1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Multiple File Upload in PHP

Discussion in 'PHP' started by naimish, Jul 22, 2009.

  1. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    Hi, I have below code in my website where user will upload two files.

    multiple_upload.php

    Code:
     
    <?php
    //set where you want to store files
    //in this example we keep file in folder upload 
    //$HTTP_POST_FILES['ufile']['name']; = upload file name
    //for example upload file name cartoon.gif . $path will be upload/cartoon.gif
    $path1= "upload/".$HTTP_POST_FILES['ufile']['name'][0];
    $path2= "upload/".$HTTP_POST_FILES['ufile']['name'][1];
    //copy file to where you want to store file
    copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1);
    copy($HTTP_POST_FILES['ufile']['tmp_name'][1], $path2);
    //$HTTP_POST_FILES['ufile']['name'] = file name
    //$HTTP_POST_FILES['ufile']['size'] = file size
    //$HTTP_POST_FILES['ufile']['type'] = type of file
    ///////////////////////////////////////////////////////
    $filesize1=$HTTP_POST_FILES['ufile']['size'][0];
    $filesize2=$HTTP_POST_FILES['ufile']['size'][1];
    if($filesize1 && $filesize2!= 0) 
    {
    echo "Thank you, The file(s) has been successfully uploaded.";
    }
    else {
    echo "ERROR : ";
    }
    //////////////////////////////////////////////
    // What files that have a problem? (if found)
    if($filesize1==0) {
    echo "There're something error in your first file";
    echo "<BR />";
    }
    if($filesize2==0) {
    echo "There're something error in your second file";
    echo "<BR />";
    }
    ?>
     
    
    MyUpload.php

    Code:
     
    <html>
    <title>Upload Two Files</title>
    <table width="500" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
    <tr>
    <form action="multiple_upload.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
    <td>
    <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
    <tr>
    <td><strong>Upload Resume :</strong> *.doc, *.rtf, *.pdf files only<br /></td>
    </tr>
    <tr>
    <td>Select file 
    <input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
    </tr>
    <td><strong>Upload Other Information :</strong>*.doc, *.rtf, *.pdf files only</td>
    <tr>
    <td>Select file
    <input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
    </tr>
    <tr>
    <td align="center"><input type="submit" name="Submit" value="Upload Data" /></td>
    </tr><br />
    </table>
    </td>
    </form>
    </tr>
    </table>
    </html>
     
    
    Currently, If user is uploading only 1 file, it will give an error there There're something error in your second file.

    But what I want is, User will have to upload two files.

    What Code changes should be made so that user will have to upload two files, and if user doesn't provide the path for another file, no file will be get upload.
     
  2. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    Re: File Upload

    Also If we can embeed the code to restrict user to only upload *.doc, *.rtf, *.pdf files only :)
     
  3. pradeep

    pradeep Team Leader

    Joined:
    Apr 4, 2005
    Messages:
    1,646
    Likes Received:
    86
    Trophy Points:
    0
    Occupation:
    Programmer
    Location:
    Kolkata, India
    Home Page:
  4. Hex00010

    Hex00010 New Member

    Joined:
    Jul 21, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    This script is vulnerable it does not sanatize what file types can be upload all it says is text that states only so and so can be uploaded.


    But in the php script it does not clarify it


    If people use this script then 10/10 they will get hacked allowing hackers to upload shell botnet.txt files or whatever they so choose until the owner of this script or someone else fixes these errors i highly reccomend no one to use this script for the safty of your site
     
  5. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,292
    Likes Received:
    365
    Trophy Points:
    83
    He is probably developing it and looking for some error correction.
     
  6. Hex00010

    Hex00010 New Member

    Joined:
    Jul 21, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    heheehhe well there is your first error to block file type extensions :)
     
  7. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    I am not facing anykind of errors, I just want an improvement.

    I didn't post this code as an article, so that is obivous.

    I am learning PHP now a days, and implementing it on my demo website :D

    And that's what I have requested to help :)
     
  8. Hex00010

    Hex00010 New Member

    Joined:
    Jul 21, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    Well mate seeing your new to php i reccomend you to learn the vulnerability of what is inside of php

    just a note to help you a long never use

    Code:
    include();
    
    functions :) also be sure to study up on how c99shell are uploaded through php systems.

    The most common is from file uploads. Also be sure to secure the script from sql injection a tes perhaps? when ur ready for a demo and if the url has a index.php?something=1 or something near it add a ' at the end of it if a mysql error pops up then it is vulnerable to sql injection also be sure to make it not vulneralbe to blind sql injection


    Take a look at this script and implement it into yours

    http://www.willmaster.com/blog/javascript/prevent-upload-illegal-file-extensions.php
     
    Last edited: Jul 23, 2009
  9. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    The main thing is that I am not using my own domain, I am using free domains only ;)
     
  10. Hex00010

    Hex00010 New Member

    Joined:
    Jul 21, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    What does that have to do with anything? regarding this?
     
  11. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    Using script or Database is restricted :(
     
  12. Hex00010

    Hex00010 New Member

    Joined:
    Jul 21, 2009
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    0
    Thats gay i reccomend u find a host that allows it
     
  13. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    Yeah, I found one of them, but it only provides php and not database :( so looking for a new one as right now I can't affort to get one own domain ;)
     
  14. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    Hello everyone, can anyone please help me with this ? :( I am still not able to solve this.

    I have done below changes, but not worth, it's not working :(

    Code:
    
    if($path1 == "" || $path2 == "")
    {
         echo "Please select two files.";
    }
    else
    {
      if($filesize1!=0 && $filesize2 != 0) 
      {
         echo "Thank you, The file(s) has been successfully uploaded.";
      }
      else
      {
         echo "ERROR : ";
      }
    }
    
    
    
     
  15. LenoxFinlay

    LenoxFinlay Banned

    Joined:
    Apr 15, 2009
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    0
    PHP Uploading: I want to creat a multiple file upload that lets a user upload multiple files using a single...
     
  16. naimish

    naimish New Member

    Joined:
    Jun 29, 2009
    Messages:
    1,046
    Likes Received:
    18
    Trophy Points:
    0
    Occupation:
    Software Engineer
    Location:
    On Earth
    What's the meaning of posting Subject and content ??
     

Share This Page