Page 1 of 1

Need some help with this upload script

Posted: Sat Dec 20, 2008 9:36 am
by JKM
The upload_form.php:

Code: Select all

<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
    <table style="width: 100%">
        <tr>
            <td><strong>Date:</strong></td>
            <td><input type="text" name="date" value="<?php echo date("d.m-y"); ?>" /></td>
        </tr>
        <tr>
            <td><strong>Username:</strong></td>
            <td><input type="text" name="nick" /></td>
        </tr>
        <tr>
            <td><strong>Moderator:</strong></td>
            <td><select style="width: 145px;" name="mod">
                <option value="mod1">mod1</option>
                <option value="mod2">mod2</option>
                <option value="mod3">mod3</option>
            </select></td>
        </tr>
        <tr>
            <td><strong>USER_ID:</strong></td>
            <td><input type="text" name="userid" /></td>
        </tr>
        <tr>
            <td><strong>Reason:</strong></td>
            <td><input type="text" name="reason" /></td>
        <tr>
            <td><strong>Select file:</strong></td>
            <td><input name="fil" type="file" /></td>
        </tr>
        <tr>
            <td><br /><input class="uload" type="submit" value="UPLOAD" /></td>
        </tr>
    </table>
</form>
</body>
upload.php:

Code: Select all

<body>
<h2>Checking demo...</h2>
<?php 
// Choose the upload directory
$dir = '/files/';
 
ini_set("max_execution_time",2000);
 
// Removes ":" from the USER_ID.
$userid = str_replace(':', '-', $_POST['userid']);
 
// Changes the filename
$filename = $_POST['mod']'_'.$userid.'_'.date('dmy');
 
$file = $dir.basename($_FILES['file']['name']);
 
// Checks if the file is either .rar, .zip or .exe
$extension = explode('.',$_FILES['file']['name']);
$extension = $extension[count($extension)-1];
if(!preg_match('/^(rar|zip|exe)$/',$extension)) {
    die("<p>The file type '".$extension."' isn't allowed - upload as either 'rar', 'zip' or 'exe'!</p>");
}
 
// tar.gzips the file if it's an executable file
if($extension == 'exe') {
    exec("tar -cf ".$filename.".tar ".$file."; gzip $".$filename.".tar; rm -f ".$file."");
}
 
// Moves and uploads the file
if($_FILES['file']['name']) {
    if(move_uploaded_file($_FILES['file']['tmp_name'], $dir . $filename)) {
        echo "<p>File was uploaded as '<a href=\"../demo/".$filename."\">".$filename."</a>'</p>";
    $file = $_FILES['file']['name'];
    }
    else {
        die("<p>".$_FILES['file']['name']." Failed..</p>");
    }
}
mysql_connect('xx','xx','xxx') or die("mysql error");
mysql_select_db("xx") or die("mysql error");
mysql_query("INSERT INTO upload (id, nick, userid, reason, mod, date, ip, file) VALUES ('','$_POST[nick]','$_POST[userid]','$_POST[reason]','$_POST[mod]','$_POST[date]','$_SERVER[REMOTE_ADDR]','$filename')");
?>
<p>Done.</p>
<p><a href="javascript&#058;history.back()">Back</a></p>
</body>
1) I'm getting this error message: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/public_html/upload.php on line 13.
Which is

Code: Select all

$filename = ''.$_POST['mod']'_'.$userid.'_'.date('dmy');
2) I've got this feeling for that something is wrong with $filename (and the tar.gz) - I think it would get the filename "$_POST['mod']'_'.$userid.'_'.date('dmy').exe.tar.gz" So how can I remove the .exe? :)

Re: Need some help with this upload script

Posted: Sat Dec 20, 2008 11:20 am
by mmj

Code: Select all

$filename = $_POST['mod'].'_'.$userid.'_'.date('dmy');

Re: Need some help with this upload script

Posted: Sat Dec 20, 2008 12:26 pm
by JKM
Thanks!

I'm just getting "Failed". Any tips? :)

Re: Need some help with this upload script

Posted: Sat Dec 20, 2008 2:16 pm
by mmj
Try removing one of the dots from $dir.

Re: Need some help with this upload script

Posted: Sat Dec 20, 2008 2:23 pm
by JKM
Then it would echo a php error.

Any other tips? :)

Re: Need some help with this upload script

Posted: Sun Dec 21, 2008 4:14 am
by mmj
?