Post Reply 
Quick Php help
Author Message
Mickey
Down with MJ yo

Posts: 3,663.2843
Threads: 251
Joined: 26th Apr 2008
E-Pigs: 28.7300
Offline
Post: #11
RE: Quick Php help
Finally got it working how i want it :D
Its messy and I'll eventually clean it up but meh
Spoiler:

PHP Code:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="styles.css" type="text/css" rel="stylesheet" />

<title>Upload Image</title>
</head>

<body>
<div id="container">
<div id="header">
<?php
$link = "";
if (isset($_POST['submit'])){ //checks if subimt button has been clicked
				$name = $_FILES['file']['name']; //assigne the file name as a variable
				$up_name = preg_replace('/ /', '_', $name); //removes spaces from file name
				$upload_path = "uploads/" .$up_name; //sets the upload locarion
				$size = $_FILES['file']['size']; //sets file size to variable for checking
				$tmp = $_FILES['file']['tmp_name']; //sets the tmp file to a variable
				$link = "<a href='$upload_path'>Click here to view image.</a>"; //Creates the link to the image
				if ($size < 3145728 && !preg_match('/[!@#$%^&*()]/', $up_name) && preg_match('/([^\s]+(?=\.(jpg|gif|png|jpeg))\.\2)/', $up_name) && preg_match('/^image/', $_FILES['file']['type'])){ //riddiculous checks that took forever to correct
				move_uploaded_file($tmp, $upload_path); //moves tmp file to upload location
						 } else {
							 $error =  "Error, please make sure the file doesn't break any rules."; // if file didnt pass checks
						 }
				} else {
					echo "Select an Image to Upload"; // if submit hasnt been clicked
				}
				
?>
</div>

<div id="rules">
<ul>
<li>Image size must be less than 3 megabytes</li>
<li>Image must be PNG, JPG, JPEG, or GIF.</li>
<li>Image name may only contain A-Z, 1-9, and _.</li>
<li>Spaces and will be replaced with "_"</li>
</ul>
</div>

<div id="uploadForm">
<form action="" method="post" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="3145728" />
<table class="form">
<tr>
<td><label for="file">File: </label></td><td><input type="file" id="file" name="file" /></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Upload File" /></td>
</tr>
</form>
</table>
<p id="link">
<?php if (isset($_POST['submit']) && $size < 3145728 && !preg_match('/[!@#$%^&*()]/', $up_name) && preg_match('/([^\s]+(?=\.(jpg|gif|png|jpeg))\.\2)/', $up_name) && preg_match('/^image/', $_FILES['file']['type'])) { //again long checks
echo $link ."<br />"; //echos the link to image
echo "BBCode: <input type='text' onClick='javascript:select()' name='bb' size='40'  value='[img]http://mickeys-home.com/{$upload_path}[/img]'/><br />"; //makes the textbox with the bbcode code
} else {
	echo $error; //displays an error if the checks weren't passed
}
?>
</p>
</div>
</div>
</div>
</body>
</html>


[Image: MiCk3Y.jpg]

[Image: battle.png]

Spoiler for link:
(This post was last modified: 29/05/2009 12:21 PM by Mickey.)
29/05/2009 06:25 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA
Smart Alternative

Posts: 17,023.4213
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.0333
Offline
Post: #12
RE: Quick Php help
Unless keeping the original filename is important, I'd probably rename the file rather than filter it.  Or if you must filter, use a "whitelist" (list of allowed chars) as opposed to a "blacklist" (list of eXx1l3d chars).
Your script is vulnerable to a "null byte" attack (using my suggestions would fix it).
(This post was last modified: 29/05/2009 06:37 AM by ZiNgA BuRgA.)
29/05/2009 06:37 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Mickey
Down with MJ yo

Posts: 3,663.2843
Threads: 251
Joined: 26th Apr 2008
E-Pigs: 28.7300
Offline
Post: #13
RE: Quick Php help
hmmm, I'll read up on renaming, 6am now so it's nappy time. Thanks zinga :D
by the way this has no real use, I just want to learn more php, so i decided i'd make this to upload images to server instead of using ftp :p

[Image: MiCk3Y.jpg]

[Image: battle.png]

Spoiler for link:
(This post was last modified: 29/05/2009 06:52 AM by Mickey.)
29/05/2009 06:39 AM
Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

 Quick Theme: