Code: Select all
<body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<table style="width: 100%">
<tr>
<td><strong>Date:</strong></td>
<td><input type="text" name="date" value="<?php echo date("d.m-y"); ?>" /></td>
</tr>
<tr>
<td><strong>Username:</strong></td>
<td><input type="text" name="nick" /></td>
</tr>
<tr>
<td><strong>Moderator:</strong></td>
<td><select style="width: 145px;" name="mod">
<option value="mod1">mod1</option>
<option value="mod2">mod2</option>
<option value="mod3">mod3</option>
</select></td>
</tr>
<tr>
<td><strong>USER_ID:</strong></td>
<td><input type="text" name="userid" /></td>
</tr>
<tr>
<td><strong>Reason:</strong></td>
<td><input type="text" name="reason" /></td>
<tr>
<td><strong>Select file:</strong></td>
<td><input name="fil" type="file" /></td>
</tr>
<tr>
<td><br /><input class="uload" type="submit" value="UPLOAD" /></td>
</tr>
</table>
</form>
</body>Code: Select all
<body>
<h2>Checking demo...</h2>
<?php
// Choose the upload directory
$dir = '/files/';
ini_set("max_execution_time",2000);
// Removes ":" from the USER_ID.
$userid = str_replace(':', '-', $_POST['userid']);
// Changes the filename
$filename = $_POST['mod']'_'.$userid.'_'.date('dmy');
$file = $dir.basename($_FILES['file']['name']);
// Checks if the file is either .rar, .zip or .exe
$extension = explode('.',$_FILES['file']['name']);
$extension = $extension[count($extension)-1];
if(!preg_match('/^(rar|zip|exe)$/',$extension)) {
die("<p>The file type '".$extension."' isn't allowed - upload as either 'rar', 'zip' or 'exe'!</p>");
}
// tar.gzips the file if it's an executable file
if($extension == 'exe') {
exec("tar -cf ".$filename.".tar ".$file."; gzip $".$filename.".tar; rm -f ".$file."");
}
// Moves and uploads the file
if($_FILES['file']['name']) {
if(move_uploaded_file($_FILES['file']['tmp_name'], $dir . $filename)) {
echo "<p>File was uploaded as '<a href=\"../demo/".$filename."\">".$filename."</a>'</p>";
$file = $_FILES['file']['name'];
}
else {
die("<p>".$_FILES['file']['name']." Failed..</p>");
}
}
mysql_connect('xx','xx','xxx') or die("mysql error");
mysql_select_db("xx") or die("mysql error");
mysql_query("INSERT INTO upload (id, nick, userid, reason, mod, date, ip, file) VALUES ('','$_POST[nick]','$_POST[userid]','$_POST[reason]','$_POST[mod]','$_POST[date]','$_SERVER[REMOTE_ADDR]','$filename')");
?>
<p>Done.</p>
<p><a href="javascript:history.back()">Back</a></p>
</body>Which is
Code: Select all
$filename = ''.$_POST['mod']'_'.$userid.'_'.date('dmy');