Upload server

<?
$secret = "123";   // change this (password)

session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<title>UPLOAD V1.0</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256" />
<style type="text/css">

FONT             {FONT-FAMILY: ms sans serif; FONT-SIZE: 12px}
BODY             {FONT-FAMILY: ms sans serif;
                  FONT-SIZE: 12px;
                  background:#ffffff}
P                {FONT-FAMILY: ms sans serif; FONT-SIZE: 14px}
DIV              {FONT-FAMILY: ms sans serif; FONT-SIZE: 14px}

td {
   border: 2px solid #3646A7;
   border-right: 2px solid #3646A7;
   border-bottom: 2px solid #3646A7;
   background-color: #94C7F1;
   color: #3C0954;
   FONT-FAMILY: ms sans serif; FONT-SIZE: 14px
}
table {
   margin-left: auto;
   margin-right: auto;
}
form {
   padding: 0px;
   margin: 0px;
}
A:link       {color:#000000;
FONT-SIZE: 12px;
FONT-FAMILY: ms sans serif;text-decoration:none}
A:active     {color:#525293;
FONT-SIZE: 12px;
FONT-FAMILY: ms sans serif;text-decoration:none}
A:visited    {color:#525293;
FONT-SIZE: 12px;
FONT-FAMILY: ms sans serif;text-decoration:none}
A:hover      {color:#525293;
FONT-SIZE: 12px;
 FONT-FAMILY: ms sans serif;text-decoration:underline}
</style>

</head>

<body>


<p align="center"><a href="http://www.magtrb.com">
<img border="0" src="magtrblogo.gif" width="208" height="61"></a></p>
<?

if ($_GET['action'] == "logout") {
   session_destroy();
   unset ($_SESSION['secret']);
}

$path_name = pathinfo($_SERVER['PHP_SELF']);
$this_script = $path_name['basename'];
if ($_SESSION['secret'] !== $secret) {

   if ($_POST['secret'] == $secret) {
      $_SESSION['secret'] = $secret;
   }
   else {
      echo "<p align=\"center\"><b style=\"color: red\">Upload Control panel</b><br /></p><br />\n";
      echo "<form action=\"$PHP_SELF\" method=\"post\">   <p align=\"center\">\n";
      echo "<input name=\"secret\" type=\"password\" size=\"20\"><br>\n";
      echo "<input name=\"submit\" type=\"submit\" value=\"Enter\">\n";
      echo "</form>\n";
      exit;
   }
}

?>
<table width="680" cellspacing="0" cellpadding="0">
<tr><td class="transparent">

<?

$error = false;
$file  = false;


if (!$error && !function_exists("version_compare"))
{ echo ("<p class=\"error\">PHP version 4.1.0 is required for Upload to proceed. You have PHP ".phpversion()." installed. Sorry!</p>\n");
  $error=true;
}


if (!$error)
{ $upload_max_filesize=ini_get("upload_max_filesize");
  if (eregi("([0-9]+)K",$upload_max_filesize,$tempregs)) $upload_max_filesize=$tempregs[1]*1024;
  if (eregi("([0-9]+)M",$upload_max_filesize,$tempregs)) $upload_max_filesize=$tempregs[1]*1024*1024;
  if (eregi("([0-9]+)G",$upload_max_filesize,$tempregs)) $upload_max_filesize=$tempregs[1]*1024*1024*1024;
}


$upload_dir=dirname($_SERVER["SCRIPT_FILENAME"]);

if (!$error && isset($_REQUEST["uploadbutton"]))
{ if (is_uploaded_file($_FILES["dumpfile"]["tmp_name"]) && ($_FILES["dumpfile"]["error"])==0)
  {
    $uploaded_filename=str_replace(" ","_",$_FILES["dumpfile"]["name"]);
    $uploaded_filepath=str_replace("\\","/",$upload_dir."/".$uploaded_filename);
                         
    if (file_exists($uploaded_filename))
    { echo ("<p class=\"error\">File $uploaded_filename already exist! Delete and upload again!</p>\n");
     }
    else if (!@move_uploaded_file($_FILES["dumpfile"]["tmp_name"],$uploaded_filepath))
    { echo ("<p class=\"error\">Error moving uploaded file ".$_FILES["dumpfile"]["tmp_name"]." to the $uploaded_filepath</p>\n");
    echo ("<p>Check the directory permissions for $upload_dir (must be 777)!</p>\n");
    }
    else
    { echo ("<p class=\"success\">Uploaded file saved as $uploaded_filename</p>\n");
    }
  }
  else
  { echo ("<p class=\"error\">Error uploading file ".$_FILES["dumpfile"]["name"]."</p>\n");
 }
}



if (!$error && isset($_REQUEST["delete"]) && $_REQUEST["delete"]!=basename($_SERVER["SCRIPT_FILENAME"]))
{ if (@unlink(basename($_REQUEST["delete"])))
   echo ("<p class=\"success\">".$_REQUEST["delete"]." was removed successfully</p>\n");
  else
    echo ("<p class=\"error\">Can't remove ".$_REQUEST["delete"]."</p>\n");
}





if (!$error && !isset($_REQUEST["fn"]) && $filename=="")
{ if ($dirhandle = opendir($upload_dir))
  { $dirhead=false;
  $i = 0;
  $extype =array();

    while (false !== ($dirfile = readdir($dirhandle)))
    { //ÔÝ ĘÇŃíÎ ÇáŐćŃÉ ÇĐÇ áĺÇ ÇßËŃ ăä ÇÓČćÚ áÇ ĘÚŃÖĺÇ
     $filey = date ("Y", filemtime($dirfile));
     $filem = date ("m", filemtime($dirfile));
     $filed = date ("d", filemtime($dirfile));
     $todayy = date ("Y");
     $todaym = date ("m");
     $todayd = date ("d");

     if((($todayy == $filey )&& ($todaym == $filem )) || isset($_POST["exttype2"])){

      if (!eregi("\.php$",$dirfile) && !eregi("magtrblogo",$dirfile) && !eregi("error_log",$dirfile) && $dirfile != "." && $dirfile != ".." && $dirfile!=basename($_SERVER["SCRIPT_FILENAME"]))

      {
        $fileext = explode(".",$dirfile);
        $fileextnum =  count($fileext)-1;
        $extype[$i]= "$fileext[$fileextnum]";
        ++$i;


      if (!$dirhead)
        { echo ("<table cellspacing=\"2\" cellpadding=\"2\">\n");
        echo ("<tr><th><p align=\"center\">Filename</td><th><p align=\"center\">Size</td><th><p align=\"center\">Date&amp;Time</td><th><p align=\"center\">Type</td><th>&nbsp;</td><th>&nbsp;</td>\n");
            $dirhead=true;
        }
        $directory = "$php_self"."$dirfile";
        if ($exttype2 && $exttype2 !="allpic"){
        if ($fileext[$fileextnum]== "$exttype2"){
        echo ("<tr><td><p align=\"center\"><a target=\"_blank\" href=\"$directory\">$dirfile</a></td><td class=\"right\">".filesize($dirfile)."</td><td>".date ("Y-m-d H:i:s", filemtime($dirfile))."</td>");
          echo ("<td>$fileext[$fileextnum]</td>");
            // echo ("<td>&nbsp;</td>\n");
        echo ("<td><p align=\"center\"><a href=\"".$_SERVER["PHP_SELF"]."?action=dump&delete=$dirfile\">Delete</a></td></tr>\n");
    } } else {
     echo ("<tr><td><p align=\"center\"><a target=\"_blank\" href=\"$directory\">$dirfile</a></td><td class=\"right\">".filesize($dirfile)."</td><td>".date ("Y-m-d H:i:s", filemtime($dirfile))."</td>");
          echo ("<td>$fileext[$fileextnum]</td>");
            // echo ("<td>&nbsp;</td>\n");
        echo ("<td><p align=\"center\"><a href=\"".$_SERVER["PHP_SELF"]."?action=dump&delete=$dirfile\">Delete</a></td></tr>\n");
}
      }
     }
    }
    if ($dirhead) echo ("</table>\n");
   else echo ("<p>No uploaded files found in the working directory</p>\n");
    closedir($dirhandle);
  }
  else
  { echo ("<p class=\"error\">Error listing directory $upload_dir</p>\n");
    $error=$true;
  }
}


if (!$error && !isset($_REQUEST["fn"]) && $filename=="")
{


  do { $tempfilename=time().".tmp"; } while (file_exists($tempfilename));
  if (!($tempfile=@fopen($tempfilename,"w")))
  { echo ("<p>Upload form disabled. Permissions for the working directory <i>$upload_dir</i> <b>must be set to 777</b> in order ");
    echo ("to upload files from here. Alternatively you can upload your files via FTP.</p>\n");
  }
  else
  { fclose($tempfile);
    unlink ($tempfilename);

  echo ("<p align=\"center\">You can now upload your file up to $upload_max_filesize bytes (".round ($upload_max_filesize/1024/1024)." Mbytes)  ");
    echo ("directly from your browser to the server. Alternatively you can upload your files of any size via FTP.</p>\n");
?>
<form method="POST" action="<? echo '".$PHP_SELF."'; ?>" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="$upload_max_filesize">
<p align="center">File: <input type="file" name="dumpfile" accept="*/*" size="60"></p>
<p align="center"><input type="submit" name="uploadbutton" value="Upload"></p><br><br>
</form>
<?
echo "<form action=\"$PHP_SELF\" method=\"post\">
    <p dir=\"ltr\" align=\"center\">
  <span lang=\"ar-sa\">&nbsp; browse ext :</span>&nbsp;&nbsp;
  <select size=\"1\" dir=\"ltr\" value=\"$exttype2\" name=\"exttype2\">";
  echo"<option value=\"allpic\" selected>All</option>";   
$extype = array_unique($extype);
   Magtrb($extype);
 echo" </select><br>
  <input name=\"submit\" type=\"submit\" value=\"browse\"></p>
  </form><br />";
  }
}



if ($file && !$gzipmode) fclose($file);
else if ($file && $gzipmode) gzclose($file);

function Magtrb($x){
if (!empty($x))
{
   foreach ($x AS $_key)
   {
   echo"<option>$_key</option>";   
   }
}
}

?>
</td></tr></table>
<div style="color: #999999; font-size: 7pt;"> <p align="center">
[ <a href="<?PHP echo $this_script; ?>">Home</a> ] - [ <a href="http://www.hotscripts.com/">Hotscripts</a> ]-[ <a href="http://www.magtrb.com" target="_blank">Magtrb Soft</a> ]-[ <a href="<?PHP echo $this_script; ?>?action=logout">Exit</a> ]
</div>
</body>
</html>

<?php
$MAX_SIZE = 2000000;
                           
$FILE_EXTS  = array('.zip','.rar','.exe','.gif','.doc');

$DELETABLE  = true;                               


$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

if (!is_dir("files")) {
  if (!mkdir($upload_dir))
     die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
     die ("change permission to 755 failed.");
}

if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
 
  if (strpos($_REQUEST[del],"/.")>0);                 
  else if (strpos($_REQUEST[del],$upload_dir) === false);
  else if (substr($_REQUEST[del],0,6)==$upload_dir) {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

  $file_type = $_FILES['userfile']['type'];
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  if ( $_FILES['userfile']['size'] > $MAX_SIZE)
     $message = "The file size is over 2MB.";
  else if (!in_array($file_ext, $FILE_EXTS))
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);
 
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else
   $message = "Invalid File Specified.";

$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a> - URL: <b>$upload_url$file</b>";
      if ($DELETABLE)
       
      $filelist .= " Added at  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."";
$filelist .= " <a style='text-decoration:none; font-weight:bold'  href='?del=$upload_dir".urlencode($file)."' title='delete'>x</a>";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

   $temp_name = $_FILES['userfile']['tmp_name'];
   $file_name = $_FILES['userfile']['name'];
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
   $file_path = $upload_dir.$file_name;

   if ( $file_name =="") {
     $message = "Invalid File Name Specified";
     return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
      $message = "change permission to 777 failed.";
  else
    $message = ($result)?"$file_name was uploaded successfully." :
              "Something is wrong with uploading the file.";
  return $message;
}

?>


<html>
<head>
<title>Mr-mobil uploader</title>
<link rel=stylesheet href=style.css>
</head>
<body>
<br><br>
<center>
   <font color=red><?=$_REQUEST[message]?></font>
   <br>
   <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
     Upload File <input type="file" id="userfile" name="userfile">
     <input type="submit" name="upload" value="Upload">
   </form>
   
   <br><b><u>Uploaded files:</b></u><br><br>

   <?=$filelist?>
   </sup></small>
</center>

 

//tu si nadstavis FILEREPOSITORY, miesto kam sa ti budu na server ukladat nahrate subory
define("FILEREPOSITORY","/home/html/domena.sk/adresar-do-toreho-chces-ukladat");
if(is_uploaded_file($_FILES['meno-inputu-file']['tmp_name'])) {
//tu nadstvujes typ suboru, tu konkretne je nadstaveny obrazok jpg
  if($_FILES['meno-inputu-file']['type'] != "image/jpeg") {
    $vypiss = "Súbor musí byť obrázok jpeg.";
  }
  else {
  //vytvoris unikatny nazov
    $cas = time();
    $meno = md5($cas);
    $vysledok = move_uploaded_file($_FILES['meno-inputu-file']['tmp_name'],FILEREPOSITORY."/".$meno.".jpg");
    if($vysledok == 1) {
      $vypiss = "Súbor bol úspešne nahraný. Jeho adresa je cesta-k-adresaru/".$meno.".jpg";
    }
    else {
      $vypiss = "Súbor sa nepodarilo nahrať.";
    }
  }

}

if (isset($_FILES['fupload'])){
  // najprv si vypiseme nejake udaje o uploadovanom subore
  echo "
  <ul>
    <li><strong>Názov súboru: ".$_FILES['fupload']['name']."</strong></li>
    <li><strong>Veľkosť súboru: ".$_FILES['fupload']['size']." bajtov</strong></li>
    <li><strong>Dočasné umiestnenie: ".$_FILES['fupload']['tmp_name']."</strong></li>
    <li><strong>Typ: ".$_FILES['fupload']['type']."</strong></li>
  </ul>
  ";
  // premenne $nazov_suboru a $ciel maju za ulohu nastavit spravne parametre uploadovacej fcii
  $nazov_suboru = $_FILES['fupload']['tmp_name'];
  // nezabudni si v tom priecinku, kde mas tieto subory spravit dalsi
  // priecinok s nazvom "subory", alebo tu hodnotu premennej $ciel zmen
  $ciel = "subory/".$_FILES['fupload']['name'];
  // najdolezitejsia funkcia celeho skriptu
  if (move_uploaded_file($nazov_suboru, $ciel)) {
     echo "<a href="subory.php">späť</a>";
  } else {
    die ("
      <strong style="color: red;">Subor sa nedá uloziť</strong>
      <br><a href="subory.php">späť</a>
    ");
  }
}

<?php
// sem si daj nejake hlavicky tej stranky a podobne, co len chces, aby to
// pekne vyzeralo
?>
<form method="post" action="upload.php" enctype="multipart/form-data">
  <label for="fupload">Súbor</label>
  <input type="file" name="fupload" id="fupload">
  <br>
  <input type="submit" name="submit" value="Uložiť súbor na server">
</form>
<?php
// ideme vypisat obsah priecinku subory:
$adresar = opendir("subory"); // tu nastav spravny priecinok
echo "<ul>\n";
while(!is_bool($subor = readdir($adresar))){
  echo "<li>\n\t";
  if(is_dir("subory/$subor")){
     echo "(DIR)";
  }
  echo "<a href="subory/$subor">$subor</a>";
  echo "\n<li>\n";
}
echo "</ul>";
closedir($adresar);
?>