[HELP] HTTP upload

I wrote this script for http upload, i mean, files uploaded via http links. I want to integrate n my SMF 1.1rc3 probably 1.1 final.

So simple, have a look into this code.

Code:

<?
$defaultDest = "./upload";
$password = "";
$os = "1";
$submit="hah!";
echo "<form method=\"POST\" action=\"$PHP_SELF\">";
echo "<fieldset>\n<legend>http uploader</legend>\n";
echo "<label for=\"file\">File Url</label><br>";
echo "Example: http://bla.com/file.ext<br>";
echo "<input type=\"text\" name=\"file\" id=\"file\" tabindex=\"1\" value=\"\"><br>";
echo "<label for=\"new\">New file name</label><br>";
echo "Example: file.ext<br>";
echo "<input type=\"text\" name=\"new\" id=\"new\" tabindex=\"2\" value=\"\"><br>";
if ($password) {
echo "<label for=\"password\">Password</label><br>";
echo "<input type=\"password\" name=\"password\" id=\"password\" tabindex=\"3\" value=\"\"><br>";
}
echo "<p><input name=\"submit\" type=\"submit\" id=\"submit\" value=\"submit\"></p>";
echo "</fieldset>\n</form>";

$submit = $_POST['submit'];
if($submit) {
if($password) {
if ($_POST['password']!=$password) {
  echo "Password incorrect!";
  } else {
  $access = "09023578353";
  }
   } else {
$access = "09023578353";
}


if($access=="09023578353") {

if($os==2) {
$slash="\\";
} else {
$slash="/";
}

$file = $_POST['file'];
$newfilename = $_POST['new'];

if($_POST['otherdest']) {
$dest = $_GET['otherdest'];
} else {
$dest = $defaultDest;
}

$ds = array($dest, $slash, $newfilename);
$ds = implode("", $ds);

if (file_exists($ds)) {
echo "<p>File already exists! <br>\n Adding random digits to beginning of filename.</p>\n";
$ds = array($dest, $slash, rand(0,9999), $newfilename);
$ds = implode("", $ds);
}

echo "<p>New destination $ds</p>\n";
if (!copy($file, $ds)) {
echo "<p>Was unable to copy $file <br>\n See if your path and destination are correct.</p> \n";
} else {
echo "<p><strong>Copy successful!</strong></p> \n";
}}}
?>

you might have understand it. :-) Now, i want to input above fields below attachment filed. Only certain groups are allowed to use this function. Can you rewrite it as a mod, giving full permissions to do it. ;-)

[Free WordPress Themes]

how much do you pay?

Lol...For integrating also? I can't pay.... Sorry to say it, i can't pay for this one. But, i will pay for other mods, if i like from yr site...

[Promote your blog for free....]

May I ask what is the purpose of this script? Do you want to integrate a file hosting to your forum maybe?

I took a look at it, and found some things that you can fix :

1) Replace this :

if($os==2) {
$slash="\\";
} else {
$slash="/";
}


with this :

$slash = (strtoupper(substr(PHP_OS, 0, 3)) === "WIN")? '\' : '/';


2) Replace this :

if (file_exists($ds)) {
echo "<p>File already exists! <br>\n Adding random digits to beginning of filename.</p>\n";
$ds = array($dest, $slash, rand(0,9999), $newfilename);
$ds = implode("", $ds);
}


with this :

if (file_exists($ds)) {
echo "<p>File already exists! <br>\n Adding random digits to beginning of filename.</p>\n";
do {
 $ds = implode('',array($dest, $slash, rand(0,9999), $newfilename));//Actually this can be done faster but I am a little bored right now
} while ( file_exists($ds) )


BTW the script as is, is unsecure, as the user can actually rewrite files of your server, as you don't have any restriction on the directory that he/she is uploading to.

Maybe you should fix that

Like yr idea! Hope it's a matter of 10min? Yeah, it's a file hosting n forum. Can you please do it brother as a mod. I will be happy with it!

Like yr idea! Hope it's a matter of 10min? Yeah, it's a file hosting n forum. Can you please do it brother as a mod. I will be happy with it!

Didn't get, how user can rewrite files. Because did you see code for random digit. When you upload same file, it adds random digit. So i didn't find, how it rewrites?

[Promote your blog for free....]

Didn't get, how user can rewrite files. Because did you see code for random digit. When you upload same file, it adds random digit. So i didn't find, how it rewrites?

The user can add a new filename in the script, in which he/she can actually use a full path in the system......

Like yr idea! Hope it's a matter of 10min? Yeah, it's a file hosting n forum. Can you please do it brother as a mod. I will be happy with it!

That would took me a lot of time, and in this stage I have too much work to do (actually I have been late for a couple of small projects)

Maybe later, but I can't promise anything.

Of course if you want it so much you can allways hire me for stuff like this

Hmmm, anyone?

[Promote your blog for free....]

Hmmm, anyone?

Don't expect people to spend so much time for something that is valuable only for you.

If you want my advice, pay to get it, or learn how to do it. After all it isn't so difficult to modify SMF

You will have to start from :

/Sources/Post.php
/Themes/xxx/Post.template.php

Yeah brothr, i tried it...But didn't able to do it. Hope you will spend ten minutes to complete it. I am confused, how does it take more than 10 minutes. The main problem is, option should be available for only few allowed groups :'-(

[Promote your blog for free....]

If it was 10 minutes, I would allready had it done, and as I said before I am very busy these days.....

Maybe I'll help you later on this.

Hope you will make it as a mod, when i get my smf 1.1final

Any help? Now i am planning to pay!

[Promote your blog for free....]

Any help? Now i am planning to pay!

Can you send an email to nikolas at webdigity dot com and tell me what exactly do you want to do?

mail sent

[Guest]

[35.589]

Yahoo crawler, Googlebot, Nikolas, Captcha, chaz