| View previous topic :: View next topic |
| Author |
Message |
Eraser Grandmaster Cheater
Reputation: 0
Joined: 23 Jul 2008 Posts: 504 Location: http://www.youtube.com/PCtrainers
|
Posted: Sat Mar 28, 2009 10:37 am Post subject: How to add specific allowed extensions to upload script? |
|
|
This is my upload script that lets you to upload files to my webpage. It uses no mysql and i wonder how to add specific extensions to the list? I know someone gave me a code, but i didn't knew where to put it, so could anyone edit this script with the extensions (yes, i will later add more of them by myself)
| Code: | <?php
session_start();
if(!isset($_POST['upload'])) {
echo '
<div align="center">
<form name="upload" enctype="multipart/form-data" method="POST" action="'.$_SERVER['REQUEST_URI'].'">
<input type="file" name="file" size="13" value="">
<br /><input type="submit" name="upload" value="Upload">
</form>
<b>Max file size - 500MB. Any file format is supported.</b>
';
} else {
$yourdomain = 'http://www.thps-mods.com/';
$uploaddir = 'uploads/';
$filename = $_FILES['file']['name'];
$filesize = $_FILES['file']['size'];
$tmpname_file = $_FILES['file']['tmp_name'];
$date_file = date(imdy);
if($filesize > '590000000') {
echo "File was larger than 500MB.";
} else {
move_uploaded_file($tmpname_file, "$uploaddir$date_file$filename");
echo "Success!<br /><b></b><textarea rows='1' cols='80'>".$yourdomain.$uploaddir.$date_file.$filename."</textarea>";
}
}
?>
<title>Upload</title>
</div> |
i was given this code some days ago from someone, but i donno where to add it in my script :/
| Code: | $ext1='php'; //To test
$ext1='png';
$ext1='ico';
$good=FALSE;
$disallow=Array('php', 'pl', 'exe', 'rar');
$allow=Array('png', 'gif', 'jpg', 'jpeg');
for ($i=0;$i<Count($disallow);$i++) { //Blacklist example
if ($ext1==$disallow[$i]) { die('File type not allowed.'); } //Or set $good to FALSE.
}
for ($i=0;$i<Count($allow);$i++) { //Whitelist example
if ($ext1==$allow[$i]) { $good=TRUE; }
}
if ($good) {
//Main upload script here
} else {
//Unknown file, do not upload
} |
|
|
| Back to top |
|
 |
iNoobHacker Advanced Cheater
Reputation: 0
Joined: 05 Nov 2006 Posts: 99
|
Posted: Sat Mar 28, 2009 12:27 pm Post subject: |
|
|
Why are you using a "disallowed extensions list", if the extension was not found in the allowed extensions list just return false, else upload it.
_________________
"Two things are infinite: the universe and human stupidity, but I'm still not sure about the first one." |
|
| Back to top |
|
 |
92Garfield I'm a spammer
Reputation: 57
Joined: 20 Dec 2007 Posts: 5871 Location: Banana Republic Germany
|
Posted: Sat Mar 28, 2009 3:24 pm Post subject: |
|
|
| Code: |
function ($uploadname) {
for ($count = 0; $count <= 2; $count++) {
if ($uploadname != ereg_replace($allowedExt($count), "", $uploadname) {
return true;
break;
} else {
return false;
break;
}}} |
returns false when its not an allowed extension
returns true when its allowed extension
just make it in an array called allowedExt
_________________
|
|
| Back to top |
|
 |
Eraser Grandmaster Cheater
Reputation: 0
Joined: 23 Jul 2008 Posts: 504 Location: http://www.youtube.com/PCtrainers
|
Posted: Sun Mar 29, 2009 1:48 am Post subject: |
|
|
| Where to put this code you gave me?
|
|
| Back to top |
|
 |
Reak I post too much
Reputation: 0
Joined: 15 May 2007 Posts: 3496
|
Posted: Sun Mar 29, 2009 5:50 am Post subject: |
|
|
| Code: | <html>
<head>
<title>Upload</title>
</head>
<body>
<div align="center">
<?php
if(isset($_POST['upload'])) {
$allowed_filetypes = array("image/png", "image/jpeg"); // Add filetypes here, to get them do echo $filetype ($_FILES['file']['type'];)
$yourdomain = 'http://www.thps-mods.com/';
$uploaddir = 'uploads/';
$err = false;
$max_filesize = 524288000; // 500mb
$filename = $_FILES['file']['name'];
$filesize = $_FILES['file']['size'];
$filetype = $_FILES['file']['type'];
// echo $filetype."<br>"; to get file-type
$tmpname_file = $_FILES['file']['tmp_name'];
$date_file = date(imdy);
if($filesize > $max_filesize)
{
$err = true;
echo "File was larger than 500MB.";
}
if(!in_array($filetype, $allowed_filetypes))
{
$err = true;
echo "Filetype is not allowed.";
}
if(!$err)
{
move_uploaded_file($tmpname_file, "$uploaddir$date_file$filename");
echo "Success!<br /><b></b><textarea rows='1' cols='80'>".$yourdomain.$uploaddir.$date_file.$filename."</textarea>";
}
}
if(!isset($_POST['upload']) || $err == true)
{
?>
<form name="upload" enctype="multipart/form-data" method="POST">
<input type="file" name="file" size="13" value="">
<br /><input type="submit" name="upload" value="Upload">
</form>
<b>Max file size - 500MB. Any file format is supported.</b>
<?php
}
?>
</div>
</body>
</html> |
|
|
| Back to top |
|
 |
Eraser Grandmaster Cheater
Reputation: 0
Joined: 23 Jul 2008 Posts: 504 Location: http://www.youtube.com/PCtrainers
|
Posted: Sun Mar 29, 2009 6:16 am Post subject: |
|
|
OMg thnx Reak it works just as i wanted!
 
|
|
| Back to top |
|
 |
|