HeavenCore | IT Solutions Built on Open Source Software
File Hub & Uploads
52428800) { echo "Your file is too large. Try to keep uploads to 5mb max.
"; $UploadOK = false; } //#### MIME check to prevent PHP if ($_FILES['uploaded']['type'] =="text/php") { echo "Error: PHP files are not allowed.
"; $UploadOK = false; } //#### Validate against whitelist $UploadedFileExtension = strtolower(pathinfo($_FILES['uploaded']['name'], PATHINFO_EXTENSION)); $whitelist = array("jpg", "jpeg", "gif", "png", "zip", "rar", "xls" , "xlsx", "pdf", "doc", "docx", "txt", "csv"); foreach ($whitelist as $AllowedExtension) { if($AllowedExtension == $UploadedFileExtension) { $InWhiteList = true; } } if ($InWhiteList == false) { echo "Error: File type (" . $UploadedFileExtension . ") is not allowed.
"; $UploadOK = false; } //#### If all is ok, upload file if ($UploadOK == false) { echo "Sorry, your file was not uploaded."; } else { if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "
The file " . $target . " has been uploaded
" . $CurrentUrl . $target . "

"; } else { echo "Sorry, there was a problem uploading your file."; } } } //#### Print the upload form and file list header echo "
"; echo "
"; echo " Please select your file:

"; echo " "; echo "
"; echo "
"; echo "
"; echo "Uplaoded files (Newest to oldest)"; echo "
"; //#### Determine path and prevent directory traversal $SafePath = realpath($ScriptPath); $UserPath = $SafePath; if (isset($_GET['path']) == true) { if (empty($_GET['path']) == false) { $UserPath = realpath($UserPath . $_GET['path']); } } //#### Trim SafePath from UserPath to give DisplayPath $DisplayPath = str_replace($SafePath, "", $UserPath); //echo "SafePath:" . $SafePath . "
"; //echo "UserPath:" . $UserPath . "
"; //echo "DisplayPath:" . $DisplayPath . "
"; if ($UserPath === false || strpos($UserPath, $SafePath) !== 0) { echo "Error: Directory Traversal Detected - Access Denied."; $EnumerateFiles = false; } if ($EnumerateFiles == true) { //#### echo out for navigation echo "Current path: " . $DisplayPath . "
"; //#### Initialise list arrays, directories and files separately and array counters for them $d_arr = array(); $d = 0; $f_arr = array(); $f = 0; //#### Open available directories if (is_dir($UserPath)) { if ($handle = opendir($UserPath)) { while (false !== ($file = readdir($handle))) { //#### Make sure we don't push parental directories or dotfiles (unix) into the arrays if ($file != "." && $file != ".." && $file[0] != ".") { if (is_dir($UserPath . "/" . $file)){ $d_arr[$d++] = $file; //#### Create array for directories } else { //$f_arr[$f++] = $file; //#### Create array for files $ctime = filemtime($UserPath . "/" . $file) . ',' . $file; $f_arr[$ctime] = $file; } } } } } //#### Wrap things up if we're in a directory if( is_dir( $handle ) ) closedir( $handle ); //#### Sort and reset the arrays asort( $d_arr ); reset( $d_arr ); krsort( $f_arr ); reset( $f_arr ); //#### echo a parent directory link $d_prev = substr( $DisplayPath, 0, ( strrpos( dirname( $DisplayPath . "/." ), "/" ) ) ); echo " Parent directory
\n"; //#### echo the directory list for( $i=0; $i < count( $d_arr ); $i++ ) { //#### echo with query string echo " "; echo "" . $d_arr[$i] . "/
\n"; } $CurrentDirFileCount = 0; //#### echo file list foreach ($f_arr as $FileDate => $FileName) { $CurrentDirFileCount ++; //#### Only echo path and filename echo " "; //#### Print Date from Key echo date("d/m/Y", str_replace("," . $FileName, "", $FileDate)) . " - "; echo " " . stripslashes($FileName) . ""; //#### We may want a file size. NOTE: needs $UserPath to stat if (filesize($UserPath . "/" . $FileName) >= 1024) { //#### Size in kilobytes echo " ".round(filesize($UserPath . "/" . $FileName) / 1024, 1)." KB
\n"; } elseif(filesize($UserPath . "/" . $FileName) >= 1048576) { //#### Size in megabytes echo " ".round(filesize($UserPath . "/" . $FileName) / 1024 / 1024, 1)." MB
\n"; } else { //#### Size in bytes echo " ".filesize($UserPath . "/" . $FileName)." bytes
\n"; } } echo "
" . $CurrentDirFileCount . " files in this folder."; } //#### Generic Functions function curPageURL() { $pageURL = 'http'; if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";} $pageURL .= "://"; if ($_SERVER["SERVER_PORT"] != "80") { $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"] . "/"; } else { $pageURL .= $_SERVER["SERVER_NAME"]. "/"; } return $pageURL; } ?>