Cunoscator in php?

Resident22 · 11 Jul 2013, 12:30

Am un script de upload introdus intr-o pagina..Problema e ca nu reusesc sa-i pun la scriptul respectiv o restrictie in a urca fisiere php ,vorbesc de shelluri.

Ma poate ajuta cineva?

Scriptul arata cam asa:

Code: Select all

include("config.php");

function path_options()
{
 global $upload_dirs;
  $option = "";
  foreach ($upload_dirs as $path => $pinfo)
  {
    $option .= '<option value="'.$path.'">'.$pinfo["name"].'</option>';
  }
 return $option;
}

function check_vals()
{
 global $upload_dirs, $err;
	if (!ini_get("file_uploads")) { $err .= "HTTP file uploading is blocked in php configuration file (php.ini). Please, contact to server administrator."; return 0; }
	$pos = strpos(ini_get("disable_functions"), "move_uploaded_file");
	if ($pos !== false) { $err .= "PHP function move_uploaded_file is blocked in php configuration file (php.ini). Please, contact to server administrator."; return 0; }
  if (!isset($_POST["path"]) || (strlen($_POST["path"]) == 0)) { $err .= "Please fill out path"; return 0; }
  if (!isset($upload_dirs[$_POST["path"]])) { $err .= "Incorrect path"; return 0; }
  
 
  if (!isset($_FILES["userfile"])) { $err .= "Empty file"; return 0; }
  elseif (!is_uploaded_file($_FILES['userfile']['tmp_name'])) { $err .= "Empty file"; return 0; }
 return 1;
}

$err = ""; $status = 0;
if (isset($_POST["upload"])) {
  if (check_vals()) {
    if (filesize($_FILES["userfile"]["tmp_name"]) > $max_file_size) $err .= "Maximum file size limit: $max_file_size bytes";
    else {
      if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $upload_dirs[$_POST["path"]]["dir"].$_FILES["userfile"]["name"])) {
				$status = 1;
			}
         }
  }
}

if (!$status) {
  if (strlen($err) > 0) echo "<h4>$err</h4>";
}
else {
  echo "<h4>"".$_FILES["userfile"]["name"]."" was successfully uploaded.</h4>";
}
?>

Resident22 · 14 Jul 2013, 10:36

Topic sus.

squaremaster · 14 Jul 2013, 13:39

Ai nevoie ca acele fisiere sa fie stocate ? Sau Upload > Operatie > Delete ?

14 Jul 2013, 15:10

if (isset($_POST["upload"])) {
if (check_vals()) {
$fisier = pathinfo($_FILES["userfile"]["tmp_name"]);
if ($fisier['extension'] == 'php') $err .= "Nu sunt permise fisierele cu extensia php";
if (filesize($_FILES["userfile"]["tmp_name"]) > $max_file_size) $err .= "Maximum file size limit: $max_file_size bytes";
else {
if (move_uploaded_file($_FILES["userfile"]["tmp_name"], $upload_dirs[$_POST["path"]]["dir"].$_FILES["userfile"]["name"])) {
$status = 1;
}
}
}

Resident22 · 14 Jul 2013, 17:17

O sa incerc si revin cu verdictul.Multumesc.

Resident22 · 14 Jul 2013, 17:22

Nup,nu merge.

"fb.php" was successfully uploaded.

Haddaway · 14 Jul 2013, 23:32

functiile

Code: Select all

function check_vals()
{

nu trebuiau ceva de genu ?

Code: Select all

function check_vals($string)
{

din cate vad eu nu au ce verifica...

15 Jul 2013, 00:04

Am gresit eu fiindca nu e vorba de un fisier.
Inlocuieste ce am adaugat in rosu cu :

Code: Select all

if (preg_match('/\.php$/i', $_FILES["userfile"]["tmp_name"])) $err .= "Nu sunt permise fisierele cu extensia php";

Cunoscator in php?

Who is online