uploading/downloading

Toboe

I have this php File. worked fin on previous php versions. its an uploader/downloader.

The auth of it is nowhere to be found and i need to get it working.

Can anyone assist in this endeaver?

the upload/download/go back to the site links are vieable. but when you click upload or download it is suppose to jump to different things. but nothing happens.

Enviroment is.

*NIX Gentoo to be exact.
Apache2.
php5.

<?
$extlimit = "yes"; //Do you want to limit the extensions of files uploaded
$limitedext = array(".lte"); //Extensions you want files uploaded limited to.
$sizelimit = "no"; //Do you want a size limit, yes or no?
$sizebytes = "200000"; //size limit in bytes
$dl = ""; //url where files are uploaded
$absolute_path = "/"; //Absolute path to where files are uploaded
$websiteurl = ""; //Url to you website
$websitename = "";

if (!isset($action)) {
    $action = "";
}

switch($action) {
default:
echo"
<html>
<head>
<title></title>
</head>
<body>
<a href=$PHP_SELF?action=upload>Upload File</a>
 <a href=$PHP_SELF?action=download>Download File</a>
 <a href=$websiteurl>Return to $websitename</a>
<br><br>
</body>
</html>";
break;
case "download":
echo "
<html>
<head>
<title>File Download</title>
</head>
<body><a href=$PHP_SELF?action=upload>Upload File</a> <a href=$websiteurl>Return to $websitename</a>";
$list = "<table width=700 border=1 bordercolor=#000000 style=\"border-collapse: collapse\">";
$list .= "<tr><td width=700><center><b>Click To Download</b></center></td></tr>";
$dir = opendir($absolute_path);
while($file = readdir($dir)) {
if (($file != "..") and ($file != ".")) {
//Download files with spaces fix by Kokesh
$list .= "<tr><td width=700><a href='$dl/$file'>$file</a></center></td></tr>";
}
}
$list .= "</table>";
echo $list;
echo"
<br><br>
</body>
</html>";
break;

case "upload":
echo"
<html>

<head>
<title>File Upload</title>
</head>

<body>

<form method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data>
<p>File to upload:<br>
<input type=file name=file size=30>
<p><button name=submit type=submit>
Upload
</button>
</form>
<br><br>
</body>

</html>";
break;


//File Upload
case "doupload":
$dir = "dir";
if ($file != "") {

if (file_exists("$absolute_path/$file_name")) {
die("File already exists");
}

if (($sizelimit == "yes") && ($file_size > $sizebytes)) {
die("File is to big. It must be $sizebytes bytes or less.");
}

$ext = strrchr($file_name,'.');
if (($extlimit == "yes") && (!in_array($ext,$limitedext))) {
die("The file you are uploading doesn't have the correct extension.");
}

@copy($file, "$absolute_path/$file_name") or die("The file you are trying to upload couldn't be copied to the server");

} else {
die("Must select file to upload");
}
echo "
<html>
<head>
<title>File Uploaded</title>
</head>
<body>";
echo $file_name." was uploaded";
echo "<br>
<a href=$PHP_SELF?action=upload>Upload Another File</a>
<a href=$PHP_SELF?action=download> Download File</a>
<a href=$websiteurl> Return to $websitename</a><br><br>
</body>
</html>";
break;

}
?>

Jasp182

check the html output and see what your links are. I noticed you're using $PHP_SELF, which is deprecated as far as I know. See if these links are showing up correctly in the HTML. Read this article for further info about what I'm talking about:

http://www.faqts.com/knowledge_base/view.phtml/aid/17102

Toboe

genious.

Reister Globals fixes it everytime O_O thanks for the link helped me 100%

The html links displayed perfectly. It's just PHP_SELF wont work without globals on it looks like.

I just need to get the file output to display Alphabetically...

Jasp182

Toboe wrote:
genious.

Reister Globals fixes it everytime O_O thanks for the link helped me 100%

The html links displayed perfectly. It's just PHP_SELF wont work without globals on it looks like.

I just need to get the file output to display Alphabetically...

Cool...glad to help. I don't know exactly why, but I heard somewhere that turning on Register Globals can be a security risk in some environments, so you may want to read up on that. The alternative would be to use $_SERVER['REQUEST_URI'] instead (I believe it's the same thing...might be a subtle difference...but something to look into).

etully

Here's why Register Globals can be a security risk. If you are a bad PHP programmer or you have installed PHP code that was written by a bad PHP programmer, their code might assume that a variable is starting with a null value. For example, if you were going to calculate someone's salary you might say:

$salary .= $amount_from_company;
$salary .= $amount_from_investments;
$salary .= $amount_from_collecting_cans_dug_from_trash_cans;

print "You made $salary last year";

The problem is that someone might call your page and pass in a value for salary like this:

http://www.yourdomain.com/script.php?salary=60000

And if you look at the sample code above, it assumes that $salary is starting at zero and adding the new figures.

People could pass in values that could cause your script to erase files from your web server or increase someone's salary. Imagine, for example, that a bad PHP programmer wrote a program called "Foo Accounting" and millions of customers started using that software. If someone discovered a flaw in that accounting software, then they could take advantage of the hole on every web site where the software was installed. All because Register Globals was turned on. Turning RG off forces the programmer to explicitly get the values from the Request String. If the programmer doesn't explicitly ask for the data, then the variable starts at zero.

Toboe

so ho wwould I make it display diles in the directory in abc order? at the moment it displays in raged order

Jasp182

Toboe wrote:
so ho wwould I make it display diles in the directory in abc order? at the moment it displays in raged order

instead of building your HTML inside of the while(readdir()) loop, stuff the file names into an array. Once you have the array full, [MAN]sort[/MAN] it, and then iterate through the array to build your HTML

something like:

$dir = opendir($absolute_path); 
while($file = readdir($dir)) { 
if (($file != "..") and ($file != ".")) { 
$filenames[]=$file;
} 
sort($filenames);
foreach($filenames as $file)
{
$list .= "<tr><td width=700><a href='$dl/$file'>$file</a></center></td></tr>"; 
}