[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 310
  • Last Modified:

How to let website viewers upload files through site???

Hi Everyone,
I am just wondering what I need to do to put a 'Upload File' script on my website that allows viewers to upload files directly from the site to my hosting server.
Please make the answer as simple as possible and using the easyist code :-)

Thank a lot in advance :D
0
snip69
Asked:
snip69
  • 8
  • 6
  • 3
1 Solution
 
snip69Author Commented:
Um... I know my hosting supports PHP, but thats all I know.
0
 
sajuksCommented:
PHP
http://www.hotscripts.com/Detailed/31396.html ... the simplest and easiest
or

upload.html
<HTML>
<BODY>
<form action="upload.php" method="post" enctype="multipart/form-data">
File : <input type=file name="myfile"><BR>
Path : <input type=text name="mypath" size=50 maxlength=100 value="C:\UPLOAD\USER_DATA_1\"><BR>
<input type=submit value="UPLOAD"><BR>
</form>
</BODY>
</HTML>

//upload.php
<HTML>
<BODY>
<?
$default_path = "C:\\UPLOAD\\"; // the default path C:\UPLOAD\ if path is missing
if ($myfile_name) // if a file is uploaded
{
  if (!$mypath) $mypath = $default_path;

  $target = $mypath . basename($myfile_name);
// if $mypath is "C:\UPLOAD\USER_DATA_1\"
// and the  uploaded file name ($myfile_name) is "C:\WINDOWS\NOTEPAD.EXE"
// then $target will be "C:\UPLOAD\USER_DATA_1\NOTEPAD.EXE"

  if (@copy($myfile, $target))
    print "The file is uploaded";
  else
    print "Error in uploading file <BR> Maybe the path is not exist.";
 
// destroy the temporary file, which is copied to temporary directory (ex C:\TEMP\)
  @unlink($myfile);  
}
?>
</BODY>
</HTML>



or check the php help for lots of other examples
http://de3.php.net/manual/en/features.file-upload.php
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
snip69Author Commented:
so i upload the .php file to the public folder of server? and then the html code should work?
Anything I need to change?
Thanks ;)
0
 
sajuksCommented:
the most normal mistake occurs here
$uploaddir = '/var/www/uploads/';
where var means the directory in the server root's var directory

so for ur case u should check whats ur default path and based on that u can set it.

for ex at ur website it would be something like  /home/username/public...

then change ur upload dir to
$uploaddir = '/home/username/public/uploads/';
0
 
snip69Author Commented:
Ok, I am getting closer.... still abit confused with what to change $uploaddir to.
On my server, there is numerous folders (eg. cgi-bin, public) the files that are shown on the net are the ones in the public folder. I don't have a home folder. (lol, if I was meant to change 'home' and 'username' to the URL of the site/the ftp username, i did, but didn't work... any other ideas???
...your points are coming!
0
 
snip69Author Commented:
this is the error message i am getting:

Warning:  move_uploaded_file(/brooksdale.com.au/public/uploads/greenday_1.jpg): failed to open stream: No such file or directory in /storage/disk3/72/20872/brooksdale.com.au/public/upload.php on line 9

Warning:  move_uploaded_file(): Unable to move '/var/tmp/phppKntBH' to '/brooksdale.com.au/public/uploads/greenday_1.jpg' in /storage/disk3/72/20872/brooksdale.com.au/public/upload.php on line 9
Possible file upload attack!
Here is some more debugging info:Array
(
    [userfile] => Array
        (
            [name] => greenday_1.jpg
            [type] => image/pjpeg
            [tmp_name] => /var/tmp/phppKntBH
            [error] => 0
            [size] => 25302
        )

)

I have no idea where it got the first 4 folders in "/storage/disk3/72/20872/brooksdale.com.au/public/upload.php"
or what this is/what i have to change it to
"'/var/tmp/phppKntBH'"
0
 
sajuksCommented:
try doing for a text file, u've to set the mime types for what all file extension uploads u can 've.
which example r u trying btw
0
 
sajuksCommented:
can u run this on ur server and see if it returns any path ..
<?php

system('pwd');

?>

also r u hosted on a windows or a linux server ?
0
 
ldbkuttyCommented:
Demo: http://jaggybala.clawz.com/upload_script/upload_file.php
====

Code:
====

<HTML>
<HEAD>
<TITLE>Upload example</TITLE>
</HEAD>
<BODY>

<?php

// Process if the form was submitted.
if(isset($_POST['form_submit']) && !empty($_POST['form_submit']))
{      
      $uploaddir = 'uploads/';

      $uploadfile = $uploaddir . basename($_FILES['yourfile']['name']);
      
      /** Optional: Checks the file constraint for uploading! Return error if the file-size is greater than 30000 bytes.
      /**
      if(($_FILES['yourfile']['size']) > 30000)
      {
          echo "Sorry, File size is bigger than 30 KB";
          exit();
      }
      */

      // let us read all the files in the directory and rename the file, if exists.
      if($handle = opendir($uploaddir))
      {
            while(false !== ($file = readdir($handle)))
            {
                  if($file != "." && $file != "..")
                  {
                        // if samefile name exists already in the directory.
                        if(strtolower($file) == strtolower($_FILES['yourfile']['name']))
                        {                  
                              $ext = strrchr($_FILES['yourfile']['name'], ".");

                              // replace the uploading file with date() so it is unique.
                              $changed_file_name = basename($_FILES['yourfile']['name'], $ext) . date("YmdHis") . $ext;
                              $uploadfile = $uploaddir . $changed_file_name;                  
                        }            
                  }
            }
            closedir($handle);
            print "<pre>";
            
            if (move_uploaded_file($_FILES['yourfile']['tmp_name'], $uploadfile))
            {      
                  chmod($uploadfile, 0777);
                  print "File is valid, and was successfully uploaded. <a href='$uploadfile'>Click here</a> to view the file";      
            }
            else
            {      
                  print "Possible file upload attack!  Here's some debugging info:\n";
                  print_r($_FILES);
                  exit;
            }
            print "</pre>";
      }
}
else
{
      
?>

<FORM METHOD="post" ACTION="<?php echo $_SERVER['PHP_SELF']; ?>" ENCTYPE="multipart/form-data">
<p><strong>File</strong><br>
<INPUT TYPE="file" NAME="yourfile" SIZE="30"></p>
<INPUT TYPE="hidden" NAME="MAX_FILE_SIZE" VALUE="60000" />
<P><INPUT TYPE="submit" NAME="form_submit" VALUE="Send"></p>
</FORM>
</BODY>
</HTML>

<?php

}

?>

// You just have to rename the $uploaddir path. //
0
 
snip69Author Commented:
Um, I think the server is windows, but not quite sure, im hosted by http://www.namescout.com/domainpackages.asp

Also what do you mean by run it on server?
Do you want me to upload it and see what happens when i load it???
Sorry!
0
 
sajuksCommented:
i meant to save this as an php file in ur upload.html and run it ( http://www.domain.myphp.php) , that will return the path for which u've to replace for
the "var"

//myphp.php
<?php

system('pwd');

?>
0
 
snip69Author Commented:
ok, so that comes back with "/storage/disk3/72/20872/brooksdale.com.au/public"
so if i change the $uploaddir to the above, it should work?
Cos i am getting this error now..

Possible file upload attack!
Here is some more debugging info:Array
(
    [yourfile] => Array
        (
            [name] => TEST.txt
            [type] => text/plain
            [tmp_name] => /var/tmp/phph8X4t0
            [error] => 0
            [size] => 119
        )

)

Don't know where it gets /var/tmp/phph8X4t0 from, no where to be found in the scripts...
0
 
snip69Author Commented:
NOPE!
I got it!!
Thanks a lot, I will give you the points and leave you feedback :D
0
 
ldbkuttyCommented:
>> Don't know where it gets /var/tmp/phph8X4t0 from, no where to be found in the scripts...
It is the default temporary directory in your php.ini settings and so you dont need to worry about that.

Initially file is uploaded to the "tmp" directory and from there it is moved to the specified $uploaddir. (and automatically deleted from the "tmp" directory.)
0
 
snip69Author Commented:
Thanks a lot too, ldbkutty, you just came along a bit too late. :-)
0
 
ldbkuttyCommented:
No problem, but dont forget to check the comments and contents of my scripts, it has lot more than what you expect.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 8
  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now