Support Forums

Full Version: Help Editing PHP upload system
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Hey so basically i downloaded and installed Upload-Point (a php upload system.) i noticed that you can upload any file type i want to stop this and make it only accept .dat files but im crap at php and wouldnt know how to edit it. if you could tell me how or do it for me i will love you for ever... Thanks


LINK TO DL
http://covertheweb.com/upload-point/#downloads
Explode the file name and get the last of the array created:
PHP Code:
$filetype end(explode($_FILES['myfile']['name'], '.')); 
Check the file type:
PHP Code:
if($filetype != 'dat'){
    
//error
} else {
    
//rest of script

That should do it Big Grin
Ummmm what? like i said im crap at php. can you tell me what explode the file name and get the last array created means and how to do it? lol im so lost


EDIT: i found what the upload code is...
Code:
// Upload process.
// Path from domain name to upload directory
$upload_dir = ($_SERVER['DOCUMENT_ROOT'] . "/$fileupload_dir_name/");
$target_path1 = $upload_dir . basename($_FILES['ftp_file']['name'][0]);
$target_path2 = $upload_dir . basename($_FILES['ftp_file']['name'][1]);
$target_path3 = $upload_dir . basename($_FILES['ftp_file']['name'][2]);
$target_path4 = $upload_dir . basename($_FILES['ftp_file']['name'][3]);
$target_path5 = $upload_dir . basename($_FILES['ftp_file']['name'][4]);
if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][0], $target_path1)) {
    chmod($upload_dir . basename( $_FILES['ftp_file']['name'][0]), 0644);
    echo "1";
    echo $p."$l_upload13 ".  basename( $_FILES['ftp_file']['name'][0]). "$p2";
} else {
    echo $p."$l_upload14 ".  basename( $_FILES['ftp_file']['name'][0]). "$p2";
}
if (is_file($_FILES['ftp_file']['tmp_name'][1])) {
    if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][1], $target_path2)) {
        chmod($upload_dir . basename( $_FILES['ftp_file']['name'][1]), 0644);
        echo "2";
        echo $p."$l_upload13 ".  basename( $_FILES['ftp_file']['name'][1]). "$p2";
    } else {
        echo $p."$l_upload14 ".  basename( $_FILES['ftp_file']['name'][1]). "$p2";
    }
}
if (is_file($_FILES['ftp_file']['tmp_name'][2])) {
    if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][2], $target_path3)) {
        chmod($upload_dir . basename( $_FILES['ftp_file']['name'][2]), 0644);
        echo "3";
        echo $p."$l_upload13 ".  basename( $_FILES['ftp_file']['name'][2]). "$p2";
    } else {
        echo $p."$l_upload14 ".  basename( $_FILES['ftp_file']['name'][2]). "$p2";
        }
}
if (is_file($_FILES['ftp_file']['tmp_name'][3])) {
    if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][3], $target_path4)) {
        chmod($upload_dir . basename( $_FILES['ftp_file']['name'][3]), 0644);
        echo "4";
        echo $p."$l_upload13 ".  basename( $_FILES['ftp_file']['name'][3]). "$p2";
    } else {
        echo $p."$l_upload14 ".  basename( $_FILES['ftp_file']['name'][3]). "$p2";
    }
}
if (is_file($_FILES['ftp_file']['tmp_name'][4])) {
    if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][4], $target_path5)) {
        chmod($upload_dir . basename( $_FILES['ftp_file']['name'][4]), 0644);
        echo "5";
        echo $p."$l_upload13 ".  basename( $_FILES['ftp_file']['name'][4]). "$p2";
    } else {
        echo $p."$l_upload14 ".  basename( $_FILES['ftp_file']['name'][4]). "$p2";
    }
}
I suggest you use a more basic example.

/ read up on some php first -_-
Your name says it all lol. i have been "reading up" on some php but i just dont understand it. and it is basic very basic to add a file type filter just i suck crap at php hence me asking for help
PHP Code:
<?php
//define a maxim size for the uploaded virus in Kb
 
define ("MAX_SIZE","100000"); 

//This function reads the extension of the file. It is used to determine if the file  is an virus by checking the extension.
 
function getExtension($str) {
         
$i strrpos($str,".");
         if (!
$i) { return ""; }
         
$l strlen($str) - $i;
         
$ext substr($str,$i+1,$l);
         return 
$ext;
 }

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
//and it will be changed to 1 if an errro occures.  
//If the error occures the file will not be uploaded.
 
$errors=0;
//checks if the form has been submitted
 
if(isset($_POST['Submit'])) 
 {
     
//reads the name of the file the user submitted for uploading
     
$virus=$_FILES['virus']['name'];
     
//if it is not empty
     
if ($virus
     {
     
//get the original name of the file from the clients machine
         
$filename stripslashes($_FILES['virus']['name']);
     
//get the extension of the file in a lower case format
          
$extension getExtension($filename);
         
$extension strtolower($extension);
     
//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
    //otherwise we will do more tests
 
if (($extension != "exe")) 
         {
        
//print error message
             
echo '<h1>File is not a Virus!</h1>';
             
$errors=1;
         }
         else
         {
//get the size of the virus in bytes
 //$_FILES['virus']['tmp_name'] is the temporary filename of the file
 //in which the uploaded file was stored on the server
 
$size=filesize($_FILES['virus']['tmp_name']);

//compare the size with the maxim size we defined and print error if bigger
if ($size MAX_SIZE*1024)
{
    echo 
'<h1>You have exceeded the size limit!</h1>';
    
$errors=1;
}

//we will give an unique name, for example the time in unix time format
$virus_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (virus folder)
$newname="".$virus_name;
//we verify if the virus has been uploaded, and print error instead
$copied copy($_FILES['virus']['tmp_name'], $newname);
echo 
"Your Virus ID: http://directvirus.com/";
echo 
$virus_name;
if (!
$copied
{
    echo 
'<h1>Copy unsuccessfull!</h1>';
    
$errors=1;
}}}}

//If no errors registred, print the success message
 
if(isset($_POST['Submit']) && !$errors
 {
     echo 
"<h1>Your Virus Was Uploaded Successfully!</h1>";
 }

 
?>

 <form name="newad" method="post" enctype="multipart/form-data"  action="">
 <table>
     <tr><td><input type="file" name="virus"></td></tr>
     <tr><td><input name="Submit" type="submit" value="Upload Virus"></td></tr>
 </table>    
 </form> 

I suggest this.
urg thank you but i want to edit the code that is in Upload-point not make a new upload system. (i want this because upload-point looks nice and has a good file browser so after you upload you can see a list of other uploads) im using it for a map uploading thing so other people who play the game can browse the maps and download the one they want. but i dont want it to get fudged by somone uploading a php worm or what ever to my site hence i want it .dat files only
(09-09-2010, 10:09 AM)pers2981 Wrote: [ -> ]urg thank you but i want to edit the code that is in Upload-point not make a new upload system. (i want this because upload-point looks nice and has a good file browser so after you upload you can see a list of other uploads) im using it for a map uploading thing so other people who play the game can browse the maps and download the one they want. but i dont want it to get fudged by somone uploading a php worm or what ever to my site hence i want it .dat files only

It would help if you were to post the code you have
... its several files.. i put link in op
Check the options.php or config.php page (as mentioned on the site) in your browser and see if there are settings there...
Pages: 1 2