Code: Select all
print "<table width='$titlewide' $border>";
print "<form enctype='multipart/form-data' action='upload.php?action=upload_send' method='post'>"; //upload_send
print "<input type='hidden' name='MAX_FILE_SIZE' value='943718400'>"; // Limit upload.php will POST is 900-MB but limit upload_send.php will actually send is only 3-MB
print "<tr height='10px'>";
print "<td></td>";
print "<td></td>";
print "</tr>";
print "<tr height='30px'>";
print "<td width='6%'></td>";
print "<td>Click browse to upload a file:</td>";
print "</tr>";
print "<tr height='30px'>";
print "<td></td>";
print "<td><input name='userfile' type='file'></td>";
print "</tr>";
print "<tr height='30px'>";
print "<td></td>";
print "<td><input type='submit' value='Upload'></td>";
print "</tr>";Code: Select all
///////////// Get File Info. \\\\\\\\\\\\\\
$file_name = $_FILES['userfile']['name'];
$file_type = $_FILES['userfile']['type'];
$file_size = $_FILES['userfile']['size'];
///////////// Print File Info. \\\\\\\\\\\\\\
print "<br>File Name: $file_name";
print "<br>File Type: $file_type";
print "<br>File Size: $file_size"." kb";
///////////// Insert File Info. into DB \\\\\\\\\\\\\\
$result = mysql_query("INSERT INTO files (file_name, file_type, file_size, upload_date) VALUES('$file_name', '$file_type', '$file_size', now())")
or die(mysql_error());
// #################################### -- UPLOAD FILE SCRIPT -- #####################################
set_time_limit(90); // Changes FTP time-out limit from 30 seconds to X
print "<table width='$titlewide'>";
print "<tr align='center'>";
print "<td>Uploading File...</td>";
print "</tr>";
IF ( $userfile != "" )
{
IF ( $file_size == 0 )
{ print "<tr><td>Uploaded file has no file size</td></tr>"; }
IF ( $file_size > 3145728 ) // Limit (upload.php?action=upload_send) will POST is 900-MB -but- Limit upload_send.php will only send 3-MB
{ print "<tr><td>Uploaded file is too large must be under 3,145,728 bytes</td></tr>"; }
/*
IF ($userfile_type != "image/pjpeg" OR $userfile_type != "image/gif")
{ print "Your uploaded file must be of JPG or GIF. Other file types are not allowed"; }
IF ( $userfile_type != "text/plain" )
{ print "<tr><td>File is not plain text</td></tr>"; }
*/
IF ( !is_uploaded_file($userfile) )
{ print "<tr><td>Possible file upload attack</td></tr>"; }
$upfile = "/home2/darule/public_html/files/".$userfile_name;
IF ( !copy($userfile, $upfile) )
{
print "<tr><td>Could not move file into directory</td></tr>";
}
ELSE
{
print "<tr><td>File uploaded successfully!</td></tr>";
$fp = fopen($upfile, "r");
$contents = fread ($fp, filesize($upfile));
fclose ($fp);
$contents = strip_tags($contents);
$fp = fopen($upfile, "w");
fwrite($fp, $contents);
fclose($fp);
print "<tr align=\"center\"><td height=\"80px\"><p>Go back to <a href=\"upload.php\">Upload</a> page or go <a href=\"index.php\">Home</a>?</td></tr>";
print "<tr><td><hr></td></tr>";
print "<tr><td><br><b>File Uploaded:</b></td></tr>";
IF ( $contents == "text/plain" )
{
print "<tr><td><p>Contents of File:</td></tr> <tr><td>$contents</td></tr>";
}
ELSE
{
print "<tr><td><p>$userfile_name</td></tr>";
}
}
}
ELSE
{
print "<tr><td>There is no file to upload</td></tr>";
}
print "</table>";
include("nav_bottom.inc");
function is_uploaded_file($filename) {
if ( !$tmp_file = get_cfg_var('upload_tmp_dir')) {
$tmp_file = dirname(tempnam('', ''));
}
$tmp_file .= '/' . basename($filename);
/* User might have trailing slash in php.ini... */
return (ereg_replace('/+', '/', $tmp_file) == $filename);
}Code: Select all
tags instead ofCode: Select all
tags when posting PHP code[/color][/size]