Posts: 1,782
Threads: 167
Joined: Oct 2009
Reputation:
71
I see there is a config.php file amongst the files.
I suspect that will contain the options you need.
Post that code here mate. Let us see. Should be a simple edit.
Posts: 72
Threads: 15
Joined: Nov 2009
Reputation:
1
i have iv looked threw the config file like 10 000 times alrdy ...
here is the config
Code: // INITIAL SETTINGS //
// Language to use. (English=en.php .:. Deutsch=de.php .:. Espanol=es.php .:. Greek=gr.php .:. Nederlands=nl.php .:. Turkish=tr.php .:. 简体中文=zh-cn-utf8.php).
$language = "en.php";
// Site name and page title.
$page_title = "Upload";
// PASSWORD PROTECTION SETTINGS //
// I STRONGLY recommend using the built in password protection, unless you are using SSL. I believe it is much more secure than .htaccess or most other password protection scripts. Options.php must be used for the password protection. The passwords cannot be set using the config.php file. Cookies must be enabled.
$password_protect = "off";
// FILE UPLOAD //
// Option to use basic file upload/delete.
// Whether or not the fileupload option is available. on or off.
$fileupload = "on";
// The file upload directory from the domain name. This directory will be automatically created. For instance, if you use "http://YOURDOMAIN.com/testing/files/", the file upload directory will equal: "testing/files"
$fileupload_dir_name = "files";
// Files to ignore(not list) in the upload directory. ".htaccess" is ignored by default.
$up_ignore1 = ".php";
$up_ignore2 = ".html";
$up_ignore3 = ".jpg";
$up_ignore4 = ".png";
$up_ignore5 = ".bmp";
// Hide file listing from logged in users. on or off.
$hide = "off";
// Rename File function. on or off.
$rename_file = "on";
// Delete File function. on or off.
$delete_file = "on";
// BASIC SETTINGS //
// Redirect speed for index.php. 1000 = 1 second
$edit_redirect = "3000";
// Redirect speed for options.php. 1000 = 1 second
$admin_redirect = "3000";
//---------------------------------------------------------------//
// You do not need to make changes below, unless you are changing the default directory names or structure.
//---------------------------------------------------------------//
// Whether or not to use the header/footer.
$head = "on";
// Script directory. For instance, if your Upload-Point installation is at "http://YOURDOMAIN.com/testing/upload", then "textdir = testing/upload".
$textdir = "upload";
// Data directory name (where the password files, created by the script, are stored). Do not change unless you manually change the "data" directory name.
$datadir = "data";
// Path from script directory to webpage directory. Do not change unless you have moved the script directory from the default (http://YOURDOMAIN.COM/upload).
$pagepath = "../";
// Html start tag. The following are only used for Upload-Point script pages.
$p = "<p>";
// Html end tag
$p2 = "</p>";
?>
here is the index code
Code: // Config.php is the main configuration file.
include('config.php');
// Password file.
if (is_file("$datadir/upload_pass.php")) {
include ("$datadir/upload_pass.php");
}
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
//$logout = "index.php";
//$page_name = "upload";
// Password protection.
// Random string generator.
function randomstring($length){
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
$string = $chars{ rand(0,62) };
for($i=1;$i<$length;$i++){
$string .= $chars{ rand(0,62) };
}
return $string;
}
if ($password_protect == "on") {
session_start();
if(!empty($_POST['pass_hash_upload'])) {
// Crypt, hash, and store password in session.
$_SESSION['pass_hash_upload'] = crypt(md5($_POST['pass_hash_upload']), md5($_POST['pass_hash_upload']));
// Crypt random string with random string seed for agent response.
$string_agent = crypt($_SESSION['random'], $_SESSION['random']);
// Hash crypted random string for random string response.
$string_string = md5($string_agent);
// Hash and concatenate md5/crypted random string and password hash posts.
$string_response = md5($string_string . $_POST['pass_hash2']);
// Concatenate agent and language.
$agent_lang = getenv('HTTP_USER_AGENT') . getenv('HTTP_ACCEPT_LANGUAGE');
// Hash crypted agent/language concatenate with random string seed for check against post.
$agent_response = md5(crypt(md5($agent_lang), $string_agent));
// Check crypted pass against stored pass. Check random string and pass hashed concatenate against post. Check hashed and crypted agent/language concatenate against post.
} if (($_SESSION['pass_hash_upload'] != $upload_password) || ($_POST['pass_string_hash'] != $string_response) || ($_POST['agenthash'] != $agent_response)) {
// Otherwise, give login.
if ($head == "on") {
include("header.php");
}
// Set random string session.
$_SESSION['random'] = randomstring(40);
// Crypt random string with random string seed.
$rand_string = crypt($_SESSION['random'], $_SESSION['random']);
// Concatenate agent and language.
$agent_lang = getenv('HTTP_USER_AGENT').getenv('HTTP_ACCEPT_LANGUAGE');
// Crypt agent and language with random string seed for form submission.
$agent = crypt(md5($agent_lang), $rand_string);
// Form md5 and encrypt javascript.
echo "$p
<b>$l_global13</b>
$p2
<script type=\"text/javascript\" src=\"$datadir/crypt/sha256.js\"></script>
<script type=\"text/javascript\" src=\"$datadir/crypt/md5.js\"></script>
<script type=\"text/javascript\">
function obfuscate() {
document.form1.pass_hash_upload.value = hex_sha256(document.form1.pass_upload.value);
document.form1.pass_hash2.value = hex_md5(document.form1.pass_upload.value);
document.form1.string_hash.value = hex_md5(document.form1.string.value);
document.form1.pass_string_hash.value = hex_md5(document.form1.string_hash.value + document.form1.pass_hash2.value);
document.form1.agenthash.value = hex_md5(document.form1.agent.value);
document.form1.pass_upload.value = \"\";
document.form1.string.value = \"\";
document.form1.agent.value = \"\";
document.form1.jscript.value = \"on\";
return true;
}
</script>
<form action=\"index.php\" method=\"post\" name=\"form1\" onsubmit=\"return obfuscate()\">
$p
<input name=\"jscript\" type=\"hidden\" value=\"off\" />
<input name=\"pass_hash_upload\" type=\"hidden\" value=\"\" />
<input name=\"pass_hash2\" type=\"hidden\" value=\"\" />
<input name=\"string_hash\" type=\"hidden\" value=\"\" />
<input name=\"pass_string_hash\" type=\"hidden\" value=\"\" />
<input name=\"agenthash\" type=\"hidden\" value=\"\" />
<input name=\"string\" type=\"hidden\" value=\"$rand_string\" />
<input name=\"agent\" type=\"hidden\" value=\"$agent\" />
<input type=\"password\" name=\"pass_upload\" />
<input type=\"submit\" value=\"$l_global14\" />
$p2
</form>";
if ($head == "on") {
include("footer.php");
}
exit();
}
} else {
}
// End password protection.
function upload1() {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
$page_name = "upload";
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
// Upload file form.
echo "<script type=\"text/javascript\">
function showIcon() {
window.setTimeout('showProgress()', 0);
}
function showProgress() {
document.getElementById('progressImg').style.display = 'inline';
}
</script>
<table class=\"upload\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\">
<tr>
<td colspan=\"6\">
<form action=\"index.php\" method=\"post\" enctype=\"multipart/form-data\">
<div id =\"upload_popup\">
<input type=\"hidden\" name=\"cmd\" value=\"upload2\" /> <input type=\"file\" name=\"ftp_file[]\" />
<br />
<input type=\"hidden\" name=\"cmd\" value=\"upload2\" /> <input type=\"file\" name=\"ftp_file[]\" />
<br />
<input type=\"hidden\" name=\"cmd\" value=\"upload2\" /> <input type=\"file\" name=\"ftp_file[]\" />
<br />
<input type=\"hidden\" name=\"cmd\" value=\"upload2\" /> <input type=\"file\" name=\"ftp_file[]\" />
<br />
<input type=\"hidden\" name=\"cmd\" value=\"upload2\" /> <input type=\"file\" name=\"ftp_file[]\" />
<br /><br />
<input type=\"submit\" name=\"submit\" onclick=\"showIcon();\" value=\"$l_upload1\" />
</div>
<div class=\"progress\" id=\"progressImg\">
<img src=\"$datadir/progress.gif\" alt=\"$l_upload21\" />
</div>
</form>
</td>
</tr>";
// Hide file listing from logged in users.
if ($hide == "on") {
echo "</table>";
} else {
echo "<tr>";
// <td> colspan for rename/delete on/off.
if (($rename_file == "off") && ($delete_file == "off")) {
echo "<td colspan=\"4\">";
} elseif ($rename_file == "off") {
echo "<td colspan=\"5\">";
} elseif ($delete_file == "off") {
echo "<td colspan=\"5\">";
} else {
echo "<td colspan=\"6\">";
}
echo "
<hr />
$p
<b>$l_upload2</b>
$p2
<hr />
</td>
</tr>
</table>
<table cellpadding=\"0\" cellspacing=\"0\" border=\"0\" id=\"upload-point\" class=\"tablesorter\">
<thead>
<tr>
<th class=\"uploadlistname\"><b>$l_upload3</b></th>
<th class=\"uploadlistsize\"><b>$l_upload4</b></th>
<th class=\"uploadlistmod\"><b>$l_upload5</b></th>";
// Rename file on/off.
if ($rename_file == "on") {
echo "
<th class=\"uploadlistrename\"><b>$l_upload6</b></th>";
} else {
}
// Delete file on/off.
if ($delete_file == "on") {
echo "
<th class=\"uploadlistdelete\"><b>$l_upload7</b></th>";
} else {
}
echo "<th class=\"uploadlistloc\"><b>$l_upload8</b></th>
</tr>
</thead>
<tfoot>
<tr>
<th class=\"uploadlistname\"><b>$l_upload3</b></th>
<th class=\"uploadlistsize\"><b>$l_upload4</b></th>
<th class=\"uploadlistmod\"><b>$l_upload5</b></th>";
// Rename file on/off.
if ($rename_file == "on") {
echo "
<th class=\"uploadlistrename\"><b>$l_upload6</b></th>";
} else {
}
// Delete file on/off.
if ($delete_file == "on") {
echo "
<th class=\"uploadlistdelete\"><b>$l_upload7</b></th>";
} else {
}
echo "<th class=\"uploadlistloc\"><b>$l_upload8</b></th>
</tr>
</tfoot>
<tbody>";
}
// Path from Upload-Point directory to upload directory
$upload_dir = ($_SERVER['DOCUMENT_ROOT'] . "/$fileupload_dir_name");
// Create upload directory if it doesn't exist.
if (!is_dir($upload_dir)) {
if (!mkdir($upload_dir))
die ("$l_upload11");
if (!chmod($upload_dir,0755))
die ("$l_upload12");
}
// File listing code.
if ($hide == "on") {
} else {
if (is_empty_dir($upload_dir) == true) {
echo "</table>";
} elseif (is_empty_dir($upload_dir) == false) {
// List files in the upload directory.
$dir_handle = opendir($upload_dir);
if ($dir_handle) {
while (false !==($file = readdir($dir_handle))) {
$upload_files = "$upload_dir/$file";
if ((is_file($upload_files)) && ($file!=".htaccess" && $file!=$up_ignore1 && $file!=$up_ignore2 && $file!=$up_ignore3 && $file!=$up_ignore4 && $file!=$up_ignore5)) {
$upload_name_sort[] = $file;
}
}
sort($upload_name_sort);
foreach ($upload_name_sort as $file) {
echo "
<tr>
<td class=\"uploadlistname\">$file</td>
<td class=\"uploadlistsize\">".upload_file_size("$upload_dir/$file")."</td>
<td class=\"uploadlistmod\">".date("m(M) d Y - H:i:s", filemtime("$upload_dir/$file"))."</td>";
// Rename file on/off.
if ($rename_file == "on") {
echo "
<td class=\"uploadlistrename\">
<form action=\"index.php\" method=\"post\">
$p
<input type=\"hidden\" name=\"file\" value=\"$file\" />
<input type=\"hidden\" name=\"pg\" value=\"$pg\" />
<input type=\"hidden\" name=\"cmd\" value=\"upload_rename\" />
<input type=\"text\" name=\"upload_newname\" value=\"$file\" />
<input name=\"submit\" type=\"submit\" value=\"$l_upload6\" />
$p2
</form>
</td>";
} else {
}
// Delete file on/off.
if ($delete_file == "on") {
echo "
<td class=\"uploadlistdelete\">
<form action=\"index.php\" method=\"post\">
$p
<input type=\"hidden\" name=\"file\" value=\"$file\" />
<input type=\"hidden\" name=\"pg\" value=\"$pg\" />
<input type=\"hidden\" name=\"cmd\" value=\"upload_delete\" />
<input name=\"submit\" type=\"submit\" value=\"$l_upload7\" />
$p2
</form>
</td>";
} else {
}
echo "
<td class=\"uploadlistloc\"><a href=\"http://".$_SERVER['HTTP_HOST']."/$fileupload_dir_name/$file\"><i>http://".$_SERVER['HTTP_HOST']."/$fileupload_dir_name/$file</i></a></td>
</tr>";
}
}
closedir($dir_handle);
echo "
</tbody>
</table>
";
}
}
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
// Upload file function.
function upload2($ftp_file, $upload_type) {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
$page_name = "upload";
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
// Upload process.
// Path from domain name to upload directory
$upload_dir = ($_SERVER['DOCUMENT_ROOT'] . "/$fileupload_dir_name/");
$target_path1 = $upload_dir . basename($_FILES['ftp_file']['name'][0]);
$target_path2 = $upload_dir . basename($_FILES['ftp_file']['name'][1]);
$target_path3 = $upload_dir . basename($_FILES['ftp_file']['name'][2]);
$target_path4 = $upload_dir . basename($_FILES['ftp_file']['name'][3]);
$target_path5 = $upload_dir . basename($_FILES['ftp_file']['name'][4]);
if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][0], $target_path1)) {
chmod($upload_dir . basename( $_FILES['ftp_file']['name'][0]), 0644);
echo "1";
echo $p."$l_upload13 ". basename( $_FILES['ftp_file']['name'][0]). "$p2";
} else {
echo $p."$l_upload14 ". basename( $_FILES['ftp_file']['name'][0]). "$p2";
}
if (is_file($_FILES['ftp_file']['tmp_name'][1])) {
if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][1], $target_path2)) {
chmod($upload_dir . basename( $_FILES['ftp_file']['name'][1]), 0644);
echo "2";
echo $p."$l_upload13 ". basename( $_FILES['ftp_file']['name'][1]). "$p2";
} else {
echo $p."$l_upload14 ". basename( $_FILES['ftp_file']['name'][1]). "$p2";
}
}
if (is_file($_FILES['ftp_file']['tmp_name'][2])) {
if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][2], $target_path3)) {
chmod($upload_dir . basename( $_FILES['ftp_file']['name'][2]), 0644);
echo "3";
echo $p."$l_upload13 ". basename( $_FILES['ftp_file']['name'][2]). "$p2";
} else {
echo $p."$l_upload14 ". basename( $_FILES['ftp_file']['name'][2]). "$p2";
}
}
if (is_file($_FILES['ftp_file']['tmp_name'][3])) {
if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][3], $target_path4)) {
chmod($upload_dir . basename( $_FILES['ftp_file']['name'][3]), 0644);
echo "4";
echo $p."$l_upload13 ". basename( $_FILES['ftp_file']['name'][3]). "$p2";
} else {
echo $p."$l_upload14 ". basename( $_FILES['ftp_file']['name'][3]). "$p2";
}
}
if (is_file($_FILES['ftp_file']['tmp_name'][4])) {
if (move_uploaded_file($_FILES['ftp_file']['tmp_name'][4], $target_path5)) {
chmod($upload_dir . basename( $_FILES['ftp_file']['name'][4]), 0644);
echo "5";
echo $p."$l_upload13 ". basename( $_FILES['ftp_file']['name'][4]). "$p2";
} else {
echo $p."$l_upload14 ". basename( $_FILES['ftp_file']['name'][4]). "$p2";
}
}
// Redirect to upload page.
if ($su == "on") {
$upload_redirect = $admin_redirect;
} else {
$upload_redirect = $edit_redirect;
}
echo "<script type=\"text/javascript\">
<!--
var URL = \"$logout\"
var speed = $upload_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>
$p
$l_upload15
$p2";
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
// Function to delete files.
function upload_delete($file, $pg) {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
$page_name = "upload";
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
// Path to file.
$upload_file_path = ($_SERVER['DOCUMENT_ROOT'] . "/$fileupload_dir_name/$file");
// Delete file
unlink($upload_file_path);
echo "$p<b>$file</b> $l_upload18$p2";
// Redirect to upload page.
if ($su == "on") {
$upload_redirect = $admin_redirect;
} else {
$upload_redirect = $edit_redirect;
}
echo "<script type=\"text/javascript\">
<!--
var URL = \"$logout?pg=$pg\"
var speed = $upload_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>
$p
$l_upload15
$p2";
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
// Function to rename file.
function upload_rename($file, $upload_newname, $pg) {
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
$page_name = "upload";
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
// Path to file.
$upload_file_path = ($_SERVER['DOCUMENT_ROOT'] . "/$fileupload_dir_name/$file");
// Check is file exists and rename it.
if (file_exists($upload_file_path)) {
rename ($upload_file_path, $_SERVER['DOCUMENT_ROOT'] . "/$fileupload_dir_name/$upload_newname") or die ("$l_upload19");
echo "$p<b>$file</b> $l_upload20: <b>$upload_newname</b>.$p2";
}
// Redirect to upload page.
if ($su == "on") {
$upload_redirect = $admin_redirect;
} else {
$upload_redirect = $edit_redirect;
}
echo "<script type=\"text/javascript\">
<!--
var URL = \"$logout?pg=$pg\"
var speed = $upload_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>
$p
$l_upload15
$p2";
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
// Errorless check if directory is empty.
function is_empty_dir($dir) {
if (is_dir($dir)) {
$dl = opendir($dir);
if ($dl) {
while ($name = readdir($dl)) {
if (!is_dir("$dir/$name")) {
return false;
break;
}
}
closedir($dl);
} return true;
} else return true;
}
// Show readable file size function.
function upload_file_size($file) {
$file_size = 0;
if (file_exists($file)) {
$size = filesize($file);
if ($size < 1024) {
$file_size = $size.' Bytes';
} elseif (($size >= 1024) && ($size < 1024000)) {
$file_size = round($size/1024,2).' KB';
} elseif ($size >= 1024000) {
$file_size = round(($size/1024)/1024,2).' MB';
}
}
return $file_size;
}
function logout (){
// Config.php is the main configuration file.
include('config.php');
// Language file.
include("lang/$language");
// Name of page for links, title, and logout.
$logout = "index.php";
$page_name = "upload";
// Include header if "on" in config.php.
if ($head == "on") {
include("header.php");
}
session_destroy ();
session_unset ($_SESSION['pass_hash_upload']);
echo "<script type=\"text/javascript\">
<!--
var URL = \"$logout\"
var speed = $edit_redirect
function reload() {
location = URL
}
setTimeout(\"reload()\", speed);
//-->
</script>";
echo "$p
$l_global10
$p2
$p
$l_global11
$p2";
// Include footer if "on" in config.php.
if ($head == "on") {
include("footer.php");
}
}
switch(@$_REQUEST['cmd']) {
default:
upload1();
break;
case "upload2";
upload2(@$_POST['ftp_file'], @$_POST['upload_type'], $_POST['submit']);
break;
case "upload_delete";
upload_delete($_POST['file'], $_POST['pg']);
break;
case "upload_rename";
upload_rename($_POST['file'], $_POST['upload_newname'], $_POST['pg']);
break;
case "logout";
logout();
break;
}
?>
Posts: 111
Threads: 14
Joined: Jul 2010
Reputation:
5
Code: // Files to ignore(not list) in the upload directory. ".htaccess" is ignored by default.
$up_ignore1 = ".php";
$up_ignore2 = ".html";
$up_ignore3 = ".jpg";
$up_ignore4 = ".png";
$up_ignore5 = ".bmp";
You can add every file, such as zip, rar, exe, shtml, up until only .dat is left.
I would reccomend using an actual array of ONLY accepted files, but in this case - I'd just use something like below:
Code: // Files to ignore(not list) in the upload directory. ".htaccess" is ignored by default.
$up_ignore1 = ".php";
$up_ignore2 = ".html";
$up_ignore3 = ".jpg";
$up_ignore4 = ".png";
$up_ignore5 = ".bmp";
$up_ignore6 = ".zip";
$up_ignore7 = ".rar";
Etc, good luck. 
Posts: 23
Threads: 3
Joined: Apr 2010
Reputation:
0
Not sure if you're interested, but I am selling a really old version of Uploadah; which can be found here: http://www.supportforums.net/showthread.php?tid=12109
|
Help Editing PHP upload system
