PHP Upload Script

Hello,

I have an upload script on my site which I found on the internet a while back. I'd like to know how to alter it to fix some bugs.

It works with two files, an HTML file with a form, and a php file which the other file posts to. The PHP file is as follows:

<html>
<head>
<title>pheterson.com - upload script</title>
<META HTTP-EQUIV=Refresh CONTENT="5; URL=http://www.pheterson.com/upload/">
</head>
<?
/*upload.php*/
if ($img1_name != "") {

@copy("$img1", "/home/pheterso/www/upload/$img1_name")
or die("No copy!");

} else {

die("No input file!");

}

?>

<b>Your file has been uploaded successfully. Please wait to continue.<br><br>

Or... If you're a lazy ass, <a href="http://www.pheterson.com/upload/">click here</a>.
</html>


The modifications I would like to make to this file are as follows:

1) Not allow index.html, index.htm, index.php to be uploaded.
2) Not allow overwriting of files.



Any help at all is appreciated.


Thanks,
Eric

just before

@copy("$img1", "/home/pheterso/www/upload/$img1_name")
or die("No copy!");

check the file's on the file-extention. If it's 'html','htm','php' or whatever, don't copy it. Else copy the file to your file directory.

[edit]
to make sure you don't override other files, you can add an unique numer to your uploaden file òr you can search for any excisting files and display an error message is the files allready excists.

Thanks!

Um... any clue how to code that?

And... I just don't want files named index to be uploaded, other html files are ok.

haha, okay.....

you can use an array for this...
$deniedFiles = array('index.html','index.php','index.htm');
$deniedExtentions = array('php');

You can use these 2 array's to deny specific files and/or extentions...just put the names in them..

Now use the function 'in_array()' (see also manual reference
If the filename is in the array, it is denied. If not, copy it.
The extention-thing works the same, you just need to extract the extention first....

i'll think you can do the rest yourself.... good luck

Wow.. ok, I'm a n00b at this.

Somebody from another forum gave me this:

if ($img1_name != "") {
if(!(file_exists("/home/pheterso/www/upload/$img1_name"))){
if(!(eregi("index.htm|index.php",$img_1name))){
@copy("$img1", "/home/pheterso/www/upload/$img1_name")
or die("No copy!");
}else{print "no index files!";exit;}
}else{print "file already exists";exit;}
}


now the script does not overwrite files, but the other part doesn't work. I have no clue how to put what you gave me into that.

Sorry if I'm a trouble..

the first part works fine (the check if there's really some thing to upload and the override part).

The next check (index-files and extentions) works like this (i also include the rest of the code):


im not sure 'bout '$img1_name' and '$img1_type'. I don't use them myself, their depricated...

If you're running PHP 4.2.0+ try using the $_FILES array

Thanks!

I'm using the one from the other board now though, hah, he got it done first.

If you're interested, it's as follows. It works perfectly!

hehe, no problem....use all u like...

Sorry not really interrested, i write all my code myself. My own implementation is far more scaleable to

But it's nice if this fits your needs, that's all about...