darox Posted July 21, 2014 Share Posted July 21, 2014 (edited) Hi guys, so i have this file upload script. When i upload a file it gets stored in /uploads and keeps the same file name. So if i upload a file "test.exe" the file will be available at uploads/test.exe What i want is that it generates a new file name like: "9daln292os.exe" so upload/9daln292os.exe This is my code: <?php // Where the file is going to be placed $target_path = "uploads/"; /* Add the original filename to our target path. Result is "uploads/filename.extension" */ $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; ?> <?php $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); if (!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS) ) $message = "Sorry, $file_name($file_type) is not allowed to be uploaded."; else $message = do_upload_function_here($upload_path_here, $upload_ur_upload_url_herel); ?> <?php $target_path = "uploads/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded. Here is the link to your file: <a href=uploads/". basename( $_FILES['uploadedfile']['name']). ">". basename( $_FILES['uploadedfile']['name'])."</a>"; } else{ echo "There was an error uploading the file, please try again!"; } ?> I don't know any basic php i really need someone to give me the code ready please. Thanks much appreciated. Edited July 21, 2014 by darox Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/ Share on other sites More sharing options...
Ch0cu3r Posted July 21, 2014 Share Posted July 21, 2014 don't know any basic php i really need someone to give me the code ready please. That is not the sort of community we are. If you want someone to do the necessary edits then post in the freelance forum 2 Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485854 Share on other sites More sharing options...
TrickyInt Posted July 22, 2014 Share Posted July 22, 2014 I don't know any basic php i really need someone to give me the code ready please. Thanks much appreciated. Then go ahead and learn it. You will have a hard time finding someone willing to program for you without paying. Besides, it's great to know a programming language - and also fun and interesting to learn. Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485899 Share on other sites More sharing options...
ginerjm Posted July 22, 2014 Share Posted July 22, 2014 So you are not a programmer yet you "have" this script. It allows one to upload any type of file? Really? Are you concerned about what files may be uploaded by this script? Is the 'uploads' folder outside of your web tree (if you know what that means)? Have you analyzed the risks that this script may be creating for you? So many things that could go wrong that a programmer would understand and ensure (hopefully) against. Perhaps you should decide if you want this or if you want someone else to do it for you since you obviously have a website that could be at great risk here. Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485913 Share on other sites More sharing options...
quasiman Posted July 23, 2014 Share Posted July 23, 2014 I have to agree with the comments above. They're a bit harsh, but really this is for your own good. You need to know what's going on - instead of just putting the ability to upload anything out there. Here's a few good places to start: http://www.w3schools.com/php/php_file_upload.asp http://www.tizag.com/phpT/fileupload.php http://webcheatsheet.com/php/file_upload.php Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485977 Share on other sites More sharing options...
Jacques1 Posted July 23, 2014 Share Posted July 23, 2014 Here's a few good places to start: C'mon. Have you even read those? Do you not know that w3schools in particular is one of the worst resources on the Internet? They are not associated with the W3C in any way. It's a private company which does nothing but fool users, spread bullshit and sell useless “certificates”. In fact, every single one of the above three “tutorials” is dangerously wrong and makes both the application and the server itself wide open to code injection attacks. At best, those are examples of what you should not do when you implement an upload. 1 Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485980 Share on other sites More sharing options...
darox Posted July 24, 2014 Author Share Posted July 24, 2014 So you are not a programmer yet you "have" this script. It allows one to upload any type of file? Really? Are you concerned about what files may be uploaded by this script? Is the 'uploads' folder outside of your web tree (if you know what that means)? Have you analyzed the risks that this script may be creating for you? So many things that could go wrong that a programmer would understand and ensure (hopefully) against. Perhaps you should decide if you want this or if you want someone else to do it for you since you obviously have a website that could be at great risk here. Sorry sounding lazy guys, I want to learn. I actually do want to learn php but i'm learning vb.net right now and i just want to add this to my website. I don't mind if people upload .exe viruses, i mean i know the consequences but that's not a problem. I also know that hackers can upload malicious php scripts. I actually asked a mate about this and he said that all i need to do is not let them execute the scripts by changing the permissions to 644. http://i.gyazo.com/cf449615daf5c290de2d28104a2de0d3.png Is there anything else i should be aware of? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486051 Share on other sites More sharing options...
ginerjm Posted July 24, 2014 Share Posted July 24, 2014 If you can sit there and write words like your above post I have no interest in helping you learn to develop code. I don't mind if people upload .exe viruses, i mean i know the consequences but that's not a problem. I also know that hackers can upload malicious php scripts This has to be the absolute stupidest thing I have every heard from someone involved in IT (notice I didn't say 'programmer' since you aren't). Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486058 Share on other sites More sharing options...
Jacques1 Posted July 24, 2014 Share Posted July 24, 2014 Besides that: I actually asked a mate about this and he said that all i need to do is not let them execute the scripts by changing the permissions to 644. http://i.gyazo.com/cf449615daf5c290de2d28104a2de0d3.png This is complete bollocks. The execute privilege has abolutely nothing to do with script execution as it's done by a webserver. The webserver only reads the file and passes the content to the PHP interpreter. You also need to worry about client-side scripts. If people use your upload feature to attack your users, that's just as bad as an attack against the server. But if you don't give a shit, then I don't give a shit explaining this. Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486062 Share on other sites More sharing options...
darox Posted July 28, 2014 Author Share Posted July 28, 2014 Such a helpfull forum this is. Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486309 Share on other sites More sharing options...
davidannis Posted July 28, 2014 Share Posted July 28, 2014 Such a helpfull forum this is. People don't want to code for you. If you make an attempt and have specific problems they will help. While not every question I have asked has been answered, I've received a great deal of assistance here. Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486314 Share on other sites More sharing options...
ginerjm Posted July 28, 2014 Share Posted July 28, 2014 We could help you jump off a bridge as well. Would you like that? Your ideas are completely mal-formed and your intent is only going to reap havoc for you. No - we won't help you do that to yourself. You are committing technical suicide. Quote Link to comment https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486315 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.