Jump to content

Advanced PHP uploader


Micah C
 Share

Recommended Posts

Hey guys,

I am working on a PHP uploader. I have created a file that allows a user to name a file, then upload it. I can't figure out how to let the user chose a spot to upload it on the server. I would like to restrict the user to creating new directories in only a certain file. So this would let the user create / upload new directories & files within the restricted directory. Then I need to be able to edit the file the user just created. How can I do this?

This is what i have so far:

upload.php

<pre>
<?php
if (array_key_exists('btn', $_POST)) {
print_r($_FILES);
}
?>
</pre> 

<form action="" method="post" enctype="multipart/form-data" name="frm_upload" id="frm_upload">
<table border="0" cellspacing="0" cellpadding="0" id="tbl_upload">
<tr>
<th scope="row"><label for="frmname">Filename</label></th>
( name your image, even if it already has a name )
<td><input type="text" name="frmname" id="frmname" class="frmfld" /></td>
</tr>
<tr>
<th scope="row"><label for="frmfile">File:</label></th>
<td><input name="frmfile" type="file" id="frmfile" size="30" /></td>
</tr>
<tr>
<th scope="row"> </th>
<td>
<label for="btn" id="sbm">
<input type="submit" name="btn" id="btn" value="Upload" />
</label>
</td>
</tr>
</table>
</form> 

Link to comment
Share on other sites

PHP Dir Documentation might come in use.

If you set the default path to the directory you wan them to use and prevent them from browsing backwards using ".." then all you need to do is decide you want to represent information the user.

Doing a simple breadth-first search of all the directories and then printing them out in a tree to allow the user to select a radio button would be the simplest approach.

Take this input plus the file and then you can write that file to that location.

You might want to start separating your control logic from your view, it makes debugging and developing a hell of a lot easier.

Link to comment
Share on other sites

Be carefull what you let people upload. If I were to upload somehting called script.php and it had illicit code in it, I can take over your site/server. You should always sanitize the input and not allow certain file extensions and file types be uploaded, or you lose any shred of security. Also, make sure they can't overwrite files, or they could overwrite YOUR stuff.

Link to comment
Share on other sites

I understand the risks in allowing people to upload files. That's why I could like to ristrict them to a certain directory. Plus I already know how to restrict certain file upload like php for example. Finally it is secured with an htaccess file with a srong password. Thanks to the concern but I think it will be fine. Unless there is a better way to upload and edit files on a server?

Link to comment
Share on other sites

I understand the risks in allowing people to upload files. That's why I could like to ristrict them to a certain directory. Plus I already know how to restrict certain file upload like php for example. Finally it is secured with an htaccess file with a srong password. Thanks to the concern but I think it will be fine. Unless there is a better way to upload and edit files on a server?

Solution

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...