Uploading a txt file problem (example script)...
Moderator: General Moderators
OK well im not too sure on the results of this but try:
Code: Select all
$file = $_POST['file'];
if(strstr($file,"php"))
{
echo "This file type is not allowed."; //Do not use a variable to hold the error
exit;
}
if ($HTTP_POST_VARS['submit']) {
print_r($HTTP_POST_FILES);
if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
unlink($HTTP_POST_FILES['file']['tmp_name']);
print "File has been successfully uploaded!";
exit;
}
}
}Code: Select all
<?php
include("dbcon/connect_db.inc.php");
$file = $_POST['file'];
if (eregi(".php", $file))
{
echo "This file type is not allowed."; //Do not use a variable to hold the error
exit;
}
if ($HTTP_POST_VARS['submit']) {
print_r($HTTP_POST_FILES);
if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
unlink($HTTP_POST_FILES['file']['tmp_name']);
print "File has been successfully uploaded!";
exit;
}
}
}
?>
<html>
<head></head>
<body>
<form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data">
<?=$error?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>Actually perhaps it may be your script im not sure. I answered a question like this a while back:
viewtopic.php?t=19216&highlight=upload
Have a look!
viewtopic.php?t=19216&highlight=upload
Have a look!
It could be my script, but I dunno. The file is uploaded into my specified folder, the only thing is that .php is considered a text/plain file.
Everything else works perfect.
Also, everything in that link you answered before is completed in my script.
The folder is chmoded, the upload works... the only thing is that it allows .php uploads which is bad for teh h@ckz0rz
Everything else works perfect.
Also, everything in that link you answered before is completed in my script.
The folder is chmoded, the upload works... the only thing is that it allows .php uploads which is bad for teh h@ckz0rz
Bah, it's not working either. It's like it's ignoring what I am telling it to do and just submitting a php file anyways.
Here is my script as of now:
It's just ignoring this or something. It WONT print out the variables of filename and fileext in any case and it just submits it.
I have no idea why this is happening. I just want a script that only uploads a .txt file where I can control the size of what is uploaded.
Maybe an alternative?
Here is my script as of now:
Code: Select all
<?php
include("dbconnection/connect_db.inc.php");
if ($HTTP_POST_VARS['submit']) {
list($filename, $fileext) = split(".", $HTTP_POST_FILES['file']);
print_r($HTTP_POST_FILES);
print_r($fileext);
if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if ($fileext == "php")
{
$error = "This file type is not allowed.";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
unlink($HTTP_POST_FILES['file']['tmp_name']);
print "File has been successfully uploaded!";
print "$filename";
print "$fileext";
exit;
}
}
}
?>
<html>
<head></head>
<body>
<form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data">
<?=$error?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>I have no idea why this is happening. I just want a script that only uploads a .txt file where I can control the size of what is uploaded.
Maybe an alternative?