Page 1 of 1

Uploading Script

Posted: Sat Sep 10, 2011 6:32 am
by loophole
I have a charity website where people can upload files

I need to disable people from uploading 'php' files because a simple hacker did this to my site and it was shut down

I am not a good php developer and I used this open source code

Please could anyone help update this function with a barr on php files?

Much appreciated

Alex Newbound (a.k.a. Loop Hole)

if($allowuploads && $_FILES['file']) {
$upload = true;
if(!$overwrite) {
if(file_exists($leadon.$_FILES['file']['name'])) {
$upload = false;
}
}

if($upload) {
move_uploaded_file($_FILES['file']['tmp_name'], $leadon . $_FILES['file']['name']);
}
}

Re: Uploading Script

Posted: Mon Sep 12, 2011 2:44 pm
by social_experiment
File uploads
Have a look at these url's for more insight into file uploading security