Problems With Upload Form

**clanffa** · 11-19-2006, 07:18 AM

I used your tutorial on the upload form and dide EXACTLY as it said.
When i tested it i got this in the email
Video Upload Details :
email : matthewmargulis******.com
name : TestPicture3213
upload:

The upload space was blank.
The webpage where the form is located is http://www.ffaproam.com/uploadform.html

I also tried turnin git into a .php but it still doesnt work
http://www.ffaproam.com/uploadform.php

http://www.ffaproam.com

**navaldesign** · 11-19-2006, 07:50 AM

Please post here the php script that you have used. No need to turn it to php. Only the script page needs to be php.

However, PLEASE DELETE from your thankyou page, the upload directory. If a hacker simply uploads a php file, instead of a picture, and then knows where it is, he can simply click on it and gain control of your site or simply mess it all up. I ALWAYS suggest that the upload directory name SHOULD NOT be the same as the one in the tutorial, i.e. "uploads" but anything else: "myuploads1234" or "upfiles" or "filesdir" or "125rfhbne58952db" or ANYTHING, but not the classic name in the tutorial. I also alwAys SUGGEST THAT AN INDEX PAGE, EVEN A BLANK ONE, IS PUBLISHED IN THAT FOLDER, TO PREVENT PEOPLE FROM BROWISING THIS FOLDER. yOU ARE DOING EXCACTLY THE OPPOSITE: YOU ARE INVITING HACKERS TO TAKE CONTROL OF YOUR SITE.

**clanffa** · 11-19-2006, 08:00 AM

<?php

// Receiving variables

@$email = addslashes($_POST['email']);
@$upload_Name = $_FILES['upload']['name'];
@$upload_Size = $_FILES['upload']['size'];
@$upload_Temp = $_FILES['upload']['tmp_name'];

// Validation for max file size

if ($upload_Size>0)
{
if( $upload_Size >200000000)
{
//delete file
unlink($upload_Temp);
header("Location: error.html");
exit;
}
$uploadFile = "uploads/".$upload_Name ;

@move_uploaded_file( $upload_Temp , $uploadFile);
chmod($uploadFile, 0644);
$upload_URL = "http://www.ffaproam.com/uploads/".$upload_Name ;
}

//Sending Email to form owner

$mailto = "jackshinta@ffaproam.com";
$mailsubj = "Video Upload";
$mailhead = "From: $email\n";
reset ($HTTP_POST_VARS);
$mailbody = "Video Upload Details :\n";
while (list ($key, $val) = each ($HTTP_POST_VARS))
{
if ($key!="submit")
{
$mailbody .= "$key : $val\n";
}
}
$mailbody .= "upload: $upload_URL\n";
mail($mailto, $mailsubj, $mailbody, $mailhead);

header("Location: thankyou_page.html");

?>

there's the php script

**clanffa** · 11-19-2006, 08:13 AM

God I just dont know what to do about this!

Thread: Problems With Upload Form

LinkBack

Thread Tools

Problems With Upload Form

Re: Problems With Upload Form

Re: Problems With Upload Form

Re: Problems With Upload Form

Thread Information

Users Browsing this Thread

Posting Permissions