Step 1
Firstly we need a form that can upload an image to save with PHP. This could be something like this:
<form action="./upload.php" method="post" enctype="multipart/form-data"> <p> <label for="file">Select a file:</label> <input type="file" name="userfile" id="file"> <br /> <button>Upload File</button> <p> </form>
On line one we tell the form to send the information to our PHP file (which we will create later) named upload.php, we then tell the form to send the information as "multipart/form-data", this is required to send files through the form. Then we create an input with type="file", this makes an input with the required buttons to select a file. Finally we add a button to submit the form.
Step 2
Now we can create our upload.php file. To start we'll check that the file upload is safe by setting a list of allowed filetypes and disallowing all other file uploads. This will prevent people from uploading malicious files. Then we will check the filesize to prevent large files from being uploaded.
<?php // Configuration - Your Options $allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation. $max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB). $upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory). $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension). $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename. // Check if the filetype is allowed, if not DIE and inform the user. if(!in_array($ext,$allowed_filetypes)) die('The file you attempted to upload is not allowed.'); // Now check the filesize, if it is too large then DIE and inform the user. if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize) die('The file you attempted to upload is too large.'); // Check if we can upload to the specified path, if not DIE and inform the user. if(!is_writable($upload_path)) die('You cannot upload to the specified directory, please CHMOD it to 777.'); // We'll start handling the upload in the next step ?>
It's worth noting, that by default PHP will not handle file uploads larger than 2MB, if you require PHP to handle larger files then you must first set upload_max_filesize and post_max_size in your php.ini file to be larger than 2MB.
Step 3
Now that we know we have a suitably small file of a safe filetype we can upload it to where we want it to go. Using the same file:
<?php // Configuration - Your Options $allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation. $max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB). $upload_path = './files/'; // The place the files will be uploaded to (currently a 'files' directory). $filename = $_FILES['userfile']['name']; // Get the name of the file (including file extension). $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename. // Check if the filetype is allowed, if not DIE and inform the user. if(!in_array($ext,$allowed_filetypes)) die('The file you attempted to upload is not allowed.'); // Now check the filesize, if it is too large then DIE and inform the user. if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize) die('The file you attempted to upload is too large.'); // Check if we can upload to the specified path, if not DIE and inform the user. if(!is_writable($upload_path)) die('You cannot upload to the specified directory, please CHMOD it to 777.'); // Upload the file to your specified path. if(move_uploaded_file($_FILES['userfile']['tmp_name'],$upload_path . $filename)) echo 'Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked. else echo 'There was an error during the file upload. Please try again.'; // It failed :(. ?>
There you have it! A safe and suitable upload script.
Step 4
For more information look through the Handling File Uploads section at php.net
2 comments:
This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
Email: onlineghosthacker247@ gmail .com
I Want to use this medium in appreciating hacking setting, after being ripped off my money,he helped me find my cheating lover whom i trusted alot and he helped me hack his WHATSAPP, GMAIL and kik and all other platforms and i got to know that he has being cheating on me, in less than 24 hours he helped me out with everything, hacking setting is trust worthy and affordable contact him on: hackingsetting50 at gmail dot com
Post a Comment