• Registered: 2005-03-10
  • Posts: 14

Topic: Trouble adding file upload page

Hello all,

I'm trying to get a file upload script working on my site.  Basically, I've installed the easy smilies mod and want a way for my moderators (friends of mine) to be able to upload files.  I've made it so only moderators and admins can see the link, but it takes them to an ugly page.  What I'm wanting is a nice embedded upload script in one of the fancy divs. Trouble is, every time I try to do this, it looks like crunk.  Here's the upload code (obviously borrowed):

<?php
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 200000;
                            
//Allowable file Mime Types. Add more mime types if you want
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png');

//Allowable file ext. names. you may add more extension names.            
$FILE_EXTS  = array('.jpg','.png','.gif'); 

//Allow file delete? no, if only allow upload only
$DELETABLE  = false;                               


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
 *     Setup variables
 ************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "img/smilies/";
$upload_url = $url_dir."/img/smilies/";
$message ="";

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("img/smilies")) {
  if (!mkdir($upload_dir))
      die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
      die ("change permission to 755 failed.");
}

/************************************************************
 *     Process User's Request
 ************************************************************/
if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
  
  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],"files/") === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)=="files/") {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

    $file_type = $_FILES['userfile']['type']; 
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES['userfile']['size'] > $MAX_SIZE) 
     $message = "The file size is over 200k.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES) 
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);
  
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else 
    $message = "Invalid File Specified.";

/************************************************************
 *     List Files
 ************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a>";
      if ($DELETABLE)
        $filelist .= " <a href='?del=$upload_dir$file' title='delete'>x</a>";
      $filelist .= "<sub><small><small><font color=grey>  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."</font></small></small></sub>";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

    $temp_name = $_FILES['userfile']['tmp_name'];
    $file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
    $file_path = $upload_dir.$file_name;

    //File Name Check
  if ( $file_name =="") { 
      $message = "Invalid File Name Specified";
      return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0755))
       $message = "change permission to 755 failed.";
  else
    $message = ($result)?"$file_name uploaded successfully." :
               "Somthing is wrong with uploading a file.";
  return $message;
}

?>

<font color=red><?=$_REQUEST[message]?></font>
   <br>
   Submit a smiley.  Size limit is 200k.  Files must be .gif, .jpg, or .png.  E-mail or post to let me know you upped something and I'll activate it. 
   Name the file the exact same thing you'd like the code to be. Example:  if you want the smiley code to be :fart:, name the file fart.gif.
   <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
     Upload File <input type="file" id="userfile" name="userfile">
     <input type="submit" name="upload" value="Upload">
   </form>
   <a href="http://www.pokerpeeps.net/">Return to the Forum</a>

Something breaks when this happens.  I don't know why.  Can anyone help?

  • Connorhd
  • Connorhd
  • Former PunBB Developer
  • Offline
  • From: Leeds, UK
  • Registered: 2004-06-13
  • Posts: 4,195

Re: Trouble adding file upload page

[moved] not really punbb related, much better in integration

FluxBB.
Connorhd.co.uk.

Connorhd's Website

  • From: UK
  • Registered: 2004-07-24
  • Posts: 97

Re: Trouble adding file upload page

Not the best upload script I've ever seen, but this'll make it fit the punbb theme:

<?php

define('PUN_ROOT', './');
require PUN_ROOT.'include/common.php';

if ($pun_user['g_id'] > PUN_MOD) message($lang_common['No view']);

$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / '.'Upload a smiley';

require PUN_ROOT.'header.php';

//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 200000;
                            
//Allowable file Mime Types. Add more mime types if you want
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
                   ,'image/png');

//Allowable file ext. names. you may add more extension names.            
$FILE_EXTS  = array('.jpg','.png','.gif'); 

//Allow file delete? no, if only allow upload only
$DELETABLE  = false;                               


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
 *     Setup variables
 ************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "img/smilies/";
$upload_url = $url_dir."/img/smilies/";
$message ="";

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("img/smilies")) {
  if (!mkdir($upload_dir))
      die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
      die ("change permission to 755 failed.");
}

/************************************************************
 *     Process User's Request
 ************************************************************/
if (isset($_FILES['userfile'])) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

    $file_type = $_FILES['userfile']['type']; 
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES['userfile']['size'] > $MAX_SIZE) 
     $message = "The file size is over 200k.";
  //File Type/Extension Check
  else if (!in_array($file_type, $FILE_MIMES) 
          && !in_array($file_ext, $FILE_EXTS) )
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);

}

function do_upload($upload_dir, $upload_url) {
    $message = 'File uploaded successfully';
    $temp_name = $_FILES['userfile']['tmp_name'];
    $file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
    $file_path = $upload_dir.$file_name;

    //File Name Check
  if ( $file_name =="") { 
      $message = "Invalid File Name Specified";
      return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0755))
       $message = "change permission to 755 failed.";
  else
    $message = ($result)?"$file_name uploaded successfully." :
               "Somthing is wrong with uploading a file.";
  return $message;
}

?>
<div class="blockform">
    <h2><span>Upload</span></h2>
    <div class="box">
        <form action=<?= $url_this ?> name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
            <div class="inform">
                <fieldset>
                    <legend>Upload a smiley</legend>
                    <div class="infldset">
                        <input type="hidden" name="saction" value="search" />
                        <label class="conl">Upload file<br /><input type="file" id="userfile" name="userfile"><br /></label>
                        <p class="clearb">Size limit is 200k.  Files must be .gif, .jpg, or .png.  E-mail or post to let me know you upped something and I'll activate it. 
   Name the file the exact same thing you'd like the code to be. Example:  if you want the smiley code to be :fart:, name the file fart.gif.</p>
                        <p><font color="red"><?=$message?></font></p>
                    </div>
                </fieldset>
                <p><input type="submit" name="upload" value="Upload"/></p>
                <p><a href="http://www.pokerpeeps.net/">Return to the Forum</a></p>
            </div>
        </form>
    </div>
</div>
<?php

require PUN_ROOT.'footer.php';

Nibbler(cpg)'s Website

4 Reply by hypnotoad (edited by hypnotoad 2005-05-26 20:28)

  • Registered: 2005-03-10
  • Posts: 14

Re: Trouble adding file upload page

Do you know of a better one out there?  It doesn't have to be fancy or anything...it just needs to work.

Thanks for the code.

Edit:  works great.  If there's a cleaner, more secure method of file upload out there please let me know.  I see what you did to make this happen, so I think i can reproduce it.  smile  Thanks again.