Custom uploader Custom uploader
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Custom uploader

Started by MDxRacing, November 10, 2005, 08:07:14 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

MDxRacing

Im Not Sure If This Will Help Or If This Is A Securety Problem, But I Needed An Uploader That Would Upload Pic To Users Folders With Out It Being In The Data Base.
Nother Words When You Finished Your Upload You Only Had A Pic As Your zip/rar File To Click On To Download .
Not 2 Pics Of Your zip/rar And The Pic You Uploaded With It.

Now Im Running 1.32 Version And I Renamed The upload.php To Upload1.php This Is To Keep A Copy Of It Only.
Then I Ftp 1.2 Version upload.php In To Root.

And Added These Files.
1. Add To Your albums/userpics  Directory And Name It The Same As Your Users Folder Exmaple : user folder 10001  Name File 10001.php Yes Do Need To Make This Up For All Users.

Change This To user Folder Name
$upload_dir = "10001/";
 
And Change This To Your url
                echo "File (<a href=\"$upload_dir$file_name\">$file_name</a>) uploaded! <br>»<a href=\"http://yoururl/upload.php\">Click Here And Go Upload Your zip/rar file</a>";

And This  10001
     echo "<meta http-equiv=Refresh content=1;url=10001.php>";



<!doctype html public "-//w3c//dtd html 4.01 transitional//en">
<html>
<head>
<meta http-equiv="content-language" content="en-us">
<meta http-equiv="content-type" content="text/html; charset=windows-1256">
<title></title>
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<script language="JavaScript" type="text/javascript">
<!-- ;
var newwindow;
var wheight = 0, wwidth = 0;
function popimg(url, title, iwidth, iheight, colour) {
var pwidth, pheight;

if ( !newwindow || newwindow.closed ) {
pwidth=iwidth+30;
pheight=iheight+30;
newwindow=window.open('','htmlname','width=' + pwidth +',height=' +pheight + ',resizable=1,top=50,left=10');
wheight=iheight;
wwidth=iwidth;
}

if (wheight!=iheight || wwidth!=iwidth ) {
pwidth=iwidth+30;
pheight=iheight+60;
newwindow.resizeTo(pwidth, pheight);
wheight=iheight;
wwidth=iwidth;
}

newwindow.document.clear();
newwindow.focus();
newwindow.document.writeln('<html> <head> <title>' + title + '<\/title> <\/head> <body bgcolor= \"' + colour + '\"> <center>');
newwindow.document.writeln('<a title="Hit to close!" href="javascript:window.close();"><img src=' + url + ' border=0></a>');
newwindow.document.writeln('<\/center> <\/body> <\/html>');
newwindow.document.close();
newwindow.focus();
}


function tidy5() {
if (newwindow && !newwindow.closed) { newwindow.close(); }
}

</script>

<body bgcolor="#00000" text="#fffff" leftmargin="20" topmargin="10" marginwidth="10" marginheight="10">

<?php

   $upload_dir = "10001/";   
   $size_bytes = 512000;
   $extlimit = "yes";
   $limitedext = array(".gif",".jpg",".png",".jpeg");
   if (!is_dir("$upload_dir")) {
      die ("Error: The directory <b>($upload_dir)</b> doesn't exist");
   }
   if (!is_writeable("$upload_dir")){
      die ("Error: The directory <b>($upload_dir)</b> is NOT writable, Please CHMOD (777)");
   }

   if(isset($_POST['uploadform'])){

           $file_tmp = $_FILES['filetoupload']['tmp_name'];
           $file_name = $_FILES['filetoupload']['name'];
           $file_size = $_FILES['filetoupload']['size'];
           
           if (!is_uploaded_file($file_tmp)){
           echo "Error: Please select a file to upload!. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
           exit(); //exit the script and don't do anything else.
           }


           if ($file_size > $size_bytes){
              echo "Error: File Too Large. File must be <b>". $size_bytes / 1024 ."</b> KB. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
              exit();
           }
           $ext = strrchr($file_name,'.');
           if (($extlimit == "yes") && (!in_array(strtolower($ext),$limitedext))) {
              echo("Error: Wrong file extension. ");
              exit();
           }


           if(file_exists($upload_dir.$file_name)){
              echo "Oops! The file named <b>$file_name</b> already exists. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
              exit();
           }

           $file_name = str_replace(' ', '_', $file_name);
           if (move_uploaded_file($file_tmp,$upload_dir.$file_name)) {
                 echo "File (<a href=\"$upload_dir$file_name\">$file_name</a>) uploaded! <br>»<a href=\"http://yoururl/upload.php\">Click Here And Go Upload Your zip/rar file</a>";
                 exit();
           }else{
                 echo "There was a problem moving your file. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
                 exit();
           }

   }else{

        for($i=0;$i<count($limitedext);$i++){
       if (($i<>count($limitedext)-1))$commas=", ";else $commas="";
      list($key,$value)=each($limitedext);
      $all_ext .= $value.$commas;
   }
 
        echo "<center><br><h3>Upload You Picture Only Here</h3>"
            ." Allowed Extensions: $all_ext</b> <br>"
            ." <font color=red>YOU MUST RENAME YOUR PICTURE TO</b> <br>"
            ."<h2>thumb_yourfilename.jpg<font color=white></h2>"
            ."<form method=\"post\" enctype=\"multipart/form-data\" action=\"$PHP_SELF\">"
            ."<input type=\"file\" name=\"filetoupload\"><br>"
            ."<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"$size_bytes\"><br>"
            ."<input type=\"Submit\" name=\"uploadform\" value=\"Upload File\">"
            ."</form>";
   }

   function del(){
      global $upload_dir, $file;

      @unlink($upload_dir."/$file");
      echo"<h3><font color=red>The File ($file) was deleted! <br> Please wait...</font></h3>";
      echo "<meta http-equiv=Refresh content=1;url=10001.php>";
   }

   if ( $action == del ){
       del();
   }



echo "<br><hr><center><b>This Is Your Directory Only</b><br>The Way You Use It Is , Upload You Track Pic Only But You Need To Rename It  thumb_yourpicname.jpg </center><br>";


clearstatcache();

echo "</tr>
      </table>";
echo"<p align=\"right\">

</body>
</html>";



-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Step 2:/File 2

Add This File To Your Root Directory

And Change This <?php include('http://yoururl.com/albums/userpics/10001.php');?>To your url and The Users Folder Name


Then Name File the same as users folder and member name 10001tomsmith.php
----------------------------------------------------------------------------------------------------------

<?php
// ------------------------------------------------------------------------- //
// Coppermine Photo Gallery 1.3.2                                            //
// ------------------------------------------------------------------------- //
// Copyright (C) 2002-2004 Gregory DEMAR                                     //
// http://www.chezgreg.net/coppermine/                                       //
// ------------------------------------------------------------------------- //
// Updated by the Coppermine Dev Team                                        //
// (http://coppermine.sf.net/team/)                                          //
// see /docs/credits.html for details                                        //
// ------------------------------------------------------------------------- //
// This program is free software; you can redistribute it and/or modify      //
// it under the terms of the GNU General Public License as published by      //
// the Free Software Foundation; either version 2 of the License, or         //
// (at your option) any later version.                                       //
// ------------------------------------------------------------------------- //
// CVS version: $Id: upload.php,v 1.9 2004/07/28 08:25:25 gaugau Exp $
// ------------------------------------------------------------------------- //

// Confirm we are in Coppermine and set the language blocks.
define('IN_COPPERMINE', true);
define('UPLOAD_PHP', true);
define('DB_INPUT_PHP', true);
define('CONFIG_PHP', true);

// Call basic functions, etc.
require('include/init.inc.php');

// Some placeholders.
$customize = CUSTOMIZE_UPLOAD_FORM;
$user_form = USER_UPLOAD_FORM;
$allowed_URI_boxes = NUM_URI_BOXES;
$allowed_file_boxes = NUM_FILE_BOXES;

// Check to see if user can upload pictures.  Quit with an error if he cannot.
if (!USER_CAN_UPLOAD_PICTURES) {
    cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__);
}


    ob_end_flush();

?>
<?php include('http://yoururl.com/albums/userpics/10001.php');?>



-----------------------------------------------------------------------------------------------------------------------------------------------------


Recap:
10001.php goes in albums/userpis directory
10001tomsmith.php goes in gallery root directory

You will need to email http://yoururl.com/10001tomsmith.php link to your member Tom Smith for pic uploads only

Yes I Know There Must Be An Easyer Way , But I Dont Know What It Is. The Top Script I Didnt Right , It Is A Script I Got Somewhere A Few Years Back So I Take No Credit For It.

Take The .txt Off The Attached Files