ginerjm]

So you are not a programmer yet you "have" this script.  It allows one to upload any type of file?  Really?  Are you concerned about what files may be uploaded by this script?  Is the 'uploads' folder outside of your web tree (if you know what that means)?  Have you analyzed the risks that this script may be creating for you? 

 

So many things that could go wrong that a programmer would understand and ensure (hopefully) against.  Perhaps you should decide if you want this or if you want someone else to do it for you since you obviously have a website that could be at great risk here.

[quasiman]

I have to agree with the comments above.  They're a bit harsh, but really this is for your own good.  You need to know what's going on - instead of just putting the ability to upload anything out there.

 

Here's a few good places to start:

1. http://www.w3schools.com/php/php_file_upload.asp
2. http://www.tizag.com/phpT/fileupload.php
3. http://webcheatsheet.com/php/file_upload.php

[Jacques1]

Here's a few good places to start:

 

C'mon. Have you even read those? Do you not know that w3schools in particular is one of the worst resources on the Internet? They are not associated with the W3C in any way. It's a private company which does nothing but fool users, spread bullshit and sell useless “certificates”.

 

In fact, every single one of the above three “tutorials” is dangerously wrong and makes both the application and the server itself wide open to code injection attacks. At best, those are examples of what you should not do when you implement an upload.

[darox]

So you are not a programmer yet you "have" this script.  It allows one to upload any type of file?  Really?  Are you concerned about what files may be uploaded by this script?  Is the 'uploads' folder outside of your web tree (if you know what that means)?  Have you analyzed the risks that this script may be creating for you? 

 

So many things that could go wrong that a programmer would understand and ensure (hopefully) against.  Perhaps you should decide if you want this or if you want someone else to do it for you since you obviously have a website that could be at great risk here.

 

Sorry sounding lazy guys, I want to learn. I actually do want to learn php but i'm learning vb.net right now and i just want to add this to my website. I don't mind if people upload  .exe viruses, i mean i know the consequences but that's not a problem.

I also know that hackers can upload malicious php scripts. I actually asked a mate about this and he said that all i need to do is not let them execute the scripts by changing the permissions to 644. http://i.gyazo.com/cf449615daf5c290de2d28104a2de0d3.png

Is there anything else i should be aware of? Thanks.

[ginerjm]

If you can sit there and write words like your above post I have no interest in helping you learn to develop code.

 

 

I don't mind if people upload  .exe viruses, i mean i know the consequences but that's not a problem.

I also know that hackers can upload malicious php scripts

 

This has to be the absolute stupidest thing I have every heard from someone involved in IT (notice I didn't say 'programmer' since you aren't).

[Jacques1]

Besides that:

 

I actually asked a mate about this and he said that all i need to do is not let them execute the scripts by changing the permissions to 644. http://i.gyazo.com/cf449615daf5c290de2d28104a2de0d3.png

 

This is complete bollocks. The execute privilege has abolutely nothing to do with script execution as it's done by a webserver. The webserver only reads the file and passes the content to the PHP interpreter.

 

You also need to worry about client-side scripts. If people use your upload feature to attack your users, that's just as bad as an attack against the server.

 

But if you don't give a shit, then I don't give a shit explaining this.

[darox]

Such a helpfull forum this is.

[davidannis]

Such a helpfull forum this is.

People don't want to code for you. If you make an attempt and have specific problems they will help. While not every question I have asked has been answered, I've received a great deal of assistance here.

[ginerjm]

We could help you jump off a bridge as well.  Would you like that?  Your ideas are completely mal-formed and your intent is only going to reap havoc for you.  No - we won't help you do that to yourself.  You are committing technical suicide.