This repository has been archived by the owner on Dec 9, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathupload.php
56 lines (56 loc) · 2.72 KB
/
upload.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<!DOCTYPE html>
<html><head>
<meta charset="UTF-8">
<title>Upload de fichier</title>
<style type="text/css">
<!-- body { font-family: "Trebuchet MS",Verdana,Arial,Helvetica,sans-serif; font-size: 10pt; background-color: #eee;} -->
</style>
</head>
<body>
<?php
// A simple, minimalist, personal file/image hosting script. - version 0.5
// Only you can upload a file or image, using the password ($PASSWORD).
// Anyone can see the images or download the files.
// Files are stored in a subdirectory (see $SUBDIR).
// This script is public domain.
// Source: http://sebsauvage.net/wiki/doku.php?id=php:imagehosting
$mdp_file = fopen('mdp.txt', 'r') or die("Cannot open the password file");
$PASSWORD=trim(fgets($mdp_file));
fclose($mdp_file);
$SUBDIR='files'; // subdirectory where to store files and images.
if (!is_dir($SUBDIR)) {
mkdir($SUBDIR,0705); chmod($SUBDIR,0705);
$h = fopen($SUBDIR.'/.htaccess', 'w') or die("Can't create .htaccess file.");
fwrite($h,"Options -ExecCGI\nAddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi");
fclose($h);
$h = fopen($SUBDIR.'/index.html', 'w') or die("Can't create index.html file.");
fwrite($h,'<html><head><meta http-equiv="refresh" content="0;url='.$_SERVER["SCRIPT_NAME"].'"></head><body></body></html>');
fclose($h);
}
$scriptname = basename($_SERVER["SCRIPT_NAME"]);
if (isset($_FILES['filetoupload']) && isset($_POST['password'])) {
sleep(3); // Reduce brute-force attack effectiveness.
if ($_POST['password']!=$PASSWORD) { print 'Wrong password.'; exit(); }
$filename = $SUBDIR.'/'.basename( $_FILES['filetoupload']['name']);
if (file_exists($filename)) { print 'This file already exists.'; exit(); }
if(move_uploaded_file($_FILES['filetoupload']['tmp_name'], $filename)) {
$serverport=''; if ($_SERVER["SERVER_PORT"]!='80') { $serverport=':'.$_SERVER["SERVER_PORT"]; }
$fileurl='http://'.$_SERVER["SERVER_NAME"].$serverport.dirname($_SERVER["SCRIPT_NAME"]).'/'.$SUBDIR.'/'.basename($_FILES['filetoupload']['name']);
echo 'The file/image was uploaded to <a href="'.$fileurl.'">'.$fileurl.'</a>';
}
else { echo "There was an error uploading the file, please try again !"; }
echo '<br><br><a href="'.$scriptname.'">Upload another file.</a>';
exit();
}
print <<<EOD
<form method="post" action="$scriptname" enctype="multipart/form-data">
File/image to upload: <input type="file" name="filetoupload"/>
<input type="hidden" name="MAX_FILE_SIZE" value="256000000"/><br/>
Password: <input type="password" name="password"/><br/>
<input type="submit" value="Send"/>
</form>
<small>Self-hosting php script by <a href="http://sebsauvage.net/wiki/doku.php?id=php:filehosting">sebsauvage.net</a></small>
EOD;
?>
</body>
</html>