File Upload/Download
PHP Code Examples
[Download]   [Execute]
<?php include '../util.inc'; 

define('DIR', "/home/bennet/phpwrite/repository");
define('MAXSIZE', 1000);
define('MAXNUM', 25);

// Return a string which is a correct link back to ourselves, with the
// operation set to $func, and optional value for  selector, which
// generates sel=value, if it sent.  It also takes an optional string
// which is appended to the URL as path info.
function gen_link($func, $content, $sel='', $path = '') {
	$me = $_SERVER['SCRIPT_NAME'];

	if($sel) $sel = "&sel=$sel";
	if($path) $path = "/$path";

	return "<a href=\"$me$path?oper=$func$sel\">$content</a>";
}

// Error message, if any.
$message = '';

// Operation from the query.
$oper = $_REQUEST['oper'];
$sel = $_REQUEST['sel'];
$path = $_SERVER['PATH_INFO'];

// Process a get here.  If it succeeds, we'll not run the rest of the
// script.
if($oper == 'dld' && $path)
{
	$sel = preg_replace('|^/+|', '', $path);
	if(!preg_match('/^[a-zA-Z0-9_\\.-]+$/', $sel))
		$message = "Illegal delete request for $sel.";
	else if(!($fp = @fopen(DIR."/$sel", "r")))
		$message = "Cannot read $sel.";
	else {
		header ("Content-type: application/octet-stream");
		fpassthru($fp);
		exit;
	}
}

// Process a delete now.  That will make the directory listing accurate.
if($oper == 'del' && $sel)
{
	if(!preg_match('/^[a-zA-Z0-9_\\.-]+$/', $sel))
		$message = "Illegal delete request for $sel.";
	else
		if(!@unlink(DIR."/$sel"))
			$error = "File system delete $sel failed.";
}

// Open the directory.
if (!($dp = @opendir(DIR))) {
	head('File Listing Error');
	echo "<body>Directory ".DIR." will not open.</body><html>";
	exit;
}

// Get the names and sort them.  The !== prevents php from thinking the
// items are equal if you use another name which counts a false (such as
// zero or the empty string.)  0 !== false is true, but 0 != false is false.
$names = array();
while (($file = readdir($dp)) !== false) {
	if($file == '.' || $file == '..') continue;
	$names[] = $file;
}  
closedir($dp);

if(count($names) >= MAXNUM)
	$message = "The remote directory is full";
if(count($names) == 0)
	$message = "The remote directory is empty";

start('Remote File Facility');

// Try to read the sent file.
// echo "$oper $userfile $userfile_name";
if($oper == 'Send' && $_FILES['sentfile']) {
	// This is convenient.
	$fn = $_FILES['sentfile']['name'];

	// Get the local name.
	$newname = $_REQUEST['newname'];
	if(!$newname) 
		$newname = preg_replace('/^.*[\\/\\\\]/', '', $fn);

	if($_FILES['sentfile']['error'] != UPLOAD_ERR_OK)
		switch($_FILES['sentfile']['error']) {
		case UPLOAD_ERR_INI_SIZE:
			$message = "File $fn exceeds system max size.";
			break;
		case UPLOAD_ERR_FORM_SIZE:
			$message = "File $fn is too large.";
			break;
		case UPLOAD_ERR_PARTIAL:
			$message = "$fn upload was not completed.";
			break;
		case UPLOAD_ERR_NO_FILE:
			$message = "No file uploaded.";
			break;
		case UPLOAD_ERR_NO_TMP_DIR:
		case UPLOAD_ERR_CANT_WRITE:
			$message = "Unable to create temp copy of $fn" .
				' (server error)';
			break;
		default:
			$message = "Upload failed.";
		}
	else if(count($names) >= MAXNUM)
		$message = "The file repository is full.";
	else if($_FILES['sentfile']['size'] > MAXSIZE)
		$message = "File $fn is too large.";
	else if(!preg_match('/^[a-zA-Z0-9_\\.-]+$/', $newname))
		// Allowing only alnums and a few others.
		$message = "File name $newname is not allowed.";
	else if(array_search($newname, $names))
		$message = "File $newname already exists.";
	else 
	{
		// Trim the file name, then move the file.
		if(!@move_uploaded_file($_FILES['sentfile']['tmp_name'], 
					DIR."/$newname"))
			$message = "File system copy failed.";

		// Not in the directory listing.  Fix.
		$names[] = $newname;
		if(count(names) == 1)
			$message = '';
	}
}

// Error msg, if any.
if($message) echo '<font color="red"><i>', "$message</i></font><p>";

// File upload entry.  Omit if the directory is full
if(count($names) < MAXNUM) 
{
	// File upload form.  Much copied from PHP doc.
	$maxsize = MAXSIZE;
	echo <<<ENDUP
	<b>Upload</b><p>
	<form enctype="multipart/form-data" action="$SCRIPT_NAME" 
								method="post">
	<input type="hidden" name="MAX_FILE_SIZE" value="$maxsize">
	<table>
	<tr><td align="left">Send:</td>
	    <td><input name="sentfile" type="file" size="50"></td></tr>
	<tr><td align="left">Rename:</td>
	    <td><input type="text" name="newname" size="40"></td></tr>
	</table>
	<input type="submit" name="oper" value="Send">
	</form>
ENDUP;
}

echo '<b>File List</b><p>';
echo "<table>\n";
echo '<tr><td align="left">', gen_link('ref', '[Refresh]'), '</td></tr>';
sort ($names);
reset ($names);
foreach($names as $fn) {
	echo "<tr>";
	echo '<td align="left">', gen_link('del', '[Delete]', $fn), 
		'</td>';
	echo '<td align="left">', gen_link('dld', '[Get]', '', $fn), 
		'</td><td width=2></td>';
	echo '<td align="left">', $fn, '</td>';
	echo '<tr>';
}
echo "</table>\n";
?>