can you please give a direct link to the upload.php file because the forum you want us to find the script is impossible to navigate. would be much appreciated

wow... very messy indeed

Liked your page and thought to say hi!

Liked your page and thought to say hi!

The main problem is the file extension checker in this. Some people usually put more than one dot in the file name, so that method will fail. You should do this:

$exten = end(explode('.',$string));

This one is way better, because it explodes your string where the last dot is.

Where are the scripts????

unlimitedupload . clanteam . com

Tell me If U want the codes

* manager

* uploader

* deleter

04:35 array array:)))

tHANKS for this video. however, I wanted to resize the image before it move in a permanent folder, please PM me how to do it.

tnx

what screen capture software you used?

lol. what language is he speakin'?

@moro116 Um..... English...

@W3Hut Nice accent ^^

is there a wildcard symbol? couldn't you put that on jpg so it recognizes it in caps and lowercse?

@FeedMEBabies You could use an array, but it depends on wether or not the function is checking for case sensative strings or not. There probably is a way to write less code but atleast this way you know it's checking both cases.

@W3Hut You could just use the PHP function: $exten = strtolower($exten);

That would change caps to lower case.

@davekofo Ultimately the more functions I use in these tutorials the less likely it is for a beginer to understand...

@FeedMEBabies

$filename = strtolower($_FILES["file"]["na­me"])?

Hello ! I am having problem in executing this code, Please can anybody share this code. I will be very thankful to you all.

Hello ! Please I need this code . I am having problem in executing that code. I will be very thankful to you for sharing that code too. Please do the need as soon as you can.

i cant find the files anywhere... i av checked byteforums. it is under what?

You would have to include a mysql statement to add a record of the file to a database. Then after this you can link comments to the id of the file. I am sure I can make a video on this. If you subscribe then you will be told when it is uploaded. ;-)

Very nice. I now have a upload part to my web page. But if I wanted to have a comment to go along with the file that is being uploaded how would I do this? You see i want members to be able to login then upload a picture and a comment to their own page. Do you know how this is done? I need help!

couldn't you use $_FILE['file']['type'] instead of exploding the name.

This is what I was thinking about as well...

Well, what he's doing is really unsafe!

What if i call my file: exploit.jpg.php ?? jpg will still be the second array element (at position 1). So, if you want a safe upload scripts, don't use this one.

TIPS:

- Use 'in_array' to check your extension. Make an array with $allowed+extension = Array() and check your file extention.

- You don't have to lower and uppercase check your extension. Just use 'strtolower' (or upper, just what you want.)

Well, to much others things can be improved...

@JordiFun You could aos do $MyArray[count($MyArray) - 1] and that will get the last element.

True, but since security is more an more important i don't think that a file extension check only is not safe enough. I'd use the extension and mime type and combine those two.

@JordiFun Well if the file says it's a jpg it cannot be executed as anything but a jpg. If you rename a .exe to a .jpg on your pc it will try to open in a photo program.

Well, you'd think it's going that way. And i thought the same way before i read an security blog post somewhere talking about exploits in upload scripts. It had something todo with using %00 in the file name. With that thing you were able to 'trick' an upload script by telling its als .jpg, but that file simply contained PHP. I never tried it, but i assume it's possible.

Just googled it (Its a dutch website) and the %00 characters have the value of NULL. So PHP may cut it off the string.

@JordiFun Usually I would work on the last piece of the array but to simplify this I chose to use the second piece I see the danger in this and our right to think so,

However this is one of the MOST secure ways of limiting the file extension. However you can provide a more secure way using a combination of all of the methods.

And in fact the most insecure way of checking the file extension is using the MIME type as you an easily fool PHP into believing you are using an allowed extension.

If you read again you see i was talking about a combination of those two (extension and mime type). While showing your file via another PHP script, you can force it to a mimme type via the headers.

And still, checking the string is NOT 100% safe. Just again: Read about the (%00) null byte. Other security issues are also occurring while using the 'string extension only check'.

//Deleted and reposted; type mistake.

@JordiFun Actually it's not, the scrip renames the file and deletes everything after the specified extension so no opportunity for exploits here...

By the way I would love that script, it's the most straight forward php file upload validation I've seen, clever stuff!