Jump to content

Recommended Posts

Hi guys, so i have this file upload script. When i upload a file it gets stored in /uploads and keeps the same file name. So if i upload a file "test.exe" the file will be available at uploads/test.exe

What i want is that it generates a new file name like: "9daln292os.exe" so upload/9daln292os.exe

 

This is my code:

<?php

// Where the file is going to be placed
$target_path = "uploads/";

/* Add the original filename to our target path.
Result is "uploads/filename.extension" */
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$_FILES['uploadedfile']['tmp_name'];

?>


<?php


$file_type = $_FILES['userfile']['type'];
$file_name = $_FILES['userfile']['name'];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

if (!in_array($file_type, $FILE_MIMES) && !in_array($file_ext, $FILE_EXTS) )
$message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
else
$message = do_upload_function_here($upload_path_here, $upload_ur_upload_url_herel);
?>
<?php



$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded. Here is the link to your file: <a href=uploads/". basename( $_FILES['uploadedfile']['name']). ">". basename( $_FILES['uploadedfile']['name'])."</a>";

} else{
echo "There was an error uploading the file, please try again!";
}

?>

I don't know any basic php i really need someone to give me the code ready please. Thanks much appreciated.

Edited by darox
Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/
Share on other sites

I don't know any basic php i really need someone to give me the code ready please. Thanks much appreciated.

 

Then go ahead and learn it. You will have a hard time finding someone willing to program for you without paying.

Besides, it's great to know a programming language - and also fun and interesting to learn. ;)

Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485899
Share on other sites

So you are not a programmer yet you "have" this script.  It allows one to upload any type of file?  Really?  Are you concerned about what files may be uploaded by this script?  Is the 'uploads' folder outside of your web tree (if you know what that means)?  Have you analyzed the risks that this script may be creating for you? 

 

So many things that could go wrong that a programmer would understand and ensure (hopefully) against.  Perhaps you should decide if you want this or if you want someone else to do it for you since you obviously have a website that could be at great risk here.

Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485913
Share on other sites

I have to agree with the comments above.  They're a bit harsh, but really this is for your own good.  You need to know what's going on - instead of just putting the ability to upload anything out there.

 

Here's a few good places to start:

  1. http://www.w3schools.com/php/php_file_upload.asp
  2. http://www.tizag.com/phpT/fileupload.php
  3. http://webcheatsheet.com/php/file_upload.php
Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485977
Share on other sites

Here's a few good places to start:

 

C'mon. Have you even read those? Do you not know that w3schools in particular is one of the worst resources on the Internet? They are not associated with the W3C in any way. It's a private company which does nothing but fool users, spread bullshit and sell useless “certificates”.

 

In fact, every single one of the above three “tutorials” is dangerously wrong and makes both the application and the server itself wide open to code injection attacks. At best, those are examples of what you should not do when you implement an upload.

  • Like 1
Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1485980
Share on other sites

So you are not a programmer yet you "have" this script.  It allows one to upload any type of file?  Really?  Are you concerned about what files may be uploaded by this script?  Is the 'uploads' folder outside of your web tree (if you know what that means)?  Have you analyzed the risks that this script may be creating for you? 

 

So many things that could go wrong that a programmer would understand and ensure (hopefully) against.  Perhaps you should decide if you want this or if you want someone else to do it for you since you obviously have a website that could be at great risk here.

 

Sorry sounding lazy guys, I want to learn. I actually do want to learn php but i'm learning vb.net right now and i just want to add this to my website. I don't mind if people upload  .exe viruses, i mean i know the consequences but that's not a problem.

I also know that hackers can upload malicious php scripts. I actually asked a mate about this and he said that all i need to do is not let them execute the scripts by changing the permissions to 644. http://i.gyazo.com/cf449615daf5c290de2d28104a2de0d3.png

Is there anything else i should be aware of? Thanks.

Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486051
Share on other sites

If you can sit there and write words like your above post I have no interest in helping you learn to develop code.

 

 

I don't mind if people upload  .exe viruses, i mean i know the consequences but that's not a problem.

I also know that hackers can upload malicious php scripts

 

This has to be the absolute stupidest thing I have every heard from someone involved in IT (notice I didn't say 'programmer' since you aren't).

Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486058
Share on other sites

Besides that:

 

I actually asked a mate about this and he said that all i need to do is not let them execute the scripts by changing the permissions to 644. http://i.gyazo.com/cf449615daf5c290de2d28104a2de0d3.png

 

This is complete bollocks. The execute privilege has abolutely nothing to do with script execution as it's done by a webserver. The webserver only reads the file and passes the content to the PHP interpreter.

 

You also need to worry about client-side scripts. If people use your upload feature to attack your users, that's just as bad as an attack against the server.

 

But if you don't give a shit, then I don't give a shit explaining this.

Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486062
Share on other sites

We could help you jump off a bridge as well.  Would you like that?  Your ideas are completely mal-formed and your intent is only going to reap havoc for you.  No - we won't help you do that to yourself.  You are committing technical suicide.

Link to comment
https://forums.phpfreaks.com/topic/290043-generate-new-string/#findComment-1486315
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.