Uploads overwriting exsisting files

MyS4L

I've had this specific upload form for a few months and just recently have I been getting a lot of complaints from people that are accidently overwriting files already hosted.

This is a major concern for me, as it has messed up a lot of saved data.

Can someone help me modify this script, so if a file named SS101.jpg already exists in folder /files/ then it will not upload the file.

<?
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 10000;

//Allowable file ext. names. you may add more extension names.            

$FILE_EXTS  = array('.mng','.bmp','.jpg','.png','.gif','.txt','.html','.htm','.zip','.rtf','.doc','.rtf','.psd','.mng','.amr'); 

//Allow file delete? no, if only allow upload only
$DELETABLE  = false;                               


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
 *     Setup variables
 ************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("files")) {
  if (!mkdir($upload_dir))
  	die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
  	die ("change permission to 755 failed.");
}

/************************************************************
 *     Process User's Request
 ************************************************************/
if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);

  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)==$upload_dir) {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=Deleted successfully.'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

  $file_type = $_FILES['userfile']['type']; 
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES['userfile']['size'] > $MAX_SIZE) 
     $message = "The file size is over 10MB.";
  //File Extension Check
  else if (!in_array($file_ext, $FILE_EXTS))
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);

  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else 
	$message = "Invalid File Specified.";

/************************************************************
 *     List Files
 ************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
$name = str_replace(" ","_",$name);
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'><b>$file</b></a>";
      if ($DELETABLE)

$filelist .= " <a href='?del=$upload_dir".urlencode($file)."' title='delete'><b>  (DELETE)</b></a>";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

$temp_name = $_FILES['userfile']['tmp_name'];
$file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
  $file_name = str_replace(" ","_",$file_name);
  $length=strlen($_FILES['userfile']['name']);
  $file_path = $upload_dir.$file_name;

//File Name Check
  if ( $file_name =="") { 
  	$message = "Invalid File Name Specified";
  	return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
   	$message = "change permission to 777 failed.";
  else
    $message = ($result)?"$file_name has uploaded successfully." :
     	      "Oops! Something is wrong with uploading the file.";
  return $message;
}

?>

I have tried a few methods I've found on google, but none of them seem to work. Obviously if I knew a lot about Php, I'd be able to do this my self...

I may not, I absolutely love this script, and I'd love to have the solution for this script, and not a totally different upload script.

The_Chancer

Have a look at changing the do_upload function to halt similar to the

if ( $file_name =="") {
      $message = "Invalid File Name Specified";
      return $message;
  }

if the file_exists() function is called there as well you could be onto a winner...

Check out http://au.php.net/manual/en/function.file-exists.php

MyS4L

The Chancer;10927240 wrote:
Have a look at changing the do_upload function to halt similar to the
if ( $file_name =="") {
      $message = "Invalid File Name Specified";
      return $message;
  } 
if the file_exists() function is called there as well you could be onto a winner...

Check out http://au.php.net/manual/en/function.file-exists.php

I think that was a previous attempt I have made and an attempt that actually didn't do anything.

To be honest, I've tried to understand PhP, but I'm just not able to... I realize no one wants to do hand outs, but I'm pretty much a beginner that is way over his head here. I'll look at that page you linked and try to make sense of it, but I doubt it will do much for me.

dagon

MyS4L;10927254 wrote:
I think that was a previous attempt I have made and an attempt that actually didn't do anything.

To be honest, I've tried to understand PhP, but I'm just not able to... I realize no one wants to do hand outs, but I'm pretty much a beginner that is way over his head here. I'll look at that page you linked and try to make sense of it, but I doubt it will do much for me.

then hire someone.

azizsaleh

After:

    //File Name Check
  if ( $file_name =="") {
      $message = "Invalid File Name Specified";
      return $message;
  }

Add:


if(file_exists($file_path))
{
   return 'File exists.';
}