upload files without FTP?

Worker Joined: Aug 28, 2003 Posts: 227

Hi.

I'm creating the user documentation for using the coppermine photo gallery and I'm wondering if there is a module I can't find that allows uploading of files to a specific directory?

I played with the Documents module but that doesn't feature upload option yet.

thanks

registered · Posted: Mon Sep 29, 2003 11:29 am

Here is a site that has one. I have not used the version 2.0 yet because it costs $5.00 for it. I probably will because so far I really like the other scripts they have made. I really want to be able to do what you are talking about so I think the money will be worth it. I am trying an older version of their download script and I really like it. It just does not have an upload option like their new one. Go to their downloads section to see how it works. Nukecops was supposed to make one but I have not heard anything.

http://www.nukestyles.com/index.php

The site is moving slow today.

Posted: Mon Sep 29, 2003 1:57 pm

Thanks. I thought it was a download only enhancement. I NEED TO READ THE DETAILS. Smile

I'm trying to avoid having to use FTP to get the pictures up to the web server and limit that ability to one user ID (admin type).

I shot him an email to get clarification on a few questions I had.

thanks again!

Posted: Mon Sep 29, 2003 2:04 pm

Let me know what you find out. I am very interested as well.

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Have you checked at hotscripts.com? They have many to offer. I don't use them myself since I prefer to set up ftp accounts, so I can't comment on them.

Worker Joined: Aug 16, 2003 Posts: 107 Location: USA

Code:

<?


$sizelimit = "no"; //Do you want a size limit, yes or no?


$sizebytes = "10600000"; //size limit in bytes


$dl = "http://www.yoursite/"; //url where files are uploaded


$absolute_path = "/direct path/"; //Absolute path to where files are uploaded


$websiteurl = "http://www.yoursite/"; //Url to you website


$websitename = "***";





switch($action) {


default:


echo"


<html>


<head>


<title>Upload Or Download</title>


</head>


<BODY BGCOLOR='#000000' TEXT='#FFFFFF' LINK='#00FE00' ALINK='#00FE00' VLINK='#00FE00'>


 <a href=$PHP_SELF?action=upload>Upload File</a>


 <a href=$PHP_SELF?action=download>Download File</a>


 <a href=$websiteurl>Return to $websitename</a>


<br><br>


Powered by <a href=http://yoursite/>yoursite Online Upload/Download Script</a>


</body>


</html>";


break;


case "download":


echo "


<html>


<head>


<title>File Download</title>


</head>


<BODY BGCOLOR='#000000' TEXT='#FFFFFF' LINK='#00FE00' ALINK='#00FE00' VLINK='#00FE00'>


<a href=$PHP_SELF?action=upload>Upload File</a> <a href=$websiteurl>Return to $websitename</a>";


$list = "<table width=700 border=1 bordercolor=#FFFFFF style=\"border-collapse: collapse\">";


$list .= "<tr><td width=700><center><b>Click To Download</b></center></td></tr>";


$dir = opendir($absolute_path);


while($file = readdir($dir)) {


if (($file != "..") and ($file != ".")) {


$list .= "<tr><td width=700><center><a href=$dl/$file>$file</a></center></td></tr>";


}


}


$list .= "</table>";


echo $list;


echo"


<br><br>


Powered by <a href=http://yoursite>yoursite Online Upload/ Download Script</a>


</body>


</html>";


break;





case "upload":


echo"


<html>





<head>


<title>File Upload</title>


</head>





<BODY BGCOLOR='#000000' TEXT='#FFFFFF' LINK='#00FE00' ALINK='#00FE00' VLINK='#00FE00'>





<form method=POST action=$PHP_SELF?action=doupload enctype=multipart/form-data>


<p>File to upload:  No spaces in file names or people can't download it before it posted on the main page<br>


<input type=file name=file size=30>


<p><button name=submit type=submit>


Upload


</button>


</form>


<br><br>


Powered by <a href=http://yoursite/>yoursite Online Upload/ Download Script</a>


</body>





</html>";


break;








//File Upload


case "doupload":


$dir = "dir";


if ($file != "") {





if (file_exists("$absolute_path/$file_name")) {


die("File already exists");


}





if (($sizelimit == "yes") && ($file_size > $sizebytes)) {


die("File is to big. It must be $sizebytes bytes or less.");


}








@copy($file, "$absolute_path/$file_name") or die("The file you are trying to upload couldn't be copied to the server");





} else {


die("Must select file to upload");


}


echo "


<html>


<head>


<title>File Uploaded</title>


</head>


<BODY BGCOLOR='#000000' TEXT='#FFFFFF' LINK='#00FE00' ALINK='#00FE00' VLINK='#00FE00'>";


echo $file_name." was uploaded";


echo "<br>


<a href=$PHP_SELF?action=upload>Upload Another File</a>


<a href=$PHP_SELF?action=download> Download File</a>


<a href=$websiteurl> Return to $websitename</a><br><br>


Powered by <a href=http://yoursite/>yoursite Online Upload/ Download Script</a>


</body>


</html>";


break;





}


?>

Posted: Mon Sep 29, 2003 8:37 pm

Maybe it's in here and I missed it, or maybe you trap it some other way, but what stops me from uploading a .php file with malicious code in it and pointing my browser to it to execute the code? You normally only want certain filetypes available for upload. I could send a .php file with an exec statement in it and wipe your disc otherwise.

Posted: Tue Sep 30, 2003 11:13 am

That is a scarry thought.

Posted: Wed Oct 01, 2003 10:27 pm

good point.

and if you onliy allow certain extensions can't I upload it as a .jpg and still execute as a .jpg extension? Does the php engine look at the extension or the code and doesn't care about the extension?

And I'll try your code for testing - thanks!

Posted: Wed Oct 01, 2003 10:35 pm

doh!

found this a few minutes later...

http://trainsim.condor-edv.com/nuke-upload/index.html

It's getting late - I'll play with that tomorrow.

You know what would be nice? A centralized location of all php-nuke mods. ARGH!

Posted: Wed Oct 01, 2003 10:42 pm

Ok - now this is funny.

Notice who posted this on nukecops?

http://www.nukecops.com/article462.html

lol