well... I have narrowed the problem down to this part of the code:
<?
} elseif(isset($_GET['writefile'])){ //if you want to upload and add an entry to the link file
if(!$author == "1"){
header("Status: 403 Forbidden"); //if you arent the author, you will get this message:
echo "<HTML><TITLE>403 (Forbidden)</TITLE><BODY><H1>You are not authorised to access this resource</H1>
</BODY></HTML>";
} else {
if(!isset($_FILES['upload'])){ //make sure there was an uploaded file
echo "Sorry, there must be a valid file to upload";
} else {
###############################
//define the different vars of the file:
$name = $_FILES['upload']['name']; //name of the file on the users computer
$temp = $_FILES['upload']['tmp_name']; //The temporary upload file
$type = $_FILES['upload']['type']; //MIME type (very important for the download PHP script)
$size = $_FILES['upload']['size']; //Size of file
if($size > 1024 && $size < 1048576){ //if it is needed in kb
$size = round($size / 1024, 2) . "(kb)";
} elseif($size > 1048576){ //if it is needed in mb
$size = round($size / 1048576, 2) . "(mb)";
} elseif($size < 1024){ //if it is needed in b
$size = $size . "(b)";
}
$lname1 = str_replace("\t", " ", $_POST["lname"]); //replace the stuff in the name
$lname2 = "$updir".$lname1."/"; //beginning of upload dir
$uploadfile = $_FILES['upload']['tmp_name']; //the file to move
$uploaddir = "$lname2".$_FILES['upload']['name']; //the last of the vars needed to upload the file
if(mkdir("$lname2", 0775)){ //make the dir for the file
if(is_uploaded_file($uploadfile)){ //make sure the file was uploaded
if(move_uploaded_file($uploadfile, $uploaddir)){ // move the uploaded file
$url = $uploaddir; //for the link
$lname = str_replace("\t", " ", $_POST["lname"]); //replacing chars that would mess things up
$descr = str_replace("\t", " ", $_POST["descr"]); //replace chars that could mess up the listing
$descr = str_replace("\n", "<br>", $descr); //replace returns with <br />'s
$descr = str_replace("\r", "", $descr); //Not too sure what this is, but lets keep it anyway
#######################################
$linkentry = $url."\t".$lname."\t".$size."\t".time()."\r\n"; //the entry that will be made to the file
$fp = fopen($linkfile, "a"); //open the file and write the entry
flock($fp, LOCK_EX);
fwrite($fp, $linkentry);
flock($fp, LOCK_UN);
fclose($fp);
#######################################
#######################################
$fp = fopen($uploaddir.".descr.txt.php", "w"); //make the description file
flock($fp, LOCK_EX); //locko el fileo
fwrite($fp, '<? $root = $_SERVER["DOCUMENT_ROOT"]; ?>'."\n".'<? include("$root/header.php"); ?>'
."\n".'<table border="1" bordercolor="tan" width="75%" align="center">'."\n".'<tr><td>'."\n".$descr
."\n".'</td></tr></table>'."\n"
.'<center><form><input type=button value="Close This Window" onClick="javascript:window.close();">
</form></center>'
."\n".'<? include("$root/footer.php"); ?>'); //write the description
flock($fp, LOCK_UN);//unlocko el fileo
fclose($fp); //closeo el fileo
#######################################
#######################################
$fp = fopen($uploaddir.".dat", "w"); //make the counter file
flock($fp, LOCK_EX);
fwrite($fp, "0"); //write the inital "0" to it
flock($fp, LOCK_UN);
fclose($fp); //close the counter file
#######################################
#######################################
$fp = fopen($uploaddir.".php", "w"); //create the download PHP script
flock($fp, LOCK_EX); //lock
fwrite($fp, '<?php'."\n"); //begin
fwrite($fp, '$download_name = "'.$name.'";'."\n"); //the name that will be sent to the browser
fwrite($fp, '$download_type = "'.$type.'";'."\n"); //the MIME type that will be sent
fwrite($fp, '$path_to_file = "'.$name.'";'."\n"); //the name of the downloading file
fwrite($fp, 'header("Content-type: $download_type");'."\n"); //MIME type header
fwrite($fp, 'header("Content-Disposition: attachment; filename=$download_name");'."\n");//Start dwnld
fwrite($fp, 'readfile("$path_to_file");'."\n\n"); //path to the file
fwrite($fp, '$name = $path_to_file;'."\n\n"); //define the $name var
fwrite($fp, '$size_counter = filesize($name.".dat");'."\n"); //download counter:
fwrite($fp, '$count = fopen($name.".dat", "r+");'."\n"); //open it
fwrite($fp, 'flock($count, LOCK_EX);'."\n"); //lock it
fwrite($fp, '$hit = fread($count, $size_counter);'."\n"); //read the number of hits
fwrite($fp, '$hit = $hit+1;'."\n"); //make the number of hits +1
fwrite($fp, 'rewind($count);'."\n"); //rewind it
fwrite($fp, 'fwrite($count, $hit);'."\n"); //write the new hit number
fwrite($fp, 'flock($count,LOCK_UN);'."\n"); //unlock it
fwrite($fp, 'fclose($count);'."\n"); //close it
fwrite($fp, '?>'); //end
flock($fp, LOCK_UN); //unlock
fclose($fp); //close
#######################################
#######################################
//redirect:
$referer = 'file.php?display';
echo "<meta http-equiv=\"refresh\" content=\"0\" url=\"$referer\">";
echo "<br /><br />File uploaded and moved! If you do not get automatically redirected, click <a href=\"file.php?display\">here</a>";
#######################################
echo $notice;
} else {
echo "Sorry, the temp file could not be moved, or there was another error.";
}
} else {
include($header);
echo "Sorry, that file is not uploaded";
include($footer);
}
} else {
echo "The directory could not be made!";
}
}
}
} else {
#######################################
include($header); //escapes if there is no get vars, or an invalid get var
echo 'Sorry, there was no valid GET var, what did you want to do?<br /><br /><a href="file.php?input">Upload a file</a>
<br /><a href="file.php?display">View the downloads</a>';
include($footer);
#######################################
}
?>
