TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   Script Giveaway (http://www.talkphp.com/script-giveaway/)
-   -   Simple Image Uploader (http://www.talkphp.com/script-giveaway/2527-simple-image-uploader.html)

TerrorRonin 03-26-2008 03:13 PM
Simple Image Uploader
 
I still see an abundance of image uploaded sites popping up.. so I got bored, and had a domain lying around, so I built a very simple application that people can use if they'd like.

A live (permanent) demo of the script is located at Free Image Hosting!

You can upload images there if you'd like, or you build your own, by using the source code shown below!
PHP Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
    <title>Free Image Hosting!</title>
    <style type="text/css">
        body {
            margin: 0;
            padding: 50px 0 0;
            font-family: "Lucida Sans Unicode", Verdana, Arial, Sans-Serif;
            font-size: 11px;
        }
        
        a {
            color: #000000;
        }
        
        h1 {
            margin: 0;
            padding: 0;
        }
        
        h2 {
            margin: 10px 0;
            padding: 0:
            font-size: 12px;
        }
        
        #wrapper {
            background-color: #f0f0f0;
            border: 2px solid #d9d9d9;
            border-left: none;
            border-right: none;
            margin: 10px 0;
            padding: 10px;
            line-height: 25px;
            font-size: 12px;
        }
    </style>
</head>
<body><center>

    <?php
    
    $dir dirname(__FILE__) . '/uploads/';
    
    if (is_dir($dir))
    {
        if ($dh opendir($dir))
        {
            $filecount '0';
            
            while (($file readdir($dh)) !== false)
            {
                if(!($file == '.' || $file == '..'))
                {
                    ++$filecount;
                }
            }
            closedir($dh);
            
            echo "\n";
        }
    }
    else
    {
        echo "You must create a /upload/ directory before this script will work.\n";
    }
    
    ?>
    <h1>Free Image Hosting!</h1>
    <div id="wrapper">
        <form method="post" enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>">
            Upload Image <input type="file" name="userfile" />
            <input type="submit" name="submit" value="Upload" />
        </form>
        <strong>Allowed Extensions:</strong> gif, jpg, bmp, png<br />
    </div>
    Currently Hosting <strong><?php echo $filecount?></strong> images!<br />
    
    <?php
    
        if(isset($_POST['submit']))
        {
            if(is_uploaded_file($_FILES['userfile']['tmp_name']))
            {
                if (($_FILES['userfile']['type']=="image/gif") || ($_FILES['userfile']['type']=="image/bmp") || ($_FILES['userfile']['type']=="image/pjpeg") || ($_FILES['userfile']['type']=="image/jpeg") || ($_FILES['userfile']['type']=="image/png") ) 
                {
                    # // -- Upload Process Starts
                        
                    $file '/uploads/' date('mdyhis') . '-' basename($_FILES['userfile']['name']);
                        
                    if (@move_uploaded_file($_FILES['userfile']['tmp_name'], "./" $file))
                    {
                        $url 'http://' $_SERVER['HTTP_HOST'] . $file;
                        
                        echo "<h2>File URL: <a href=\"{$url}\">{$url}</a></h2>\n";
                    }
                    else
                    {
                        echo "<h2>Unable to upload file to webserver, please verify that this directory exists</h2>\n";
                    }
                        
                    # // -- Upload Process Ends
                }
                else
                {
                    echo "<h2>Unacceptable File Type.  Please upload only as specified.</h2>\n";
                }
            }
        }
        else
        {
            echo "<h2></h2>\n";
        }
    
    ?>

</center>
</body>
</html>
If any of you have security fixes, or would like to add to this script, please do. I'll add any fixes that you like, etc.. maybe it can become a cool little script in the end :) I know it's not all that advanced right now, but this was just for fun :P

martins256 03-26-2008 04:25 PM
$_FILES['userfile']['type'] is sent by the user thats uploads the file. you should check the file type with getimagesize()

TerrorRonin 03-26-2008 05:12 PM
Just add any fixes you have :D Sort of like an Open Source project :P

sjaq 03-26-2008 07:06 PM
You should also check the extention, because someone could upload a valid image with some random php code at the end and your script will save it as .php so it will run. Don't have the time to fix this now but maybe later...

TerrorRonin 03-26-2008 07:34 PM
Yeah, i'd like to see you guys add to the code rather than just giving recommendations.. I want to see how you all would do it yourselves, so I can get hints in my future programming.

Dezent 06-16-2008 05:01 PM
Did anyone have the extention so you cant upload random php code ?

ETbyrne 06-16-2008 07:40 PM
Use $filename = $_FILES['fieldname']['name']; to find the uploading file's name. Then just use
$filetype = explode('.', $filename);
$filetype = end($filetype);
to find the file exstention.

Also, please don't bump old topics.

EyeDentify 06-18-2008 11:39 AM
@TerrorRonin.

I get the lazy vibe from this post.

Why donīt you take the recommendations and change the code yourself?

Salathe 06-18-2008 01:22 PM
(Emphasis aded by Salathe)
Quote:
Originally Posted by TerrorRonin (Post 12810)
A live (permanent) demo of the script is located at Free Image Hosting!
It's probably a good job that your permanent demo isn't up there any more because it's a trivial matter to upload and execute arbitrary files (including but not limited to PHP files).


All times are GMT. The time now is 02:59 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0