Newgrounds.com — Everything, By Everyone.

Php: Main

Hello, welcome to my first Php: main tutorial.

Before i start, i must say that not all of the code here is mine.

Before you setup this type of image host, think if you really want to use up all of that bandwidth/webspace.

Ok, to start make sure your host supports file upload and php.

If yes, continue:
First create a folder in your main directory and name it "imagehost" or something. In side that folder make another folder called "uploads", Your now ready.
In "imagehost" or whatever you named it, save 2 blank files: upload.html and takefile.php.
Open up upload.html and paste in this: (I'm not going to explain it)

<form enctype="multipart/form-data" action="takefile.php" method="post">
Choose an Image to upload:
<br />
<input name="uploadedfile" type="file" /><br />

<input type="submit" value="Upload Image" />
</form>

So, you now have your form ready, if you want you can open it now and you should see a file chooser and a submit button.
Now open up takefile.php and paste in this:

<?php
$upload_path = "uploads/";

$_FILES['uploadedfile']['name']=$_FILES['u
ploadedfile']['name'].'_'.time()+rand(1000
,9999);

$filetype = $_FILES['uploadedfile']['type'];

$max_filesize = 500000;

$upload_path = $upload_path . basename( $_FILES['uploadedfile']['name']);

if ($_FILES['uploadedfile']['size'] > $max_filesize) {
die('Your filesize is too large. Please make your filesize smaller than ' . $max_filesize . ' bytes.');
}

if ($filetype!="image/jpeg"&&$filetype!="imag
e/gif"&&$filetype!="image/png") {
die('Your file was not a jpeg, png or gif.');
}

if(move_uploaded_file($_FILES['uploadedfil
e']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
echo "<br><br>your file can be found at:<br>http://www.SITE-HERE..uploads/veiw.
php?id=" . basename($_FILES['uploadedfile']['name']);
} else{
echo "There was an error uploading the file, please try again!";
}
?>

I'll now explain the above code:

$target_path = "uploads/";
This sets the path to where the images should be uploaded.

$_FILES['uploadedfile']['name']=$_FILES['u
ploadedfile']['name'].'_'.time()+rand(1000
,9999);
This changes the name of the file being uploaded, just say i wanted to upload pic.jpg, it would be changed into something like 1124335454_pic.jpg. This is usefull because it keeps the images more secure, and they won't overwrite each other.

$filetype = $_FILES['uploadedfile']['type'];
This finds out the filetype of the file being uploaded, and sets it as the value of $filetype.

$max_filesize = 500000;
This is to set the maximum filesize that the users can upload, change it to whatever you wish.

$upload_path = $upload_path . basename( $_FILES['uploadedfile']['name']);
This sets what the image is going to be saved as/to. For example if my picture was pic.jpg $upload path would be changed from "uploads/" to "uploads/pic.jpg".

if ($_FILES['uploadedfile']['size'] > $max_filesize) {
die('Your filesize is too large. Please make your filesize smaller than ' . $max_filesize . ' bytes.');
}
This bit of code checks the size of the file, and if its above the value of $max_filesize, it cancels the upload and Prints out "Your filesize is too large. Please make your filesize smaller than $max_filesize".

if ($filetype!="image/jpeg"&&$filetype!="imag
e/gif"&&$filetype!="image/png") {
die('Your file was not a jpeg, png or gif.');
}
This code checks if the file size is either jpeg, gif or png. If it isn't the upload is canceled and it prints out "Your file was not a jpeg, png or gif.".

if(move_uploaded_file($_FILES['uploadedfil
e']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
echo "<br><br>your file can be found at:<br> http://www.SITE-HERE..uploads/veiw.php?id=

" . basename($_FILES['uploadedfile']['name']);
} else{
echo "There was an error uploading the file, please try again!";
}
This bit of code is the most inportant, it uploads the image to a temporary folder and then copies it to uploads/ when finished. It displays a link to the file aswell. Change "SITE-HERE.com" to your domain name.
If something goes wrong for example it can't find uploads/, it prints out "There was an error uploading the file, please try again!"

So, thats the code that gets the file onto the server, now how about veiwing it?
Go into the uploads folder and create a php file called "veiw". Paste into this php file:

<?php $id = $_GET['id']; ?>
<img src="<?php echo $id; ?>" border="1" />

Now i shall explain this little bit of code:
<?php $id = $_GET['id']; ?>
Where it says a link to this page in takefile.php at the end it has something like veiw.php?id=123543653_pic.jpg, what this code does it get that id and store it as the value of $id.

<img src="<?php echo $id; ?>" border="1"></img>
This pretty much just uses prints $id as the image source.

You (should) now have a working image host!
I'd recomend you have it on http://www.phpnet.us/ as its free hosting, that supports php, and gives a whopping 80gb bandwidth.

Enjoy your image host.
Please report any errors.

-Jordan

Sorry, change http://www.SITE-HERE..uploads/veiw.php?id=

"

To

your-domain.yourTLD/imagehost/uploads/veiw
.php?id="

you stole this script.
I can tell because your first explanation you didn't change the original variable.

another reason:
http://www.tizag.com/phpT/fileupload.php

FUCK YOU, YOU NOOB!

At 7/30/06 09:15 AM, -cherries- wrote: saodakju8 *34s

My brain isnt working today?

At 7/30/06 09:15 AM, -cherries- wrote: you stole this script.
I can tell because your first explanation you didn't change the original variable.

another reason:
http://www.tizag.com/phpT/fileupload.php

FUCK YOU, YOU NOOB!

he's right. you stealer. This tutorial is stolen from tizag AND has no securtiy.....because that's what TIZAG told you not to use this script because it has no security.

DONT STEAL OTHER...</caps>...don't steal other peoples work.....

And I still haven't found out how to login at that hosting he suggested... -.-

WOULD YOU ALL SHUT THE FUCK UP?

DOES:

$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfil
e']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}

LOOK LIKE ALL OF THE CODE I SUGGESTED? NO SO JUST SHUTUP UNLESS YOU KNOW WHAT YOUR TALKING ABOUT.

At 7/30/06 09:15 AM, -cherries- wrote: you stole this script.
I can tell because your first explanation you didn't change the original variable.

another reason:
http://www.tizag.com/phpT/fileupload.php

FUCK YOU, YOU NOOB!

FUCK OFF YOU LITTLE TWAT.
FIND OUT WHAT YOUR SAYING BEFORE YOU SAY IT.

he's right. you stealer. This tutorial is stolen from tizag AND has no securtiy.....because that's what TIZAG told you not to use this script because it has no security.

DONT STEAL OTHER...</caps>...don't steal other peoples work.....

Some is taken, i admitted that at the top.
Its been highly edited though, tested alot for security, and it is very secure.

<?php
$upload_path = "uploads/";

$_FILES['uploadedfile']['name']=$_FILES['u
ploadedfile']['name'].'_'.time()+rand(1000
,9999);

$filetype = $_FILES['uploadedfile']['type'];

$max_filesize = 500000;

$upload_path = $upload_path . basename( $_FILES['uploadedfile']['name']);

if ($_FILES['uploadedfile']['size'] > $max_filesize) {
die('Your filesize is too large. Please make your filesize smaller than ' . $max_filesize . ' bytes.');
}

if ($filetype!="image/jpeg"&&$filetype!="imag
e/gif"&&$filetype!="image/png") {
die('Your file was not a jpeg, png or gif.');
}

if(move_uploaded_file($_FILES['uploadedfil
e']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
echo "<br><br>your file can be found at:<br>http://www.SITE-HERE..uploads/veiw.
php?id=" . basename($_FILES['uploadedfile']['name']);
} else{
echo "There was an error uploading the file, please try again!";
}
?>

Is not insecure.

Sorry, but theres a MASSIVE difference between this:
$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfil
e']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}

And my version.
My version has:
filesize checking, file type checking, links to the files, file veiwer, more secure form, more secure name changer, anti overwrite.

I spent about 3 days making this php secure.

At 7/30/06 10:58 AM, -Jordan- wrote: Some is taken, i admitted that at the top.

No you didn't. Not at all
Why dont you read your post through.
and this didn't take you 3 days.
I bet you worked 20-30 minutes tops to make it "secure".

It is actually insecure, so dont tell people its very secure because it isnt.

png is not a recognized file type by default server setups, therefore you could make a file like something.php.png and your script would upload it. However if you when to the url it would run the php file, thus giving a person access to delete files or even take down the server which the script is running. This could only be stopped by adding more security or messing around with mime types I believe or the servers recognized file types.

At 7/30/06 11:21 AM, -cherries- wrote: No you didn't. Not at all
Why dont you read your post through.
and this didn't take you 3 days.
I bet you worked 20-30 minutes tops to make it "secure".

If thats what you think then THINK THAT.
It won't bother me, i know how long it took me.

I suggest to anyone dont bother using this script, esle it can be easily hacked, By the method I suggested 1 post up.

kthxbain00b.

http://3xacharm.com/..41_something.php.png

*cough*

doodle-flash just go away and never come back to newgrounds.
or just dont bother coming into the programming forum asking for help.

At 7/30/06 11:29 AM, -cherries- wrote: doodle-flash just go away and never come back to newgrounds.
or just dont bother coming into the programming forum asking for help.

Why don't you?

Perhaps the server you are on has png file types added to its list. Some dont. I also suggest trying CGI. If it where me, I'd be adding string replace to check for php in the file type as a added step yet you havent.

At 7/30/06 11:30 AM, DarkDemon23 wrote: Perhaps the server you are on has png file types added to its list. Some dont. I also suggest trying CGI. If it where me, I'd be adding string replace to check for php in the file type as a added step yet you havent.

Everyone seems to be forgetting "Basic image host".

Sorry for being an ass, but i've been working hard constantly editing this code. For what i've done to it, i think i should be able to post it without people saying i stole it.

And telling me i stole it is spam, because i only stole the very basic file upload bit, about 80% of the code here is mine. I even said that at the top.

At 7/30/06 11:28 AM, -Jordan- wrote: http://3xacharm.com/..41_something.php.png


*cough*

it's called hacking. Once they have the file on the server, they can easily take away the .png with their php script....which happens to be on their php file...in your server.

After they have removed the extention .png....it becomes a php file....and it now becomes their website for the taking....

You have to make sure that the .php.png never happens and it's only .png....and never 2 dots...

Try make it a bit more secure before going around taking or "modifying" other peoples tutorials.

No matter what you did to this script. Even if you change it around or added "security", it's still not your script.

At 7/30/06 11:30 AM, -Jordan- wrote:

At 7/30/06 11:29 AM, -cherries- wrote: doodle-flash just go away and never come back to newgrounds.
or just dont bother coming into the programming forum asking for help.

Why don't you?

<?
function sucksAndSteals($user,$defend){
return $user.' is a horrible programmer who steals. Also, don\'t insult '.$defend.' as you are the one who stole and sucks at programming.';
}

echo sucksAndSteals('doodleflash','cherries');
?>

At 7/30/06 11:44 AM, JeremysFilms wrote:

At 7/30/06 11:30 AM, -Jordan- wrote:

At 7/30/06 11:29 AM, -cherries- wrote: doodle-flash just go away and never come back to newgrounds.
or just dont bother coming into the programming forum asking for help.

Why don't you?

<?
function sucksAndSteals($user,$defend){
return $user.' is a horrible programmer who steals. Also, don\'t insult '.$defend.' as you are the one who stole and sucks at programming.';
}

echo sucksAndSteals('doodleflash','cherries');
?>

great function if I dare say, but it needs a little something...

<?
function sucksAndSteals($user,$defend){
if (!is_string($user) || !is_string($defend)) {
die('doodle flash sucks :'(');
} else {
return ''.$user.' is a horrible programmer who steals. Also, don\'t insult '.$defend.' as you are the one who stole and sucks at programming.\n';
}
}

echo sucksAndSteals('doodleflash','cherries');
?>

yep thats good.

Didnt doofy already make a file uploading tutorial ?

one that wasnt stolen :P

At 7/30/06 11:53 AM, DannyIsOnFire wrote: Didnt doofy already make a file uploading tutorial ?

one that wasnt stolen :P

yeah

At 7/30/06 11:37 AM, Momo_the_Monkey wrote: Try make it a bit more secure before going around taking or "modifying" other peoples tutorials.

No matter what you did to this script. Even if you change it around or added "security", it's still not your script.

Most of it is my script, i didn't even modify a tutorial, i explained all of this myself out of my own knowledge, i didn't copy any tutorial, just a little bit of code.

I actually made this about a month ago and my php knowledge has increased alot since then.

At 7/30/06 11:53 AM, DannyIsOnFire wrote: Didnt doofy already make a file uploading tutorial ?

one that wasnt stolen :P

FOR THE LAST TIME THIS TUTORIAL IS NOT STOLEN, ONE SMALL TINCY BIT OF CODE IS STOLEN.

Is this a file uploading tutorial? NO!

How can you all say that he stole it? Wouldn't it make sense that since the script he's using is similar in what it's supposed to accomplish as a another script that they'd have areas that had resembling code?

Also, Not everyone's as fluent in the programming language as you may thin -.- a good portion of the world knows pretty much shit about it. So when this guy says when he was first starting out that it took him 3 days to understand and right this script you don't beleive him?

Good Job -Jordan- May the server be with you = P

At 7/30/06 12:00 PM, -Jordan- wrote:

At 7/30/06 11:53 AM, DannyIsOnFire wrote: Didnt doofy already make a file uploading tutorial ?

one that wasnt stolen :P

FOR THE LAST TIME THIS TUTORIAL IS NOT STOLEN, ONE SMALL TINCY BIT OF CODE IS STOLEN.

Is this a file uploading tutorial? NO!

that makes the whole tutorial stolen.
your just mad because you got caught.

At 7/30/06 12:08 PM, -cherries- wrote:

At 7/30/06 12:00 PM, -Jordan- wrote:

At 7/30/06 11:53 AM, DannyIsOnFire wrote: Didnt doofy already make a file uploading tutorial ?

one that wasnt stolen :P

FOR THE LAST TIME THIS TUTORIAL IS NOT STOLEN, ONE SMALL TINCY BIT OF CODE IS STOLEN.

Is this a file uploading tutorial? NO!

that makes the whole tutorial stolen.
your just mad because you got caught.

Think what you want to think, i know exactly what is true.

If you can find this tutorial or something similar to it then tell me.