Go4Expert

Go4Expert (http://www.go4expert.com/)
-   PHP (http://www.go4expert.com/forums/php/)
-   -   Multiple File Upload in PHP (http://www.go4expert.com/forums/multiple-file-upload-php-t18651/)

naimish 22Jul2009 13:47

Multiple File Upload in PHP
 
Hi, I have below code in my website where user will upload two files.

multiple_upload.php

Code:


<?php
//set where you want to store files
//in this example we keep file in folder upload
//$HTTP_POST_FILES['ufile']['name']; = upload file name
//for example upload file name cartoon.gif . $path will be upload/cartoon.gif
$path1= "upload/".$HTTP_POST_FILES['ufile']['name'][0];
$path2= "upload/".$HTTP_POST_FILES['ufile']['name'][1];
//copy file to where you want to store file
copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1);
copy($HTTP_POST_FILES['ufile']['tmp_name'][1], $path2);
//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
///////////////////////////////////////////////////////
$filesize1=$HTTP_POST_FILES['ufile']['size'][0];
$filesize2=$HTTP_POST_FILES['ufile']['size'][1];
if($filesize1 && $filesize2!= 0)
{
echo "Thank you, The file(s) has been successfully uploaded.";
}
else {
echo "ERROR : ";
}
//////////////////////////////////////////////
// What files that have a problem? (if found)
if($filesize1==0) {
echo "There're something error in your first file";
echo "<BR />";
}
if($filesize2==0) {
echo "There're something error in your second file";
echo "<BR />";
}
?>

MyUpload.php

Code:


<html>
<title>Upload Two Files</title>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="multiple_upload.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td><strong>Upload Resume :</strong> *.doc, *.rtf, *.pdf files only<br /></td>
</tr>
<tr>
<td>Select file
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<td><strong>Upload Other Information :</strong>*.doc, *.rtf, *.pdf files only</td>
<tr>
<td>Select file
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<tr>
<td align="center"><input type="submit" name="Submit" value="Upload Data" /></td>
</tr><br />
</table>
</td>
</form>
</tr>
</table>
</html>

Currently, If user is uploading only 1 file, it will give an error there There're something error in your second file.

But what I want is, User will have to upload two files.

What Code changes should be made so that user will have to upload two files, and if user doesn't provide the path for another file, no file will be get upload.

naimish 22Jul2009 13:56

Re: File Upload
 
Also If we can embeed the code to restrict user to only upload *.doc, *.rtf, *.pdf files only :)

pradeep 22Jul2009 18:51

Re: Multiple File Upload in PHP
 
Check for upload errors http://www.php.net/manual/en/feature...oad.errors.php

Hex00010 22Jul2009 22:49

Re: Multiple File Upload in PHP
 
This script is vulnerable it does not sanatize what file types can be upload all it says is text that states only so and so can be uploaded.


But in the php script it does not clarify it


If people use this script then 10/10 they will get hacked allowing hackers to upload shell botnet.txt files or whatever they so choose until the owner of this script or someone else fixes these errors i highly reccomend no one to use this script for the safty of your site

shabbir 22Jul2009 23:46

Re: Multiple File Upload in PHP
 
Quote:

Originally Posted by Hex00010 (Post 53317)
This script is vulnerable it does not sanatize what file types can be upload all it says is text that states only so and so can be uploaded.


But in the php script it does not clarify it


If people use this script then 10/10 they will get hacked allowing hackers to upload shell botnet.txt files or whatever they so choose until the owner of this script or someone else fixes these errors i highly reccomend no one to use this script for the safty of your site

He is probably developing it and looking for some error correction.

Hex00010 23Jul2009 00:08

Re: Multiple File Upload in PHP
 
heheehhe well there is your first error to block file type extensions :)

naimish 23Jul2009 07:22

Re: Multiple File Upload in PHP
 
I am not facing anykind of errors, I just want an improvement.

Quote:

i highly reccomend no one to use this script for the safty of your site
I didn't post this code as an article, so that is obivous.

Quote:

He is probably developing it and looking for some error correction
I am learning PHP now a days, and implementing it on my demo website :D

Quote:

heheehhe well there is your first error to block file type extensions
And that's what I have requested to help :)

Hex00010 23Jul2009 10:19

Re: Multiple File Upload in PHP
 
Well mate seeing your new to php i reccomend you to learn the vulnerability of what is inside of php

just a note to help you a long never use

Code:

include();
functions :) also be sure to study up on how c99shell are uploaded through php systems.

The most common is from file uploads. Also be sure to secure the script from sql injection a tes perhaps? when ur ready for a demo and if the url has a index.php?something=1 or something near it add a ' at the end of it if a mysql error pops up then it is vulnerable to sql injection also be sure to make it not vulneralbe to blind sql injection


Take a look at this script and implement it into yours

http://www.willmaster.com/blog/javas...extensions.php

naimish 23Jul2009 10:24

Re: Multiple File Upload in PHP
 
The main thing is that I am not using my own domain, I am using free domains only ;)

Hex00010 23Jul2009 10:41

Re: Multiple File Upload in PHP
 
What does that have to do with anything? regarding this?


All times are GMT +5.5. The time now is 14:11.