How to let website viewers upload files through site???

Hi Everyone,
I am just wondering what I need to do to put a 'Upload File' script on my website that allows viewers to upload files directly from the site to my hosting server.
Please make the answer as simple as possible and using the easyist code :-)

Thank a lot in advance :D
snip69Asked:
Who is Participating?
 
sajuksCommented:
i meant to save this as an php file in ur upload.html and run it ( http://www.domain.myphp.php) , that will return the path for which u've to replace for
the "var"

//myphp.php
<?php

system('pwd');

?>
0
 
snip69Author Commented:
Um... I know my hosting supports PHP, but thats all I know.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
sajuksCommented:
PHP
http://www.hotscripts.com/Detailed/31396.html ... the simplest and easiest
or

upload.html
<HTML>
<BODY>
<form action="upload.php" method="post" enctype="multipart/form-data">
File : <input type=file name="myfile"><BR>
Path : <input type=text name="mypath" size=50 maxlength=100 value="C:\UPLOAD\USER_DATA_1\"><BR>
<input type=submit value="UPLOAD"><BR>
</form>
</BODY>
</HTML>

//upload.php
<HTML>
<BODY>
<?
$default_path = "C:\\UPLOAD\\"; // the default path C:\UPLOAD\ if path is missing
if ($myfile_name) // if a file is uploaded
{
  if (!$mypath) $mypath = $default_path;

  $target = $mypath . basename($myfile_name);
// if $mypath is "C:\UPLOAD\USER_DATA_1\"
// and the  uploaded file name ($myfile_name) is "C:\WINDOWS\NOTEPAD.EXE"
// then $target will be "C:\UPLOAD\USER_DATA_1\NOTEPAD.EXE"

  if (@copy($myfile, $target))
    print "The file is uploaded";
  else
    print "Error in uploading file <BR> Maybe the path is not exist.";
 
// destroy the temporary file, which is copied to temporary directory (ex C:\TEMP\)
  @unlink($myfile);  
}
?>
</BODY>
</HTML>



or check the php help for lots of other examples
http://de3.php.net/manual/en/features.file-upload.php
0
 
snip69Author Commented:
so i upload the .php file to the public folder of server? and then the html code should work?
Anything I need to change?
Thanks ;)
0
 
sajuksCommented:
the most normal mistake occurs here
$uploaddir = '/var/www/uploads/';
where var means the directory in the server root's var directory

so for ur case u should check whats ur default path and based on that u can set it.

for ex at ur website it would be something like  /home/username/public...

then change ur upload dir to
$uploaddir = '/home/username/public/uploads/';
0
 
snip69Author Commented:
Ok, I am getting closer.... still abit confused with what to change $uploaddir to.
On my server, there is numerous folders (eg. cgi-bin, public) the files that are shown on the net are the ones in the public folder. I don't have a home folder. (lol, if I was meant to change 'home' and 'username' to the URL of the site/the ftp username, i did, but didn't work... any other ideas???
...your points are coming!
0
 
snip69Author Commented:
this is the error message i am getting:

Warning:  move_uploaded_file(/brooksdale.com.au/public/uploads/greenday_1.jpg): failed to open stream: No such file or directory in /storage/disk3/72/20872/brooksdale.com.au/public/upload.php on line 9

Warning:  move_uploaded_file(): Unable to move '/var/tmp/phppKntBH' to '/brooksdale.com.au/public/uploads/greenday_1.jpg' in /storage/disk3/72/20872/brooksdale.com.au/public/upload.php on line 9
Possible file upload attack!
Here is some more debugging info:Array
(
    [userfile] => Array
        (
            [name] => greenday_1.jpg
            [type] => image/pjpeg
            [tmp_name] => /var/tmp/phppKntBH
            [error] => 0
            [size] => 25302
        )

)

I have no idea where it got the first 4 folders in "/storage/disk3/72/20872/brooksdale.com.au/public/upload.php"
or what this is/what i have to change it to
"'/var/tmp/phppKntBH'"
0
 
sajuksCommented:
try doing for a text file, u've to set the mime types for what all file extension uploads u can 've.
which example r u trying btw
0
 
sajuksCommented:
can u run this on ur server and see if it returns any path ..
<?php

system('pwd');

?>

also r u hosted on a windows or a linux server ?
0
 
ldbkuttyCommented:
Demo: http://jaggybala.clawz.com/upload_script/upload_file.php
====

Code:
====

<HTML>
<HEAD>
<TITLE>Upload example</TITLE>
</HEAD>
<BODY>

<?php

// Process if the form was submitted.
if(isset($_POST['form_submit']) && !empty($_POST['form_submit']))
{      
      $uploaddir = 'uploads/';

      $uploadfile = $uploaddir . basename($_FILES['yourfile']['name']);
      
      /** Optional: Checks the file constraint for uploading! Return error if the file-size is greater than 30000 bytes.
      /**
      if(($_FILES['yourfile']['size']) > 30000)
      {
          echo "Sorry, File size is bigger than 30 KB";
          exit();
      }
      */

      // let us read all the files in the directory and rename the file, if exists.
      if($handle = opendir($uploaddir))
      {
            while(false !== ($file = readdir($handle)))
            {
                  if($file != "." && $file != "..")
                  {
                        // if samefile name exists already in the directory.
                        if(strtolower($file) == strtolower($_FILES['yourfile']['name']))
                        {                  
                              $ext = strrchr($_FILES['yourfile']['name'], ".");

                              // replace the uploading file with date() so it is unique.
                              $changed_file_name = basename($_FILES['yourfile']['name'], $ext) . date("YmdHis") . $ext;
                              $uploadfile = $uploaddir . $changed_file_name;                  
                        }            
                  }
            }
            closedir($handle);
            print "<pre>";
            
            if (move_uploaded_file($_FILES['yourfile']['tmp_name'], $uploadfile))
            {      
                  chmod($uploadfile, 0777);
                  print "File is valid, and was successfully uploaded. <a href='$uploadfile'>Click here</a> to view the file";      
            }
            else
            {      
                  print "Possible file upload attack!  Here's some debugging info:\n";
                  print_r($_FILES);
                  exit;
            }
            print "</pre>";
      }
}
else
{
      
?>

<FORM METHOD="post" ACTION="<?php echo $_SERVER['PHP_SELF']; ?>" ENCTYPE="multipart/form-data">
<p><strong>File</strong><br>
<INPUT TYPE="file" NAME="yourfile" SIZE="30"></p>
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="60000" />
<P><INPUT TYPE="submit" NAME="form_submit" VALUE="Send"></p>
</FORM>
</BODY>
</HTML>

<?php

}

?>

// You just have to rename the $uploaddir path. //
0
 
snip69Author Commented:
Um, I think the server is windows, but not quite sure, im hosted by http://www.namescout.com/domainpackages.asp

Also what do you mean by run it on server?
Do you want me to upload it and see what happens when i load it???
Sorry!
0
 
snip69Author Commented:
ok, so that comes back with "/storage/disk3/72/20872/brooksdale.com.au/public"
so if i change the $uploaddir to the above, it should work?
Cos i am getting this error now..

Possible file upload attack!
Here is some more debugging info:Array
(
    [yourfile] => Array
        (
            [name] => TEST.txt
            [type] => text/plain
            [tmp_name] => /var/tmp/phph8X4t0
            [error] => 0
            [size] => 119
        )

)

Don't know where it gets /var/tmp/phph8X4t0 from, no where to be found in the scripts...
0
 
snip69Author Commented:
NOPE!
I got it!!
Thanks a lot, I will give you the points and leave you feedback :D
0
 
ldbkuttyCommented:
>> Don't know where it gets /var/tmp/phph8X4t0 from, no where to be found in the scripts...
It is the default temporary directory in your php.ini settings and so you dont need to worry about that.

Initially file is uploaded to the "tmp" directory and from there it is moved to the specified $uploaddir. (and automatically deleted from the "tmp" directory.)
0
 
snip69Author Commented:
Thanks a lot too, ldbkutty, you just came along a bit too late. :-)
0
 
ldbkuttyCommented:
No problem, but dont forget to check the comments and contents of my scripts, it has lot more than what you expect.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.