Micah C Posted February 27, 2009 Share Posted February 27, 2009 Hey guys, I am working on a PHP uploader. I have created a file that allows a user to name a file, then upload it. I can't figure out how to let the user chose a spot to upload it on the server. I would like to restrict the user to creating new directories in only a certain file. So this would let the user create / upload new directories & files within the restricted directory. Then I need to be able to edit the file the user just created. How can I do this? This is what i have so far: upload.php <pre> <?php if (array_key_exists('btn', $_POST)) { print_r($_FILES); } ?> </pre> <form action="" method="post" enctype="multipart/form-data" name="frm_upload" id="frm_upload"> <table border="0" cellspacing="0" cellpadding="0" id="tbl_upload"> <tr> <th scope="row"><label for="frmname">Filename</label></th> ( name your image, even if it already has a name ) <td><input type="text" name="frmname" id="frmname" class="frmfld" /></td> </tr> <tr> <th scope="row"><label for="frmfile">File:</label></th> <td><input name="frmfile" type="file" id="frmfile" size="30" /></td> </tr> <tr> <th scope="row"> </th> <td> <label for="btn" id="sbm"> <input type="submit" name="btn" id="btn" value="Upload" /> </label> </td> </tr> </table> </form> Quote Link to comment Share on other sites More sharing options...
stingwray Posted February 27, 2009 Share Posted February 27, 2009 PHP Dir Documentation might come in use. If you set the default path to the directory you wan them to use and prevent them from browsing backwards using ".." then all you need to do is decide you want to represent information the user. Doing a simple breadth-first search of all the directories and then printing them out in a tree to allow the user to select a radio button would be the simplest approach. Take this input plus the file and then you can write that file to that location. You might want to start separating your control logic from your view, it makes debugging and developing a hell of a lot easier. Quote Link to comment Share on other sites More sharing options...
digip Posted February 28, 2009 Share Posted February 28, 2009 Be carefull what you let people upload. If I were to upload somehting called script.php and it had illicit code in it, I can take over your site/server. You should always sanitize the input and not allow certain file extensions and file types be uploaded, or you lose any shred of security. Also, make sure they can't overwrite files, or they could overwrite YOUR stuff. Quote Link to comment Share on other sites More sharing options...
Micah C Posted February 28, 2009 Author Share Posted February 28, 2009 I understand the risks in allowing people to upload files. That's why I could like to ristrict them to a certain directory. Plus I already know how to restrict certain file upload like php for example. Finally it is secured with an htaccess file with a srong password. Thanks to the concern but I think it will be fine. Unless there is a better way to upload and edit files on a server? Quote Link to comment Share on other sites More sharing options...
stingwray Posted February 28, 2009 Share Posted February 28, 2009 I understand the risks in allowing people to upload files. That's why I could like to ristrict them to a certain directory. Plus I already know how to restrict certain file upload like php for example. Finally it is secured with an htaccess file with a srong password. Thanks to the concern but I think it will be fine. Unless there is a better way to upload and edit files on a server? Solution Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.