Multiple File Upload in PHP

naimish's Avatar
Banned
Hi, I have below code in my website where user will upload two files.

multiple_upload.php

Code:
 
<?php
//set where you want to store files
//in this example we keep file in folder upload 
//$HTTP_POST_FILES['ufile']['name']; = upload file name
//for example upload file name cartoon.gif . $path will be upload/cartoon.gif
$path1= "upload/".$HTTP_POST_FILES['ufile']['name'][0];
$path2= "upload/".$HTTP_POST_FILES['ufile']['name'][1];
//copy file to where you want to store file
copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1);
copy($HTTP_POST_FILES['ufile']['tmp_name'][1], $path2);
//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
///////////////////////////////////////////////////////
$filesize1=$HTTP_POST_FILES['ufile']['size'][0];
$filesize2=$HTTP_POST_FILES['ufile']['size'][1];
if($filesize1 && $filesize2!= 0) 
{
echo "Thank you, The file(s) has been successfully uploaded.";
}
else {
echo "ERROR : ";
}
//////////////////////////////////////////////
// What files that have a problem? (if found)
if($filesize1==0) {
echo "There're something error in your first file";
echo "<BR />";
}
if($filesize2==0) {
echo "There're something error in your second file";
echo "<BR />";
}
?>
MyUpload.php

Code:
 
<html>
<title>Upload Two Files</title>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="multiple_upload.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td><strong>Upload Resume :</strong> *.doc, *.rtf, *.pdf files only<br /></td>
</tr>
<tr>
<td>Select file 
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<td><strong>Upload Other Information :</strong>*.doc, *.rtf, *.pdf files only</td>
<tr>
<td>Select file
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<tr>
<td align="center"><input type="submit" name="Submit" value="Upload Data" /></td>
</tr><br />
</table>
</td>
</form>
</tr>
</table>
</html>
Currently, If user is uploading only 1 file, it will give an error there There're something error in your second file.

But what I want is, User will have to upload two files.

What Code changes should be made so that user will have to upload two files, and if user doesn't provide the path for another file, no file will be get upload.
naimish's Avatar
Banned
Also If we can embeed the code to restrict user to only upload *.doc, *.rtf, *.pdf files only
pradeep's Avatar, Join Date: Apr 2005
Team Leader
Check for upload errors http://www.php.net/manual/en/feature...oad.errors.php
Hex00010's Avatar, Join Date: Jul 2009
Go4Expert Member
This script is vulnerable it does not sanatize what file types can be upload all it says is text that states only so and so can be uploaded.


But in the php script it does not clarify it


If people use this script then 10/10 they will get hacked allowing hackers to upload shell botnet.txt files or whatever they so choose until the owner of this script or someone else fixes these errors i highly reccomend no one to use this script for the safty of your site
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Quote:
Originally Posted by Hex00010 View Post
This script is vulnerable it does not sanatize what file types can be upload all it says is text that states only so and so can be uploaded.


But in the php script it does not clarify it


If people use this script then 10/10 they will get hacked allowing hackers to upload shell botnet.txt files or whatever they so choose until the owner of this script or someone else fixes these errors i highly reccomend no one to use this script for the safty of your site
He is probably developing it and looking for some error correction.
Hex00010's Avatar, Join Date: Jul 2009
Go4Expert Member
heheehhe well there is your first error to block file type extensions
naimish's Avatar
Banned
I am not facing anykind of errors, I just want an improvement.

Quote:
i highly reccomend no one to use this script for the safty of your site
I didn't post this code as an article, so that is obivous.

Quote:
He is probably developing it and looking for some error correction
I am learning PHP now a days, and implementing it on my demo website

Quote:
heheehhe well there is your first error to block file type extensions
And that's what I have requested to help
Hex00010's Avatar, Join Date: Jul 2009
Go4Expert Member
Well mate seeing your new to php i reccomend you to learn the vulnerability of what is inside of php

just a note to help you a long never use

Code:
include();
functions also be sure to study up on how c99shell are uploaded through php systems.

The most common is from file uploads. Also be sure to secure the script from sql injection a tes perhaps? when ur ready for a demo and if the url has a index.php?something=1 or something near it add a ' at the end of it if a mysql error pops up then it is vulnerable to sql injection also be sure to make it not vulneralbe to blind sql injection


Take a look at this script and implement it into yours

http://www.willmaster.com/blog/javas...extensions.php

Last edited by Hex00010; 23Jul2009 at 10:23..
naimish's Avatar
Banned
The main thing is that I am not using my own domain, I am using free domains only
Hex00010's Avatar, Join Date: Jul 2009
Go4Expert Member
What does that have to do with anything? regarding this?