Hello, At one point in time I had a small php upload script on my site for users to upload files (images and movies). Someone got into the folder and created sub folders off of it. Basically I got hacked. I am looking for a way to have a very simple upload script that dumps all the files into one folder and is safe... Any ideas, I have seached the forums and came up with a lot of big freebie scripts, but thats not what I need.<br /><br />Thanks<!--content-->
<!--quoteo(post=155386:date=Nov 13 2005, 10:00 AM:name=airjunkie2000)--><div class='quotetop'>QUOTE(airjunkie2000 @ Nov 13 2005, 10:00 AM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=155386"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec-->Hello, At one point in time I had a small php upload script on my site for users to upload files (images and movies). Someone got into the folder and created sub folders off of it. Basically I got hacked. I am looking for a way to have a very simple upload script that dumps all the files into one folder and is safe... Any ideas, I have seached the forums and came up with a lot of big freebie scripts, but thats not what I need.<br /><br />Thanks<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />I don't know enough to judge the security of this script, but I've used it and I like it. There is probably some security info on the site:<br /><br /><a href="http://www.reducedcomplexity.com/php/index.php?rc=7&c=overview〈=en" target="_blank">http://www.reducedcomplexity.com/php/index...rview〈=en</a><!--content-->
So basically all the user will see is a input box for selecting the file and a submit button? All files then get put into a single folder. Any checks to be performed on the files or are all file types acceptable? Not a difficult script to throw together if thats all it does.<!--content-->
No, not all files are acceptable. I think there's a setup script, but it's really simple and you can go into the config.php file and define the file types you want it to check. One other thing I thought was cool was that there's a field for the user to name or rename the file. But if I could set it up, it's pretty easy. The docs on the site are good explaining everything, though once I figured out what it did, I did the download and install without needing them. I just can't remember the details now
<!--content-->
No I was asking <b>airjunkie2000</b> what they required from a script because as I said I doubt it would be that hard for me to throw something together.<!--content-->
<!--quoteo(post=155970:date=Nov 18 2005, 08:28 AM:name=carbonize)--><div class='quotetop'>QUOTE(carbonize @ Nov 18 2005, 08:28 AM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=155970"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec-->No I was asking <b>airjunkie2000</b> what they required from a script because as I said I doubt it would be that hard for me to throw something together.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br /><br />Hi Carbonize, thanks for the reply. Basically all I need to do is have a small script with one input box (browse button) and one submit button. Let the user browse his/her PC hard disk for items to upload and all the uploads are put in one folder.<br />I would like to limit the files to .jpg, .gif, .bmp, .wmv, .mpeg, .mpg, .avi (video and picture), but limiting the file types is not necessary.<br /><br />I have a script that does the simple upload to one folder, the problem is that someone got in there and made more directory structure off the folder and uploaded an executable file. Im not sure how to keep people in the one dedicated folder and keep them from hacking me, thats the issue.<br /><br />Any ideas, please let me know.<br />Thanks<!--content-->
Simple enough to do. Hell would probably only require about 10 lines of code if that.<!--content-->
You do want to limit the file types!<br />do not allow .php for example.<!--content-->
Well since they said only audio and video files it is simple enough to get the mime type and discard anything that is neither of these.<!--content-->
<!--quoteo(post=155386:date=Nov 13 2005, 10:00 AM:name=airjunkie2000)--><div class='quotetop'>QUOTE(airjunkie2000 @ Nov 13 2005, 10:00 AM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=155386"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec-->Hello, At one point in time I had a small php upload script on my site for users to upload files (images and movies). Someone got into the folder and created sub folders off of it. Basically I got hacked. I am looking for a way to have a very simple upload script that dumps all the files into one folder and is safe... Any ideas, I have seached the forums and came up with a lot of big freebie scripts, but thats not what I need.<br /><br />Thanks<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />I don't know enough to judge the security of this script, but I've used it and I like it. There is probably some security info on the site:<br /><br /><a href="http://www.reducedcomplexity.com/php/index.php?rc=7&c=overview〈=en" target="_blank">http://www.reducedcomplexity.com/php/index...rview〈=en</a><!--content-->
So basically all the user will see is a input box for selecting the file and a submit button? All files then get put into a single folder. Any checks to be performed on the files or are all file types acceptable? Not a difficult script to throw together if thats all it does.<!--content-->
No, not all files are acceptable. I think there's a setup script, but it's really simple and you can go into the config.php file and define the file types you want it to check. One other thing I thought was cool was that there's a field for the user to name or rename the file. But if I could set it up, it's pretty easy. The docs on the site are good explaining everything, though once I figured out what it did, I did the download and install without needing them. I just can't remember the details now
<!--content-->No I was asking <b>airjunkie2000</b> what they required from a script because as I said I doubt it would be that hard for me to throw something together.<!--content-->
<!--quoteo(post=155970:date=Nov 18 2005, 08:28 AM:name=carbonize)--><div class='quotetop'>QUOTE(carbonize @ Nov 18 2005, 08:28 AM) <a href="http://www.totalchoicehosting.com/forums/index.php?act=findpost&pid=155970"><img src='http://www.totalchoicehosting.com/forums/style_images/1/post_snapback.gif' alt='*' border='0' /></a></div><div class='quotemain'><!--quotec-->No I was asking <b>airjunkie2000</b> what they required from a script because as I said I doubt it would be that hard for me to throw something together.<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br /><br />Hi Carbonize, thanks for the reply. Basically all I need to do is have a small script with one input box (browse button) and one submit button. Let the user browse his/her PC hard disk for items to upload and all the uploads are put in one folder.<br />I would like to limit the files to .jpg, .gif, .bmp, .wmv, .mpeg, .mpg, .avi (video and picture), but limiting the file types is not necessary.<br /><br />I have a script that does the simple upload to one folder, the problem is that someone got in there and made more directory structure off the folder and uploaded an executable file. Im not sure how to keep people in the one dedicated folder and keep them from hacking me, thats the issue.<br /><br />Any ideas, please let me know.<br />Thanks<!--content-->
Simple enough to do. Hell would probably only require about 10 lines of code if that.<!--content-->
You do want to limit the file types!<br />do not allow .php for example.<!--content-->
Well since they said only audio and video files it is simple enough to get the mime type and discard anything that is neither of these.<!--content-->