Jas
11-07-2007, 05:39 PM
(Don't know if this is the right place for this, but. . . )
At long last, here is my version of FTP Uploading with PHP.
FEATURES: Uploads content, saves info in a table, zip's EXE files, uploads only filetypes you deem safe, simple anti-overwrite feature . . .
TO SET UP:
FILE: form.php
CONTENTS:
<?php
function showform(){
if($_GET['error'] == 1){
$error = '<h3><u>ERROR:</u> You must put a title.</h3>';
}elseif($_GET['error'] == 2){
$error = '<h3><u>ERROR:</u> That file format is not supported.</h3>';
}elseif($_GET['error'] == 3){
$error = '<h3><u>ERROR:</u> Your file failed to load.</h3>';
}elseif($_GET['error'] == 'x'){
$error = '<h3><u>UPLOAD:</u> Your file has been uploaded to the server.</h3>';
}
print " <html>
<head>
<style type='text/css'>
body{
text-align: center;
}div#left, div#right{
float: left;
width: 300px;
height: 300px;
}div#base{
float: left;
width: 600px;
border-style: solid;
border-color: #000000;
border-width: 1 0 1 0;
text-align: center;
}p{
text-align: justify;
text-indent: 30px;
margin: 0;
}div#terms{
width: 600px;
margin-right: auto;
margin-left: auto;
}div#form{ width: 600px; display: none; text-align: left; margin: auto; }
</style>
<script type='text/javascript'>
<!--
function agree(){
document.getElementById('terms').style.display = 'none';
document.getElementById('form').style.display = 'block';
}
//-->
</script>
</head>
<body>
<div id='terms'>
<!--========================================//-->
<div style='width:600px; margin:auto; font-size:1px;'>$error</div>
<h2><p style='text-align: center'>TERMS OF USE:</p></h2>
<hr></hr>
<p>YOUR TERMS OF USE GO HERE</p>
<p style='text-align: center'>I agree:<input type='radio' onclick=agree() name='1'>
I disagree:<input type='radio' onclick='javascript:history.back()' name='1'></p>
<!--========================================//-->
</div>
<div id='form'>
<form name='upload' enctype='multipart/form-data' action='upload.php' method='POST'>
<h2>Submit Information</h2>
<div id='left'>
File To Upload:<br>
<input type='file' name='up_file'><br>
Title:<br>
<input type='text' name='title'><br>
Description:<br>
<textarea name='discription'></textarea><br>
</div>
<div id='right'>
Notes:<br>
<textarea name='notes'></textarea><br>
Copyright:<br>
<input type='text' name='copyright'><br>
</div>
<div id='base'>
<input type='submit' name='Submit' value='Submit'>
<input type='reset' value='Reset'>
<input type=hidden name=box value=''>
</div>
</form>
</div>
Script by: Jason Mace 2007
</body>
</html>";
}
?>
FILE: upload.php
(NOTE THAT THIS IS THE FILE THAT SHOULD BE VIEWED)
CONTENTS:
<?php
$Connection = MySQL_Connect($host, $name, $pass) or die ('NO CONNECTION TO MySQL');
if (!MySQL_Select_db('Files')){
print 'Create DB: '. mysql_query('CREATE DATABASE Files');
print '<br>Select DB: '.MySQL_Select_db('Files');
print '<br>Create Table: '.
MySQL_query("CREATE TABLE files (
num SERIAL,
path VARCHAR(150),
title VARCHAR(100),
filetype VARCHAR(20),
disc VARCHAR(500),
provider VARCHAR(50),
notes VARCHAR(500),
copyright VARCHAR(150)
);");
}else{}
if ($_POST['Submit'] == 'Submit'){
if($_POST['title'] == ''){
header("Location: ./upload.php?error=1");
}else{
set_time_limit(0);
$conn_id = ftp_connect($host) or die("Couldn't connect");
$login_result = ftp_login($conn_id, $ftpName, $ftpPass) or die("ERROR IN FTP CONNECTION");
$theFile = $_FILES['up_file'];
$source = $theFile['tmp_name'];
$file_destination = $_FILES['up_file']['name'];
$allowedTYPES = array('JPEG','JPG','AVI','MPEG','WMV','PDF','DOC','DOCX','TXT','EXE','ZIP');
$filetype = pathinfo($_FILES['up_file']['name']);
$filetype = strtoupper($filetype['extension']);
if(array_search($filetype, $allowedTYPES)){
ftp_chdir($conn_id, "/information/");
ftp_chdir($conn_id, "upload");
$path = './information/upload/';
$i = 0;
while(is_file('./upload/'.$file_destination) == 1){
$file_destination = $i.$file_destination;
$i++;
}
$path2= '/upload/'.$file_destination;
$upload = ftp_put($conn_id, $file_destination, $source, FTP_BINARY);
if($filetype == 'EXE'){
$zip = new ZipArchive;
$res = $zip->open("./upload/$file_destination.zip", ZipArchive::CREATE);
if ($res === TRUE) {
$zip->addFile("./upload/$file_destination", $file_destination);
$zip->close();
unlink("./upload/$file_destination");
$path2 .= '.zip';
} else {
$upload = false;
}
}else{}
if($upload){
$title = $_POST['title'];
$disc = $_POST['discription'];
$provider = $_SESSION['username'];
$notes = $_POST['notes'];
$copyright = $_POST['copyright'];
MySQL_Query("INSERT INTO files VALUES(
NULL,
'$path2',
'$title',
'$filetype',
'$style',
'$disc',
'$sugrank',
'$provider',
'$notes',
'$copyright'
)");
header("Location: ./upload.php?error=x");
}else{ header("Location: ./upload.php?error=3"); }
}else{ header("Location: ./upload.php?error=2&filetype=$filetype");}
MySQL_Close($Connection);
ftp_close($conn_id);
}
} else {
showform();
}
?>
There is a little more work to set it up. These files should be in a folder called "information", and you need to create a folder inside "information" called "upload". Make sure that you have the PHP_zip option enabled in your ini file. The fastest way to do that is to click the wamp server quicklink on the taskbar>> PHP Settings >> Extensions >> PHP_zip. You will also need to download and set up an FTP Server as well. This is VERY easy to do. I am using FileZilla Server (http://filezilla-project.org/download.php?type=server). Lastly, you also need to put this line of code into your .htaccess file:
php_value upload_max_filesize 50M
This controls the max filesize your script will allow. Note that if you do not add this to your .htaccess, it will only DL things as big as JPEG files.
*All the things in red should be changed.
If you have any questions, feel free to post them. And, I did spend several months creating this, so an "Upload Script by Jason Mace" somewhere on the site would be great-- You don't have to, of course. . .
At long last, here is my version of FTP Uploading with PHP.
FEATURES: Uploads content, saves info in a table, zip's EXE files, uploads only filetypes you deem safe, simple anti-overwrite feature . . .
TO SET UP:
FILE: form.php
CONTENTS:
<?php
function showform(){
if($_GET['error'] == 1){
$error = '<h3><u>ERROR:</u> You must put a title.</h3>';
}elseif($_GET['error'] == 2){
$error = '<h3><u>ERROR:</u> That file format is not supported.</h3>';
}elseif($_GET['error'] == 3){
$error = '<h3><u>ERROR:</u> Your file failed to load.</h3>';
}elseif($_GET['error'] == 'x'){
$error = '<h3><u>UPLOAD:</u> Your file has been uploaded to the server.</h3>';
}
print " <html>
<head>
<style type='text/css'>
body{
text-align: center;
}div#left, div#right{
float: left;
width: 300px;
height: 300px;
}div#base{
float: left;
width: 600px;
border-style: solid;
border-color: #000000;
border-width: 1 0 1 0;
text-align: center;
}p{
text-align: justify;
text-indent: 30px;
margin: 0;
}div#terms{
width: 600px;
margin-right: auto;
margin-left: auto;
}div#form{ width: 600px; display: none; text-align: left; margin: auto; }
</style>
<script type='text/javascript'>
<!--
function agree(){
document.getElementById('terms').style.display = 'none';
document.getElementById('form').style.display = 'block';
}
//-->
</script>
</head>
<body>
<div id='terms'>
<!--========================================//-->
<div style='width:600px; margin:auto; font-size:1px;'>$error</div>
<h2><p style='text-align: center'>TERMS OF USE:</p></h2>
<hr></hr>
<p>YOUR TERMS OF USE GO HERE</p>
<p style='text-align: center'>I agree:<input type='radio' onclick=agree() name='1'>
I disagree:<input type='radio' onclick='javascript:history.back()' name='1'></p>
<!--========================================//-->
</div>
<div id='form'>
<form name='upload' enctype='multipart/form-data' action='upload.php' method='POST'>
<h2>Submit Information</h2>
<div id='left'>
File To Upload:<br>
<input type='file' name='up_file'><br>
Title:<br>
<input type='text' name='title'><br>
Description:<br>
<textarea name='discription'></textarea><br>
</div>
<div id='right'>
Notes:<br>
<textarea name='notes'></textarea><br>
Copyright:<br>
<input type='text' name='copyright'><br>
</div>
<div id='base'>
<input type='submit' name='Submit' value='Submit'>
<input type='reset' value='Reset'>
<input type=hidden name=box value=''>
</div>
</form>
</div>
Script by: Jason Mace 2007
</body>
</html>";
}
?>
FILE: upload.php
(NOTE THAT THIS IS THE FILE THAT SHOULD BE VIEWED)
CONTENTS:
<?php
$Connection = MySQL_Connect($host, $name, $pass) or die ('NO CONNECTION TO MySQL');
if (!MySQL_Select_db('Files')){
print 'Create DB: '. mysql_query('CREATE DATABASE Files');
print '<br>Select DB: '.MySQL_Select_db('Files');
print '<br>Create Table: '.
MySQL_query("CREATE TABLE files (
num SERIAL,
path VARCHAR(150),
title VARCHAR(100),
filetype VARCHAR(20),
disc VARCHAR(500),
provider VARCHAR(50),
notes VARCHAR(500),
copyright VARCHAR(150)
);");
}else{}
if ($_POST['Submit'] == 'Submit'){
if($_POST['title'] == ''){
header("Location: ./upload.php?error=1");
}else{
set_time_limit(0);
$conn_id = ftp_connect($host) or die("Couldn't connect");
$login_result = ftp_login($conn_id, $ftpName, $ftpPass) or die("ERROR IN FTP CONNECTION");
$theFile = $_FILES['up_file'];
$source = $theFile['tmp_name'];
$file_destination = $_FILES['up_file']['name'];
$allowedTYPES = array('JPEG','JPG','AVI','MPEG','WMV','PDF','DOC','DOCX','TXT','EXE','ZIP');
$filetype = pathinfo($_FILES['up_file']['name']);
$filetype = strtoupper($filetype['extension']);
if(array_search($filetype, $allowedTYPES)){
ftp_chdir($conn_id, "/information/");
ftp_chdir($conn_id, "upload");
$path = './information/upload/';
$i = 0;
while(is_file('./upload/'.$file_destination) == 1){
$file_destination = $i.$file_destination;
$i++;
}
$path2= '/upload/'.$file_destination;
$upload = ftp_put($conn_id, $file_destination, $source, FTP_BINARY);
if($filetype == 'EXE'){
$zip = new ZipArchive;
$res = $zip->open("./upload/$file_destination.zip", ZipArchive::CREATE);
if ($res === TRUE) {
$zip->addFile("./upload/$file_destination", $file_destination);
$zip->close();
unlink("./upload/$file_destination");
$path2 .= '.zip';
} else {
$upload = false;
}
}else{}
if($upload){
$title = $_POST['title'];
$disc = $_POST['discription'];
$provider = $_SESSION['username'];
$notes = $_POST['notes'];
$copyright = $_POST['copyright'];
MySQL_Query("INSERT INTO files VALUES(
NULL,
'$path2',
'$title',
'$filetype',
'$style',
'$disc',
'$sugrank',
'$provider',
'$notes',
'$copyright'
)");
header("Location: ./upload.php?error=x");
}else{ header("Location: ./upload.php?error=3"); }
}else{ header("Location: ./upload.php?error=2&filetype=$filetype");}
MySQL_Close($Connection);
ftp_close($conn_id);
}
} else {
showform();
}
?>
There is a little more work to set it up. These files should be in a folder called "information", and you need to create a folder inside "information" called "upload". Make sure that you have the PHP_zip option enabled in your ini file. The fastest way to do that is to click the wamp server quicklink on the taskbar>> PHP Settings >> Extensions >> PHP_zip. You will also need to download and set up an FTP Server as well. This is VERY easy to do. I am using FileZilla Server (http://filezilla-project.org/download.php?type=server). Lastly, you also need to put this line of code into your .htaccess file:
php_value upload_max_filesize 50M
This controls the max filesize your script will allow. Note that if you do not add this to your .htaccess, it will only DL things as big as JPEG files.
*All the things in red should be changed.
If you have any questions, feel free to post them. And, I did spend several months creating this, so an "Upload Script by Jason Mace" somewhere on the site would be great-- You don't have to, of course. . .