PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
LiveFree
Forum Contributor
Posts: 258 Joined: Tue Dec 06, 2005 5:34 pm
Location: W-Town
Post
by LiveFree » Sun Feb 05, 2006 6:59 pm
Code: Select all
<?php
#### Generated by Module Creator - By Disipal site (http://www.disipal.net) ####
if (!eregi("modules.php", $PHP_SELF)) {
die ("You can't access this file directly...");
}
require_once("mainfile.php");
$module_name = basename(dirname(__FILE__));
include("header.php");
$index = 0;
OpenTable();
/*
File: upload.php
Path: modules/Uploads/
*/
// Uploads a file
if (isset($_POST['submit'])){
$uploaddir = 'videos/';
$uploadfile = $uploaddir.$_FILES['userfile']['name'];
$name=$_FILES['userfile']['name'];
if (empty($_POST['desc'])){
echo "Please enter in a short description!<br />";
}else{
$desc=$_POST['desc'];
}
if (empty($_POST['author'])){
echo "Please enter in your name!<br />";
}else{
$author=$_POST['author'];
}
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile) || pregi_match('.w3g',$name)) {
$cat=$_POST['id'];
$query="INSERT INTO uploads (filename,desc,cat) VALUES ('$name','$desc','$cat')";
//echo $query;
$sql=mysql_query($query) OR DIE (mysql_error());
echo "File Upload Completed!";
} else {
echo "Possible file upload attack!\n";
}
}else{
echo '<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="modules.php?name=Upload&file=upload" method="POST">
<!-- MAX_FILE_SIZE must precede the file input field -->
<input type="hidden" name="MAX_FILE_SIZE" value="30000" />
<!-- Name of input element determines name in $_FILES array -->
<b>Send this file: </b><input name="userfile" type="file" /><br />
<b>Desciption:</b><input type="text" name="desc"><br />
<b>Added By:</b><input type="text" name="author"><br />
<b>Catagory</b><select name="id"><option value="1">Replays</option><option value="2">1v1</option><option value="3">2v2</option><option value="4">3v3</option><option value="5">4v4</option></select><br>
<input type="submit" value="Send File" name="submit"/>
<input type="hidden" name="name" value="Upload" />
<input type="hidden" name="file" value="upload" />
</form>';
}
CloseTable();
include('footer.php');
?>
When we try to upload a .w3g file, it triggers the error
Thanks, and like I said to Sami, I am gonna donate $5-10 to PHPDN for all your help
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Sun Feb 05, 2006 7:22 pm
Tucker wrote: Code: Select all
<?php
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile) || pregi_match('.w3g',$name))
?>
There is no such function: pregi_match (afaik).
You probably want eregi or preg_match...
Anway, you probably want both conditions to be fullfilled (upload file copy-saved somewhere AND the last part of the name is .w3g) and in that case you should use && instead of ||
LiveFree
Forum Contributor
Posts: 258 Joined: Tue Dec 06, 2005 5:34 pm
Location: W-Town
Post
by LiveFree » Sun Feb 05, 2006 7:34 pm
Nope that didnt work
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Feb 05, 2006 7:40 pm
swap the order of the preg_match() call and move_uploaded_file() call. Ignoring your invalid pattern syntax for preg_match(), if I uploaded a file with w3g anywhere in the name (as long as it was provided it wasn't the first substring) your insertion code would run.
LiveFree
Forum Contributor
Posts: 258 Joined: Tue Dec 06, 2005 5:34 pm
Location: W-Town
Post
by LiveFree » Sun Feb 05, 2006 7:55 pm
Code: Select all
if (preg_match('.w3g',$name) && move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
$cat=$_POST['id'];
$query="INSERT INTO uploads (filename,desc,cat) VALUES ('$name','$desc','$cat')";
//echo $query;
$sql=mysql_query($query) OR DIE (mysql_error());
echo "File Upload Completed!";
} else {
echo "Possible file upload attack!\n";
}
Still doesnt work
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Sun Feb 05, 2006 8:02 pm
as I hinted at before, you have issues with your regex pattern syntax. You may want to visit the regex board on this server..