[PHP] File upload script

[imation2458]

I have a PHP file upload script working but i want to customize it slightly... Right now after upload it gives you this output to screen:

File Upload Successful!

Successfully Sent: mp3test.exe , a 214528 byte file with the extension type of application/octet-stream

I want it to give you the www url of the file you uploaded. So you could just click on a link given and it would take you right to the file. I dunno how to do this though. I hope someone can give me the php to do this. THanks

[imation2458]

any PHP experts?

[AshMan]

Can you post your script here?

[imation2458]

<?php

if ($img1_name != "") {
        
        @copy("$img1" , "/home/imation/public_html/upload/files/$img1_name")
               
                or die("Couldn't Upload Your File.");


} else {

       die("No File Specified");

}

?>

<HTML>
<HEAD>
<TITLE>File Upload Successful</TITLE>
</HEAD>

<BODY>

<H1>File Upload Successful!</H1>

<P>Successfully Sent: <?php echo "$img1_name"; ?> , a <?php echo "$img1_size"; ?> byte file with the extension type of <?php echo "$img1_type"; ?> </P>

</BODY>

</HTML>

[AshMan]

<?php

if ($img1_name != "") {
        
        @copy("$img1" , "/home/imation/public_html/upload/files/$img1_name")
               
                or die("Couldn't Upload Your File.");


} else {

       die("No File Specified");

}

?>

<HTML>
<HEAD>
<TITLE>File Upload Successful</TITLE>
</HEAD>

<BODY>

<H1>File Upload Successful!</H1>

<P>Successfully Sent: <?php echo "$img1_name"; ?> , a <?php echo "$img1_size"; ?> byte file with the extension type of <?php echo "$img1_type"; ?> </P>

&lt;A HREF="http://www.YOURSERVER.com/upload/files/<?=$img1_name ?&gt;" Target=_blank&gt;&lt;?=$img1_name ?&gt;&lt;/A&gt;

&lt;/BODY&gt;

&lt;/HTML&gt;

[Dessimat0r]

What kind of file upload script do you need? I made something called CollegeBast*rd while back that gives you a listing of uploaded files, and allows you upload and delete files, etc.

This is from when I didn't know that much about PHP ;)

<?php
set_time_limit(1000);
?>
<body text="#000000" link="#3366CC" vlink="#3333CC" alink="#3333CC">
<div align="left">
  <p align="center"><font size="5" face="Verdana, Arial, Helvetica, sans-serif">University<strong>****** 
    <font size="2">0.94b<br>
    The ****** that brings files from j00r home to college, and vice-versa!</font></strong></font></p>
  <p align="left"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"> 
    <?php

	function zonechange ($current, $target) {
	$current = +5 * $current;
	$zonedate = mktime(date('G'), date('i'), date('s'), date('n'), date('j'), date('Y'), 1) + (($current + $target) * 3600);
	return $zonedate;
	}
    
	$db = mysql_connect("localhost", "n/a", "n/a");
	if($db) {
  $db = mysql_select_db("college******", $db);
  if (($HTTP_GET_VARS['username']) && ($HTTP_GET_VARS['password'])) {
 	 $username = trim($HTTP_GET_VARS['username']);
 	 $password = trim($HTTP_GET_VARS['password']);
 	 if ($users = mysql_fetch_row(mysql_query("SELECT * FROM users WHERE username='$username' AND 

password='$password'"))) {
    ?>
     	 Welcome to College<strong>******</strong>, <?php echo $users[1] ?>.</font> 
      </p>
      </div>
    
<?php 
if (isset($HTTP_GET_VARS['delete'])) {
	$deleteid = $HTTP_GET_VARS['delete'];
	$delfilesql = mysql_query("SELECT * FROM files WHERE id='$deleteid'");
	if ($delfile = mysql_fetch_row($delfilesql)) {
  if ($delfile[5] == $users[0]) {
 	 echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The file has been 

verified to belong to you.</font></strong>';
 	 ?><BR /><?php
 	 $file = 'downloads/'.$username.'/'.$delfile[1];
 	 if (unlink($file)) {
    echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The file has 

been successfully deleted from the server.</font></strong>';	
 	 } else {
    echo '<strong><font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif">There was a 

problem in deleting the file from the server!</font></strong>';
 	 }
 	 ?><BR /><?php
 	 mysql_query("DELETE FROM files WHERE id=$deleteid");
 	 if (!mysql_result(mysql_query("SELECT * FROM files WHERE id='$deleteid'"),0)) {
    echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The file 

linkage was successfully deleted from the database.</font></strong>';
 	 } else {
    echo '<strong><font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif">The file linkage 

could not be removed from the database! It has possibly been deleted already.</font></strong>';
 	 }	
  } else {
 	 echo '<strong><font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif">You do not own this file, 

and so therefore you cannot delete it.</font></strong>';
  }
	} else {
  echo '<strong><font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif">This file does not exist in the 

database.</font></strong>';
	} 	 
} else if ($FrmBtn == 'Upload') {
	if ($file = $HTTP_POST_FILES['userfile']['name']) {
	echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The filename has been retrieved from 

the file that is going to be uploaded.</font></strong><BR />';
  if(is_dir('downloads/'.$username)) {
 	 echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The directory that the 

file will be moved to already exists.</font></strong><BR />';
  } else {
 	 echo '<strong><font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif">The directory that the 

file will be moved to does not exist! Attempting to create directory now.</font></strong><BR />';
 	 if (mkdir('downloads/'.$username)) {
    echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The directory 

was created successfully.</font></strong><BR />';
 	 }
  }
  if(is_dir('downloads/'.$username)) {
  echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The directory that the file 

will be moved to has been verified to exist.</font></strong><BR />';  
 	 if (!file_exists('downloads/'.$username.'/'.$file)) {
    echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The directory 

that the file will be moved to does not contain a file with the same name.</font></strong><BR />';
    if(is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {
   	 echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The 

file was uploaded to the temporary directory successfully.</font></strong><BR />';
   	 $filesize = $HTTP_POST_FILES['userfile']['size'];
   	 $max_id = mysql_result(mysql_query("SELECT MAX(id) FROM files"), 0)+1;
   	 if (copy($HTTP_POST_FILES['userfile']['tmp_name'],"downloads/".$username.'/'.$file)) {
      echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, 

sans-serif">The file was moved from the temporary directory to the final directory successfully.</font></strong><BR />';	
      $dateuploaded = date('d/m/Y');
      echo '<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="green"><b>The 

upload date was aqquired successfully : '.$dateuploaded.'.<BR />';
      $description = trim(nl2br(htmlspecialchars($description)));
      $path_parts = pathinfo($file);
      $extension = $path_parts["extension"];
      if (mysql_query("INSERT INTO files 

(id,name,extension,size,category,userid,description,dateuploaded) VALUES ('$max_id','$file','$extension', 

'$filesize','$category','$users[0]','$description','$dateuploaded')")) {
     	 echo '<font face="Verdana, Arial, Helvetica, sans-serif" size="2" 

color="green"><b>The file details were entered into the database correctly.<BR />';
     	 echo '<font face="Verdana, Arial, Helvetica, sans-serif" size="2" 

color="green"><b>The file was uploaded successfully. (/downloads/'.$username.'/'.$file.'</font></b>)';
      } else {
     	 echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, 

sans-serif">The details of the file could not be entered into the database.</font></strong>';
      }
   	 } else {
      echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, 

sans-serif">The file could not be moved from the temporary directory to the final directory.</font></strong>';
   	 }
    } else {
   	 echo '<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="red"><b>The file could 

not be uploaded for some reason.</font></b><BR />';
    }
 	 } else {
    echo '<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="red"><b>The file already 

exists on the server, or a different file under the same filename. Please rename the file to avoid the conflict, and then try 

again.</font></b>';  
 	 }
  } else {
 	 echo '<strong><font size="2" color="green" face="Verdana, Arial, Helvetica, sans-serif">The directory was 

created successfully.</font></strong>';
  }
	} else {
  echo '<font face="Verdana, Arial, Helvetica, sans-serif" size="2" color="red"><b>The filename could not be retrieved 

from the file that is going to be uploaded.</font></b>';  
	}
}

?>

<table width="100%" border="1" cellpadding="1" cellspacing="0" bordercolor="#FFFFFF">
  <tr align="center" bgcolor="#CCCCCC"> 
    <td width="10%" height="18" nowrap><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif">id 
      (<a href="?username=<?php echo $users[1] ?>&password=<?php echo $users[2] ?>&order=id&sort=
<?php
  if ($HTTP_GET_VARS['order'] == 'id') {
 	 if ($HTTP_GET_VARS['sort'] == 'ASC') {
      echo 'DESC';
 	 } else {
    echo 'ASC';
 	 }
  } else {
 	 echo 'ASC';
  }
  ?>">order by</a>) </font></strong></td>
    <td width="20%" height="18" nowrap bgcolor="#999999"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif">filename 
      (<a href="?username=<?php echo $users[1] ?>&password=<?php echo $users[2] ?>&order=name&sort=
<?php
  if ($HTTP_GET_VARS['order'] == 'name') {
 	 if ($HTTP_GET_VARS['sort'] == 'ASC') {
      echo 'DESC';
 	 } else {
    echo 'ASC';
 	 }
  } else {
 	 echo 'ASC';
  }
  ?>">order by</a>)</font></strong></td>
    <td width="20%" nowrap bgcolor="#CCCCCC"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif">description 
      (<a href="?username=<?php echo $users[1] ?>&password=<?php echo $users[2] ?>&order=description&sort=
<?php
  if ($HTTP_GET_VARS['order'] == 'description') {
 	 if ($HTTP_GET_VARS['sort'] == 'ASC') {
      echo 'DESC';
 	 } else {
    echo 'ASC';
 	 }
  } else {
 	 echo 'ASC';
  }
  ?>">order by</a>)</font></strong></td>
    <td width="10%" height="18" nowrap bgcolor="#999999"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif">extension 
      (<a href="?username=<?php echo $users[1] ?>&password=<?php echo $users[2] ?>&order=extension&sort=
<?php
  if ($HTTP_GET_VARS['order'] == 'extension') {
 	 if ($HTTP_GET_VARS['sort'] == 'ASC') {
      echo 'DESC';
 	 } else {
    echo 'ASC';
 	 }
  } else {
 	 echo 'ASC';
  }
  ?>">order by</a>)</font></strong></td>
    <td width="10%" height="18" nowrap bgcolor="#CCCCCC"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif">size 
      (<a href="?username=<?php echo $users[1] ?>&password=<?php echo $users[2] ?>&order=size&sort=
<?php
  if ($HTTP_GET_VARS['order'] == 'size') {
 	 if ($HTTP_GET_VARS['sort'] == 'ASC') {
      echo 'DESC';
 	 } else {
    echo 'ASC';
 	 }
  } else {
 	 echo 'ASC';
  }
  ?>">order by</a>)</font></strong></td>
    <td width="10%" height="18" nowrap bgcolor="#999999"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif">category 
      (<a href="?username=<?php echo $users[1] ?>&password=<?php echo $users[2] ?>&order=category&sort=
<?php
  if ($HTTP_GET_VARS['order'] == 'size') {
 	 if ($HTTP_GET_VARS['sort'] == 'ASC') {
      echo 'DESC';
 	 } else {
    echo 'ASC';
 	 }
  } else {
 	 echo 'ASC';
  }
  ?>">order by</a>)</font></strong></font></td>
	<td width="10%" nowrap bgcolor="#CCCCCC"><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><strong>upload 

date</strong></font></td>
  
    <td width="10%" nowrap bgcolor="#999999"><font size="2" face="Verdana, Arial, Helvetica, 

sans-serif"><strong>delete?</strong></font></td>
  </tr>
  <?php
    if ($HTTP_GET_VARS['order']) {
   	 $order = $HTTP_GET_VARS['order'];
    } else {
   	 $order = 'id';
    }
    
    if ($HTTP_GET_VARS['sort']) {
   	 $sort = $HTTP_GET_VARS['sort'];
    } else {
   	 $sort = 'ASC';
    }
   	 
    $sqlx = 'SELECT * FROM files WHERE userid='.$users[0].' ORDER BY '.$order.' '.$sort;
    $sql = mysql_query($sqlx);
    
    $sizecounter = 0;
  
    while ($files = mysql_fetch_row($sql)) {
   	 if (!$files[6]) {
      $files[6] = 'A description is not yet available.';
   	 }
   	 
   	 $catssql = mysql_query("SELECT * FROM categories WHERE id='$files[4]' ORDER BY id");
   	 $cats = mysql_fetch_row($catssql);
   	 if ($cats) {
      $files[4] = $cats[1];	
   	 } else {
      $files[4] = 'N/A';
   	 }
   	 
   	 if (!$files[7]) {
      $files[7] = 'N/A';
   	 }
   	 
   	 $sizecounter = ($sizecounter + $files[3]);
    
   	 $ext2 = array("B","KB","MB","GB","TB");
   	 while ($files[3] >= pow(1024,$j)) ++$j;
      $files[3] = round($files[3] / pow(1024,$j-1) * 100) / 100 . $ext2[$j-1];
   	 
   	 print <<<EOT
   	 <tr bgcolor="#CCCCCC" align="center"> 
   	 <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">$files[0]</font></td>
   	 <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif"><a 

href="downloads/$username/$files[1]"><b>$files[1]</b></a><BR /><font size="1">[<a href="downloads/$username/$files[1]?!">bypass 

proxy</a>]</BR>[ <a href="?username=$users[1]&password=$users[2]&modify=$files[0]&order=$order&sort=$sort">modify</a> 

]</font></font></td>
   	 <td align="left"><font size="1" face="Verdana, Arial, Helvetica, 

sans-serif">$files[6]</font></td>
   	 <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">$files[2]</font></td>
   	 <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">$files[3]</font></td>
   	 <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">$files[4]</font></td>
   	 <td><font size="2" face="Verdana, Arial, Helvetica, sans-serif">$files[7]</font></td>
   	 <td><font size="1" face="Verdana, Arial, Helvetica, sans-serif">[ <a 

href="?username=$users[1]&password=$users[2]&delete=$files[0]&order=$order&sort=$sort">Delete</a> ]</font></td>
   	 </tr>
EOT;
   	 $count++;
    }
    if (!$count) {
   	 ?>
  <tr bgcolor="#000000"> 
    <td colspan="8" align="center"><strong><font size="2" face="Verdana, Arial, Helvetica, sans-serif" color="#33FF00">** 
      No files uploaded yet. **</font></strong></td>
  </tr>
  <?php
    } else {
   	 $ext2 = array("B","KB","MB","GB","TB");
   	 while ($sizecounter >= pow(1024,$j)) ++$j;
      $sizecounter = round($sizecounter / pow(1024,$j-1) * 100) / 100 . $ext2[$j-1];
   	 ?>
   	 <font size="2" face="Verdana, Arial, Helvetica, sans-serif">You currently have <?php echo 

$sizecounter ?> of files stored.</font>
    <?php
    }
    ?>
  <tr bgcolor="#999999"> 
    <td height="17" colspan="8" align="right"><font color="#FFFFFF" size="1" face="Verdana, Arial, Helvetica, 

sans-serif">College<strong>******</strong> 
      <font color="#33FF00">>>></font></font></td>
  </tr>
</table>
    
&lt;form name="upload" enctype="multipart/form-data" method="post" action="index.php?username=<?php echo $users[1] ?&gt;&amp;password=&lt;?php echo 

$users[2] ?&gt;&amp;order=&lt;?php echo $order ?&gt;&amp;sort=&lt;?php echo $sort ?&gt;"&gt;
  &lt;table width="400" border="1" align="center" cellpadding="2" cellspacing="0" bordercolor="#3366CC"&gt;
    &lt;tr&gt; 
      &lt;td bgcolor="#3366CC"&gt; &lt;div align="center"&gt;&lt;font color="#FFFFFF" size="2" face="Verdana, Arial, Helvetica, 

sans-serif"&gt;&lt;strong&gt;Uploader&lt;/strong&gt;&lt;/font&gt;&lt;/div&gt;&lt;/td&gt;
    &lt;/tr&gt;
    &lt;tr&gt; 
      &lt;td bgcolor="#CCCCCC"&gt; &lt;p&gt;&lt;font size="2" face="Verdana, Arial, Helvetica, sans-serif"&gt;&lt;strong&gt;File 
          to upload:&lt;/strong&gt;&lt;br /&gt;
          &lt;input name="userfile" type="file" size="40" /&gt;
          &lt;br /&gt;
          &lt;br /&gt;
          &lt;strong&gt;Description:&lt;/strong&gt;&lt;br /&gt;
          &lt;textarea name="description" cols="40" rows="6" id="description"&gt;&lt;/textarea&gt;
          &lt;br /&gt;
          &lt;br /&gt;
          &lt;strong&gt;Category:&lt;/strong&gt;&lt;/font&gt;&lt;br /&gt;
    &lt;select name="category" id="category"&gt;
   	 &lt;?php
 	 $catssql = mysql_query("SELECT * FROM categories ORDER BY id");	
 	 while ($cats = mysql_fetch_row($catssql)) {
    if ($cats[0] == 0) {
   	 echo '&lt;option value="'.$cats[0].'" $selected&gt;['.$cats[0].'] - '.$cats[1].'&lt;/option&gt;';
    } else {
   	 echo '&lt;option value="'.$cats[0].'"&gt;['.$cats[0].'] - '.$cats[1].'&lt;/option&gt;';
    }	
 	 }
 	 ?&gt;
          &lt;/select&gt;
        &lt;/p&gt;
        &lt;p align="center"&gt; 
          &lt;input name="FrmBtn" type="submit" id="FrmBtn" value="Upload" /&gt;
        &lt;/p&gt;&lt;/td&gt;
    &lt;/tr&gt;
  &lt;/table&gt;
&lt;/form&gt;
  &lt;?php
 	 } else {
    echo '&lt;strong&gt;&lt;font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif"&gt;The username and 

password entered is invalid.&lt;/font&gt;&lt;/strong&gt;';
 	 }
  } else {
 	 echo '&lt;strong&gt;&lt;font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif"&gt;You did not specify a 

username and password!&lt;/font&gt;&lt;/strong&gt;';
  }   	 
	} else if(!$db) {
  echo '&lt;strong&gt;&lt;font size="2" color="red" face="Verdana, Arial, Helvetica, sans-serif"&gt;Could not connect to the MySQL 

database!&lt;/font&gt;&lt;/strong&gt;';
	}

?&gt;

[imation2458]

so all i need to do is use that php?

[AshMan]

Here's a good place to look:

http://www.hotscripts.com/PHP/...

I've learent a lot from this site by examining the script. I've also learned a lot from the advice from the experts here over the past few months.

[AshMan]

If you are allowing people to upload files, please consider programming an extensive login system because you never know, any one can abuse your server.

[imation2458]

WEll, heres what i am trying to do. I have a guest user name & pass in order to access upload privalges. But when you get access your able to also delete files. Is there anyway i can maybe add a admin user name that only has those "delete" prviagles? Thanks if you can tell me the code i neeed.

################## configurations ####################

# header & title of this file
$title = "File Upload Manager";

# individual file size limit - in bytes (102400 bytes = 100KB)
$file_size_ind = "1024000";

# the upload store directory (chmod 777)
$dir_store= "store";

# the images directory
$dir_img= "img";

# the style-sheet file to use (located in the "img" directory, excluding .css)
$style = "style-def";

# the file type extensions allowed to be uploaded
$file_ext_allow = array("gif","jpg","jpeg","png","txt","nfo","doc","rtf","htm","dmg","zip","rar","gz","exe");

# option to display the file list
# to enable/disable, enter '1' to ENABLE or '0' to DISABLE (without quotes)
$file_list_allow = 1;

# option to allow file deletion
# to enable/disable, enter '1' to ENABLE or '0' to DISABLE (without quotes)
$file_del_allow = 1;

# option to password-protect this script [-part1]
# to enable/disable, enter '1' to ENABLE or '0' to DISABLE (without quotes)
$auth_ReqPass = 1;

# option to password-protect this script [-part2]
# if "$auth_ReqPass" is enabled you must set the username and password
$auth_usern = "uploader";
$auth_passw = "upload";

################ end of configurations ###############


# DO NOT ALTER OR EDIT BELOW THIS LINE UNLESS YOU ARE AN ADVANCED PHP PROGRAMMER

?>
<?
if (@phpversion() < '4.1.0') {
    $_FILE = $HTTP_POST_FILES;
    $_GET = $HTTP_GET_VARS;
    $_POST = $HTTP_POST_VARS;
}
clearstatcache();
error_reporting(E_ALL & ~E_NOTICE);
$fum_vers = "1.3"; # do not edit this line, the script will not work!!!
$fum_info_full = "File Upload Manager v$fum_vers";

function authDo($auth_userToCheck, $auth_passToCheck) 
{
	global $auth_usern, $auth_passw;
	$auth_encodedPass = md5($auth_passw);

	if ($auth_userToCheck == $auth_usern && $auth_passToCheck == $auth_encodedPass) {
	$auth_check = TRUE;
	} else {
	$auth_check = FALSE;
	} 
	return $auth_check;
	}

	if (isset($logout)) {
	setcookie ('fum_user', "",time()-3600); 
	setcookie ('fum_pass', "",time()-3600);
	}
  
	if (isset($login)) {
	$auth_password_en = md5($auth_formPass); 
	$auth_username_en = $auth_formUser;

	if (authDo($auth_username_en, $auth_password_en)) { 
	setcookie ('fum_user', $auth_username_en,time()+3600); 
	setcookie ('fum_pass', $auth_password_en,time()+3600); 
	$auth_msg = "<b>Authentication successful!</b> The cookies have been set.<br><br>".
	$auth_msg . "Your password (MD5 encrypted) is: $auth_password_en";
	} else { 
	$auth_msg = "<b>Authentication error!</b>";
	}
}

if (($_GET[act]=="dl")&&$_GET[file]) 
{
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && isset($fum_user) && !isset($logout))) { 
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && authDo($fum_user, $fum_pass))) {

	$value_de=base64_decode($_GET[file]);
	$dl_full=$dir_store."/".$value_de;
	$dl_name=$value_de;

	if (!file_exists($dl_full))
	{ 
	echo"ERROR: Cannot download file, it does not exist.<br>?<a href=\"$_SERVER[PHP_SELF]\">back</a>";  
	exit();
	} 

	header("Content-Type: application/octet-stream");
	header("Content-Disposition: attachment; filename=$dl_name");
	header("Content-Length: ".filesize($dl_full));
	header("Accept-Ranges: bytes");
	header("Pragma: no-cache");
	header("Expires: 0");
	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
	header("Content-transfer-encoding: binary");
 	 
	@readfile($dl_full);

	exit();

	}
	}
}

function getlast($toget)
{
	$pos=strrpos($toget,".");
	$lastext=substr($toget,$pos+1);

	return $lastext;
}

function replace($o)
{
	$o=str_replace("/","",$o);
	$o=str_replace("\\","",$o);
	$o=str_replace(":","",$o);
	$o=str_replace("*","",$o);
	$o=str_replace("?","",$o);
	$o=str_replace("<","",$o);
	$o=str_replace(">","",$o);
	$o=str_replace("\"","",$o);
	$o=str_replace("|","",$o);

	return $o;
}

?>
<!-- <?=$fum_info_full?> -->

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><? echo ($title) ? ($title) : ("File Upload Manager"); ?></title>
<link rel="stylesheet" href="<?=$dir_img?>/<?=$style?>.css" type="text/css">
<?
	if ($auth_ReqPass == 1) 
	{ 
  if (isset($login) || isset($logout)) {
 	 echo("<meta http-equiv='refresh' content='2;url=$_SERVER[PHP_SELF]'>");
  }
	}
?>
</head>
<body bgcolor="#F7F7F7"><br><br>
<center>
<?	
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && isset($fum_user) && !isset($logout))) { 
	if ($auth_ReqPass != 1 || ($auth_ReqPass == 1 && authDo($fum_user, $fum_pass))) {
?>
<table width="560" cellspacing="0" cellpadding="0" border="0">
  <tr>
    <td><font size="3"><b><i><? echo ($title) ? ($title) : ("File Upload Manager"); ?></i></b></font> <font style="text-decoration: bold; font-size: 9px;">v<?=$fum_vers?></font> 
<? 
	#--Please do not remove my link/copyright as it is unfair and a breach of the license--#
	echo"<a href=\"http://www.mtnpeak.net\" style=\"text-decoration: none; color: #C0C0C0; font-size: 9px; cursor: default\";>© thepeak</a>"; 
?>
    </td>
   </tr>
</table>
<?
	if (!eregi("777",decoct(fileperms($dir_store))))
	{
  echo"<br><br><b><h4><font color=\"FF0000\">ERROR: cannot access the upload store file directory. please chmod the \"$dir_store\" directory with value 0777 (xrw-xrw-xrw)!</h4></font></b><br>?<a href=\"$_SERVER[PHP_SELF]\">refresh</a>";
	}
	else
	{
  if (!$_FILES[fileupload])
  {
?>
<table width="560" cellspacing="0" cellpadding="0" border="0" class="table_decoration" style="padding-top:5px;padding-left=5px;padding-bottom:5px;padding-right:5px">
  <form method="post" enctype="multipart/form-data">
  <tr>
    <td>file:</td><td><input type="file" name="fileupload" class="textfield" size="30"></td>
  </tr>
  <tr>
    <td>rename to:</td><td><input type="text" name="rename" class="textfield" size="46"></td>
  </tr>
  <tr>
    <td>file types allowed:</td><td>
	<?
	for($i=0;$i<count($file_ext_allow);$i++)
	{
  if (($i<>count($file_ext_allow)-1))$commas=", ";else $commas="";
  list($key,$value)=each($file_ext_allow);
  echo $value.$commas;
	}
	?>
    </td>
  </tr>
  <tr>
    <td>file size limit:</td>
	<td>
  <b><?
 	 if ($file_size_ind >= 1048576) 
 	 {
    $file_size_ind_rnd = round(($file_size_ind/1024000),3) . " MB";
 	 } 
 	 elseif ($file_size_ind >= 1024) 
 	 {	
    $file_size_ind_rnd = round(($file_size_ind/1024),2) . " KB";
 	 } 
 	 elseif ($file_size_ind >= 0) 
 	 {
    $file_size_ind_rnd = $file_size_ind . " bytes";
 	 } 
 	 else 
 	 {
    $file_size_ind_rnd = "0 bytes";
 	 }
 	 
 	 echo "$file_size_ind_rnd";
  ?></b>
	</td>
  </tr>
  <tr>
    <td colspan="2"><input type="submit" value="upload" class="button"> <input type="reset" value="clear" class="button"></td>
  </tr>
  </form>
</table>
<?
  if ((!$_GET[act]||!$_GET[file])&&$_GET[act]!="delall")
  {
 	 $opendir = @opendir($dir_store);

 	 while ($readdir = @readdir($opendir))
 	 {
    if ($readdir<>"." && $readdir<>".." && $readdir != "index.html")
    {
   	 $filearr[] = $readdir;
    }
    $sort=array();
    for($i=1;$i<=count($filearr);$i++)
    {
   	 $key = sizeof($filearr)-$i;
   	 $file = $filearr[$key];

   	 $sort[$i]=$file;
    }
    asort($sort);
 	 }
?>
<br>
<table width="560" cellspacing="0" cellpadding="0" border="0" class="table_decoration" style="padding-left:5px">
  <tr>
    <td><b>admin tools:</b>
<? 
	if ($file_del_allow != 1 && $auth_ReqPass != 1)
	{
  echo"<i>none</i>";
	}

	if ($file_del_allow == 1 && $file_list_allow == 1 && (count($filearr) >= 1)) 
	{ 
  echo"<a href=\"javascript:;\" onClick=\"cf=confirm('Are you sure you want to delete ALL FILES?');if (cf)window.location='?act=delall'; return false;\" style=\"font-size: 9px;\"><delete all files></a>";
	}

	if ($auth_ReqPass == 1) 
	{ 
  echo" <a href=\"$_SERVER[PHP_SELF]?logout=1\" style=\"font-size: 9px;\"><log-out><a>";
	}
?>
    </td>
  </tr>
</table>
<br>
<?	
 	 if ($file_list_allow == 1 && (count($filearr) >= 1)) 
 	 {
?>
<table width="560" cellspacing="0" cellpadding="0" border="0" class="table_decoration" style="padding-left:6px">
  <tr bgcolor="#DBDBDB">
    <td align="left" width="46%">FILE NAME</td>
    <td align="center" width="12%">FILE TYPE</td>
    <td align="center" width="12%">FILE SIZE</td>
    <td align="center" width="30%">FUNCTIONS</td>
  </tr>
<?
    for($i=1;$i<=count($sort);$i++)
    {
   	 list($key,$value)=each($sort);

   	 if ($value)
   	 {
      $value_en = base64_encode($value);
      $value_view=$value;
      
     	 if (strlen($value) >= 48) 
     	 { 
        $value_view = substr($value_view, 0, 45) . '...';
     	 }
?>
<tr>
    <td width="30%"><?="<a href=\"?act=view&file=$value_en\">$value_view</a>"?></td>
    <td align="center" width="5%"><? echo strtoupper(getlast($value)); ?></td>
    <td align="center" width="5%"><?

   	 $value_full = $dir_store."/".$value;
   	 $file_size = filesize($value_full);
  
  if ($file_size >= 1048576) 
  {
 	 $show_filesize = number_format(($file_size / 1048576),2) . " MB";
  } 
  elseif ($file_size >= 1024) 
  {
 	 $show_filesize = number_format(($file_size / 1024),2) . " KB";
  } 
  elseif ($file_size >= 0) 
  {
 	 $show_filesize = $file_size . " bytes";
  } 
  else 
  {
 	 $show_filesize = "0 bytes";
  }

  echo "$show_filesize";
  
?></td>
    <td align="center" width="5%"><?="<a title=\"View File\" href=\"?act=view&file=$value_en\"><view></a>"?> | 
<?
	if ($file_del_allow == 1) 
	{ 
  echo"<a title=\"Download file\" href=\"?act=dl&file=$value_en\"><dl></a>";
  } 
	else 
	{ 
  echo"<a title=\"Download file\" href=\"?act=dl&file=$value_en\"><download></a>"; 
	} 

	if ($file_del_allow == 1) 
	{ 
  echo" | <a title=\"Delete file\" href=\"javascript:;\" onClick=\"cf=confirm('Are you sure you want to delete this file?');if (cf)window.location='?act=del&file=$value_en'; return false;\"><delete></a>";
	} 
	else 
	{ 
  echo" "; 
	} 
?>
    </td>
</tr>
<?
    }
    else
    {
   	 echo"<br>";
    }
    }
?>
</table></center>
<?
 	 }
  }
  elseif (($_GET[act]=="view")&&$_GET[file])
  {
 	 $value_de = base64_decode($_GET[file]);
 	 echo"&lt;script language=\"javascript\"&gt;\nViewPopup = window.open(\"$dir_store/$value_de"fum_viewfile\", \"toolbar=no,status=no,menubar=no,scrollbars=yes,resizable=yes,location=no,width=640,height=480\")\nViewPopup.document.bgColor=\"#F7F7F7\"\nViewPopup.document.close()\n</script>;";
 	 echo"&lt;br&gt;&lt;img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;file opened!&lt;/font&gt;&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;&lt;br&gt;&lt;br&gt;&lt;br&gt;If the file did not display, you must &lt;b&gt;disable&lt;/b&gt; your popup manager, or enable javascript in your browser.";
  }
  elseif (($_GET[act]=="del")&amp;&amp;$_GET[file])
  {
 	 $value_de = base64_decode($_GET[file]);
 	 @unlink($dir_store."/$value_de");
 	 echo"&lt;br&gt;&lt;img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;file has been deleted!&lt;/font&gt;&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;";
  }
  if ($_GET[act]=="delall")
  {
 	 $handle = opendir($dir_store);
 	 while($file=readdir($handle))
 	 if (($file != ".")&amp;&amp;($file != ".."))
 	 @unlink($dir_store."/".$file);
 	 closedir($handle);

 	 echo"&lt;br&gt;&lt;img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;all files have been deleted!&lt;/font&gt;&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;";
  }

	}
	else
	{
  echo"&lt;br&gt;&lt;br&gt;";
  $uploadpath=$dir_store."/";
  $source=$_FILES[fileupload][tmp_name];
  $fileupload_name=$_FILES[fileupload][name];
  $weight=$_FILES[fileupload][size];

  for($i=0;$i&lt;count($file_ext_allow);$i++)
  {
 	 if (getlast($fileupload_name)!=$file_ext_allow[$i])
    $test.="~~";
  }
  $exp=explode("~~",$test);

  if (count($exp)==(count($file_ext_allow)+1))
  {
 	 echo"&lt;br&gt;&lt;img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;ERROR: your file type is not allowed (".getlast($fileupload_name).")&lt;/font&gt;, or you didn't specify a file to upload.&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;";
  }
  else
  {

 	 if ($weight&gt;$file_size_ind)
 	 {
    echo"&lt;br&gt;&lt;img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;ERROR: please get the file size less than ".$file_size_ind." BYTES  (".round(($file_size_ind/1024),2)." KB)&lt;/font&gt;&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;";
 	 }
 	 else
 	 {

    foreach($_FILES[fileupload] as $key=&gt;$value)
    {
   	 echo"&lt;font color=\"#3399FF\"&gt;$key&lt;/font&gt; : $value &lt;br&gt;";
    }

    echo "&lt;br&gt;";

    $dest = ''; 

    if (($source != 'none') &amp;&amp; ($source != '' ))
    {
   	 $dest=$uploadpath.$fileupload_name;
   	 if ($dest != '')
   	 {
      if (file_exists($uploadpath.$fileupload_name))
      {
     	 echo"&lt;br&gt;&lt;img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;ERROR: that file has already been uploaded before, please choose another file&lt;/font&gt;&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;";
      }
      else
      {
     	 if (copy($source,$dest))
     	 {
        if ($_POST[rename])
        {
       	 $_POST[rename]=replace($_POST[rename]);
       	 $exfile=explode(".",$fileupload_name);
       	 
       	 if (@rename("$dir_store/$fileupload_name","$dir_store/$_POST[rename].".getlast($fileupload_name))) 
       	 {
          echo"&lt;br&gt;&lt;img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;file has been renamed to $_POST[rename].".getlast($fileupload_name)."!&lt;/font&gt;&lt;/b&gt;&lt;/font&gt;&lt;br&gt;";
       	 }
        }
        echo"&lt;br&gt;&lt;img src=\"$dir_img/info.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;file has been uploaded!&lt;/font&gt;&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;";
     	 }
     	 else
     	 {
        echo"&lt;br&gt;&lt;img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\"&gt; &lt;b&gt;&lt;font size=\"2\"&gt;ERROR: cannot upload, please chmod the dir to 777&lt;/font&gt;&lt;/b&gt;&lt;br&gt;?&lt;a href=\"$_SERVER[PHP_SELF]\"&gt;back&lt;/a&gt;";
     	 }
      }
   	 }
    }
 	 }
  }
	}
}

#/# end of main script, start authentication code IF user not logged in IF $auth_ReqPass is enabled

	} 
	else 
	{
  echo("&lt;p&gt;&lt;img src=\"$dir_img/error.gif\" width=\"15\" height=\"15\"&gt; Authentication error&lt;/p&gt;" .
"&lt;p&gt;&lt;a href='$_SERVER[PHP_SELF]?logout=1'&gt;Delete cookies and login again&lt;a&gt;&lt;/p&gt;");
	}
	} 
	else 
	{

	if (!isset($login) || isset($relogin)) {
?&gt;
&lt;font size="3"&gt;&lt;b&gt;&lt;i&gt;&lt;? echo ($title) ? ($title) : ("File Upload Manager"); ?&gt;&lt;/i&gt; - Authentication&lt;/b&gt;&lt;/font&gt;&lt;br&gt;&lt;br&gt;
&lt;table class="table_auth"&gt;&lt;tr&gt;&lt;td&gt;&lt;center&gt;
Please enter the username and password to enter the restricted area.&lt;br&gt;
You must have cookies enabled in your browser to continue.
&lt;/center&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;form action="&lt;?=$_SERVER[PHP_SELF]?&gt;?login=1" method="POST"&gt;&lt;p&gt;
Username: &lt;input type="text" name="auth_formUser" size="20"&gt;&lt;br&gt;
Password: &lt;input type="password" name="auth_formPass" size="20"&gt;
&lt;p&gt;&lt;input type="submit" name="submit" class="button" value="Log-In"&gt;&lt;/p&gt;
&lt;/form&gt;&lt;/center&gt;
&lt;?
	} 
	elseif (isset($login)) 
	{
  echo("&lt;p&gt;$auth_msg&lt;/p&gt;" . "&lt;p&gt;You'll be redirected in 2 seconds!&lt;/p&gt;");
	}
	}
?&gt;
&lt;/body&gt;
&lt;/html&gt;

[imation2458]

anyone have the PHP code to do this ^^^