http://www.phphq.net :- Copyright (c) 2010 All Rights Reserved :- :- This script is free software; you can redistribute it and/or modify :- it under the terms of the GNU General Public License as published by :- the Free Software Foundation; either version 2 of the License, or :- (at your option) any later version. :- :- This script is distributed in the hope that it will be useful, :- but WITHOUT ANY WARRANTY; without even the implied warranty of :- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the :- GNU General Public License for more details. :- http://www.gnu.org/licenses/gpl.txt :- //================================================================================ * Description //================================================================================ :- phUploader is a script for uploading single or multiple images or files to your website. You can specify your :- own file extensions that are accepted, the file size and naming options. This script was built and tested on :- IIS6/7 and Apache 2+. It's recommended to use php 5.1+ This script is very useful for temporary file :- storage or simple sig and avatar hosting. //================================================================================ * Setup //================================================================================ :- To setup this script, upload phUploader.php to a folder on your server. Create a new folder named uploads :- and chmod it to 777. Edit the variables below to change how the script acts. Please read the notes if you :- don't understand something. //================================================================================ * Change log //================================================================================ :- Version 1.0 :- 1) Initial Release :- Version 1.1 :- 1) Minor bug fixes :- 2) Enabled multiple file uploads :- Version 1.2 :- 1) Added CSS styling :- 2) Removed automatic creation of file upload folder. :- 3) Improved cookie security by hashing password and storing it within the cookie for authentication. :- 4) Minor bug fixes :- Version 1.3 :- 1) Re-write of many core functions to increase security. :- 2) Patched a vulnerability that allowed a remote attacker to upload a file with two extensions and then :- remotely execute the script on a vulnerable web server. :- 3) New feature allows files that pass validation to be uploaded while files that fail validation are not :- uploaded without rejecting to whole group of files. :- 4) Fixed a flaw that allowed files with blank names or un-sanitized names to be uploaded which may :- cause issues for some users. :- 5) Minor bug fixes //================================================================================ * Frequently Asked Questions //================================================================================ :- Q1: I always get an error that the files were not uploaded. IE: GENERAL ERROR :- 1) Make sure you have CHMOD your "uploads" folder to 777 using your FTP client or similar. If you do :- not know how to do this ask your hosting provider. :- 2) Make sure the uploads folder actually exists. This is the second most common mistake aside from :- improper permissions. :- 3) If you are having problems uploading after you have chmod the uploads folder 777, try using the :- full server path in $fullpath below. If you do not know this ask your host. :- 4) Make sure "file_uploads" is set to ON in php.ini :- :- Q2: The page takes long to load and then gives me a page cannot be displayed or a blank page. :- 1) This is usually due to a low value in php.ini for "max_execution_time". :- 2) A newer ini setting "max_file_uploads" in php 5.2.12 was added which may be limiting the number of simultaneous uploads. :- 3) Your "upload_max_filesize" and "post_max_size" in php.ini might be set to low. :- :- Q3: How do I edit the colors of the form? :- 1) You will need to edit the CSS near the bottom of the script to change the looks and colors of the form. :- Check http://www.w3schools.com/css/default.asp for more information on CSS. :- :- Q4: Can I remove your copyright link? :- 1) I can't physically stop you. However, I really appreciate it when people leave it intact. :- Some people donate $5, $10, $20 to take it off. :- :- Q5: You never respond to my emails or to my questions in your forums! :- 1) I'm a very busy guy. I'm out of town a lot, and at any given time I have several projects going on. :- I get a lot of emails about this script, not to mention my other ones. :- 2) I only understand English. If your English is very bad please write in your native language and then :- translate it to English using . :- 3) If you are going to contact me, describe the issue you are having as completly as possible. :- "dude me form don't work see it at blah.com what's wrong??!?!" will get no response, ever. Write :- in detail what the problem is. Spend a minute on it, and maybe I'll take some of my time to reply. :- /* //================================================================================ * ! ATTENTION ! //================================================================================ :- Please read the above FAQ before giving up or emailing me. It may sort out your problems! */ // Max size PER file in KB $max_file_size="4096"; // Max size for all files COMBINED in KB $max_combined_size="8102"; //Maximum file uploades at one time $file_uploads="4"; //The name of your website $websitename="UnPS-GAMA IMGShare Uploader"; // Full browser accessable URL to where files are accessed. With trailing slash. $full_url="http://unps-gama.tk/img/?img="; // Path to store files on your server If this fails use $fullpath below. With trailing slash. $folder="./"; // Use random file names? true=yes (recommended), false=use original file name. // Random names will help prevent files being denied because a file with that name already exists. $random_name=true; // Types of files that are acceptiable for uploading. Keep the array structure. $allow_types=array("jpg","gif","png","bmp","JPEG","JPG","GIF","PNG"); // Only use this variable if you wish to use full server paths. Otherwise leave this empty. With trailing slash. $fullpath="/var/www/img/"; //Use this only if you want to password protect your upload form. $password=""; /* //================================================================================ * ! ATTENTION ! //================================================================================ : Don't edit below this line. */ // Initialize variables $password_hash=md5($password); $error=""; $success=""; $display_message=""; $file_ext=array(); $password_form=""; // Function to get the extension a file. function get_ext($key) { $key=strtolower(substr(strrchr($key, "."), 1)); $key=str_replace("jpeg","jpg",$key); return $key; } // Filename security cleaning. Do not modify. function cln_file_name($string) { $cln_filename_find=array("/\.[^\.]+$/", "/[^\d\w\s-]/", "/\s\s+/", "/[-]+/", "/[_]+/"); $cln_filename_repl=array("", ""," ", "-", "_"); $string=preg_replace($cln_filename_find, $cln_filename_repl, $string); return trim($string); } // If a password is set, they must login to upload files. If($password) { //Verify the credentials. If($_POST['verify_password']==true) { If(md5($_POST['check_password'])==$password_hash) { setcookie("phUploader",$password_hash); sleep(1); //seems to help some people. header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']); exit; } } //Show the authentication form If($_COOKIE['phUploader']!=$password_hash) { $password_form="
\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="
Password Required
Enter Password:
\n"; $password_form.="\n"; $password_form.="\n"; $password_form.="
\n"; $password_form.="
\n"; } } // If Password // Dont allow submit if $password_form has been populated If(($_POST['submit']==true) AND ($password_form=="")) { //Tally the size of all the files uploaded, check if it's over the ammount. If(array_sum($_FILES['file']['size']) > $max_combined_size*1024) { $error.="FAILED: All Files REASON: Combined file size is to large.
"; // Loop though, verify and upload files. } Else { // Loop through all the files. For($i=0; $i <= $file_uploads-1; $i++) { // If a file actually exists in this key If($_FILES['file']['name'][$i]) { //Get the file extension $file_ext[$i]=get_ext($_FILES['file']['name'][$i]); // Randomize file names If($random_name){ $file_name[$i]=time()+rand(0,100000); } Else { $file_name[$i]=cln_file_name($_FILES['file']['name'][$i]); } // Check for blank file name If(str_replace(" ", "", $file_name[$i])=="") { $error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: Blank file name detected.
"; //Check if the file type uploaded is a valid file type. } ElseIf(!in_array($file_ext[$i], $allow_types)) { $error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: Invalide file type.
"; //Check the size of each file } Elseif($_FILES['file']['size'][$i] > ($max_file_size*1024)) { $error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: File to large.
"; // Check if the file already exists on the server.. } Elseif(file_exists($folder.$file_name[$i].".".$file_ext[$i])) { $error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: File already exists.
"; } Else { If(move_uploaded_file($_FILES['file']['tmp_name'][$i],$folder.$file_name[$i].".".$file_ext[$i])) { $success.="SUCCESS: ".$_FILES['file']['name'][$i]."
"; $success.="URL: ".$full_url.$file_name[$i].".".$file_ext[$i]."

"; } Else { $error.="FAILED: ".$_FILES['file']['name'][$i]." REASON: General upload failure.
"; } } } // If Files } // For } // Else Total Size If(($error=="") AND ($success=="")) { $error.="FAILED: No files selected
"; } $display_message=$success.$error; } // $_POST AND !$password_form /* //================================================================================ * Start the form layout //================================================================================ :- Please know what your doing before editing below. Sorry for the stop and start php.. people requested that I use only html for the form.. */ ?> <?php echo $websitename; ?> - Powered By phUploader



Allowed Types:
Max size per file: kb. Max size for all files combined: kb.
Select File: