I have a charity website where people can upload files
I need to disable people from uploading 'php' files because a simple hacker did this to my site and it was shut down
I am not a good php developer and I used this open source code
Please could anyone help update this function with a barr on php files?
Much appreciated
Alex Newbound (a.k.a. Loop Hole)
if($allowuploads && $_FILES['file']) {
$upload = true;
if(!$overwrite) {
if(file_exists($leadon.$_FILES['file']['name'])) {
$upload = false;
}
}
if($upload) {
move_uploaded_file($_FILES['file']['tmp_name'], $leadon . $_FILES['file']['name']);
}
}
Uploading Script
Moderator: General Moderators
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: Uploading Script
File uploads
Have a look at these url's for more insight into file uploading security
Have a look at these url's for more insight into file uploading security
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering