PHP Code:
<?php
/***********************************************
This is an upload script that works WITHOUT register_globals. My biggest
annoyance is when people assume register_globals is on. I couldn't find a
script that would work without them, so I wrote my own. It's really
not good programming technique to assume globals are on because the default is
off, and it allows for lots of security holes. This should work with ANY register_global
configuration of PHP 4.2.0 and above.
*************************************************/
$action = $_POST["action"];
$max_size = "1048576"; // Max size in BYTES (1MB)
echo "
<b>Uploader</b><br>
<form action='upload.php' method=post enctype='multipart/form-data'>
File (max size: $max_size bytes/".($max_size/1024)." kb):<br>
<!-- This is NOT a secure method of checking filesize, but it tells the user if he tried to upload a file too big before
he waits for the huge file to upload, make sure to check the filesize after the form is sent as well -->
<!-- <input type='hidden' name='MAX_FILE_SIZE' value='$max_size'> (removed because it wasn't working properly) -->
<input type='file' name='filename'><br>
<input type='hidden' name='action' value='upload'>
<input type='submit' value='Upload File'>
</form>";
if ($action == 'upload')
{
if ($_FILES["filename"]["size"] > $max_size) die ("<b>File too big! Try again...</b>");
copy($_FILES["filename"]["tmp_name"],"./".$_FILES["filename"]["name"]) or die("<b>Unknown error!</b>");
echo "<b>File Uploaded.</b>"; // for debug --> $filename --> ".$destination."/".$filename_name."</h2>";
}
?>
Comment