Multiple File Upload in PHP

Hi, I have below code in my website where user will upload two files.

multiple_upload.php

Code:

 
<?php
//set where you want to store files
//in this example we keep file in folder upload 
//$HTTP_POST_FILES['ufile']['name']; = upload file name
//for example upload file name cartoon.gif . $path will be upload/cartoon.gif
$path1= "upload/".$HTTP_POST_FILES['ufile']['name'][0];
$path2= "upload/".$HTTP_POST_FILES['ufile']['name'][1];
//copy file to where you want to store file
copy($HTTP_POST_FILES['ufile']['tmp_name'][0], $path1);
copy($HTTP_POST_FILES['ufile']['tmp_name'][1], $path2);
//$HTTP_POST_FILES['ufile']['name'] = file name
//$HTTP_POST_FILES['ufile']['size'] = file size
//$HTTP_POST_FILES['ufile']['type'] = type of file
///////////////////////////////////////////////////////
$filesize1=$HTTP_POST_FILES['ufile']['size'][0];
$filesize2=$HTTP_POST_FILES['ufile']['size'][1];
if($filesize1 && $filesize2!= 0) 
{
echo "Thank you, The file(s) has been successfully uploaded.";
}
else {
echo "ERROR : ";
}
//////////////////////////////////////////////
// What files that have a problem? (if found)
if($filesize1==0) {
echo "There're something error in your first file";
echo "<BR />";
}
if($filesize2==0) {
echo "There're something error in your second file";
echo "<BR />";
}
?>
 

MyUpload.php

Code:

 
<html>
<title>Upload Two Files</title>
<table width="500" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form action="multiple_upload.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td><strong>Upload Resume :</strong> *.doc, *.rtf, *.pdf files only<br /></td>
</tr>
<tr>
<td>Select file 
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<td><strong>Upload Other Information :</strong>*.doc, *.rtf, *.pdf files only</td>
<tr>
<td>Select file
<input name="ufile[]" type="file" id="ufile[]" size="50" /></td>
</tr>
<tr>
<td align="center"><input type="submit" name="Submit" value="Upload Data" /></td>
</tr><br />
</table>
</td>
</form>
</tr>
</table>
</html>
 

Currently, If user is uploading only 1 file, it will give an error there There're something error in your second file.

But what I want is, User will have to upload two files.

What Code changes should be made so that user will have to upload two files, and if user doesn't provide the path for another file, no file will be get upload.

 

Re: File Upload

Also If we can embeed the code to restrict user to only upload *.doc, *.rtf, *.pdf files only

 

Check for upload errors http://www.php.net/manual/en/features.file-upload.errors.php

 

This script is vulnerable it does not sanatize what file types can be upload all it says is text that states only so and so can be uploaded.


But in the php script it does not clarify it


If people use this script then 10/10 they will get hacked allowing hackers to upload shell botnet.txt files or whatever they so choose until the owner of this script or someone else fixes these errors i highly reccomend no one to use this script for the safty of your site

 

heheehhe well there is your first error to block file type extensions

 

I am not facing anykind of errors, I just want an improvement.

I didn't post this code as an article, so that is obivous.

I am learning PHP now a days, and implementing it on my demo website

And that's what I have requested to help

 

Well mate seeing your new to php i reccomend you to learn the vulnerability of what is inside of php

just a note to help you a long never use

Code:

include();

functions also be sure to study up on how c99shell are uploaded through php systems.

The most common is from file uploads. Also be sure to secure the script from sql injection a tes perhaps? when ur ready for a demo and if the url has a index.php?something=1 or something near it add a ' at the end of it if a mysql error pops up then it is vulnerable to sql injection also be sure to make it not vulneralbe to blind sql injection


Take a look at this script and implement it into yours

http://www.willmaster.com/blog/javascript/prevent-upload-illegal-file-extensions.php

 

The main thing is that I am not using my own domain, I am using free domains only

 

What does that have to do with anything? regarding this?

 

Using script or Database is restricted

 

Thats gay i reccomend u find a host that allows it

 

Yeah, I found one of them, but it only provides php and not database so looking for a new one as right now I can't affort to get one own domain

 

Hello everyone, can anyone please help me with this ? I am still not able to solve this.

I have done below changes, but not worth, it's not working

Code:

if($path1 == "" || $path2 == "")
{
     echo "Please select two files.";
}
else
{
  if($filesize1!=0 && $filesize2 != 0) 
  {
     echo "Thank you, The file(s) has been successfully uploaded.";
  }
  else
  {
     echo "ERROR : ";
  }
}

 

PHP Uploading: I want to creat a multiple file upload that lets a user upload multiple files using a single...

 

What's the meaning of posting Subject and content ??