我目前正在为一小群人制作一个小型门户网站来下载文件和手册。在网站中我还希望人们能够上传文件,因此我使用的是Mini Ajax File Upload。在上传表单上,我想要一个下拉框,以便人们可以选择他们想要上传文件的位置。我很难搞清楚如何更改上传目录。
上传目录在此处设置:
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
答案 0 :(得分:0)
我找到了一个解决方案并对其进行了修改,以便按照我的意愿行事。这是脚本,以防其他任何人想要它。请注意,这会暴露服务器的目录结构,并且它还具有shell_exec wget功能,可以让您公开注入。这本身并不安全/安全,您需要在顶部添加安全性或公开使用,风险自负。
该脚本将允许用户选择与此脚本相同的目录中的文件夹来上传文件,他们还可以输入文件的URL并让服务器下载它(在Linux服务器上)。
<?php
if ($_POST['variable'] == '')
{
$variable = './'; // default folder
}
else
{
$variable = $_POST['variable'] ;
}
$folder = $variable;
$uploadpath = "$folder/";
$max_size = 2000000;
$alwidth = 90000;
$alheight = 90000;
$allowtype = array('bmp', 'gif', 'jpg', 'jpe', 'jpeg', 'png', 'psd', 'tga', 'tif', '7z', 'bz', 'gz', 'rar', 'tar', 'zip', 'aac', 'flac', 'mid', 'midi', 'mp3', 'ogg', 'wma', 'wav', 'c', 'class', 'cpp', 'css', 'erb', 'htm', 'html', 'java', 'js', 'php', 'pl', 'py', 'rb', 'xhtml', 'xml', 'accdb', 'db', 'dbf', 'mdb', 'pdb', 'sql', 'csv', 'doc', 'docx', 'odt', 'pdf', 'xls', 'xlsx', 'ppt', 'app', 'bat', 'com', 'exe', 'jar', 'msi', 'vb', 'eot', 'otf', 'ttf', 'woff', 'gam', 'nes', 'rom', 'sav', 'box', 'deb', 'rpm', 'bat', 'cmd', 'sh', 'cfg', 'ini', 'log', 'md', 'rtf', 'txt', 'ai', 'drw', 'eps', 'ps', 'svg', 'avi', 'flv', 'mkv', 'mov', 'mp4', 'mpg', 'ogv', 'webm', 'wmv', 'swf', 'bak', 'msg', 'blank');
$wgeturl = $_POST['wget-url'];
$command = "wget -P $uploadpath $wgeturl";
$output = shell_exec($command);
if(isset($_FILES['fileup']) && strlen($_FILES['fileup']['name']) > 1) {
$uploadpath = $uploadpath . basename( $_FILES['fileup']['name']);
$sepext = explode('.', strtolower($_FILES['fileup']['name']));
$type = end($sepext);
list($width, $height) = getimagesize($_FILES['fileup']['tmp_name']);
$err = '';
if(!in_array($type, $allowtype)) $err .= 'The file: <b>'. $_FILES['fileup']['name']. '</b> not has the allowed extension type.';
if($_FILES['fileup']['size'] > $max_size*1000000) $err .= '<br/>Maximum file size must be: '. $max_size. ' KB.';
if(isset($width) && isset($height) && ($width >= $alwidth || $height >= $alheight)) $err .= '<br/>The maximum Width x Height must be: '. $alwidth. ' x '. $alheight;
if($err == '') {
if(move_uploaded_file($_FILES['fileup']['tmp_name'], $uploadpath)) {
echo 'File: <b>'. basename( $_FILES['fileup']['name']). '</b> successfully uploaded:';
echo '<br/>File type: <b>'. $_FILES['fileup']['type'] .'</b>';
echo '<br />Size: <b>'. number_format($_FILES['fileup']['size']/1024, 3, '.', '') .'</b> KB';
if(isset($width) && isset($height)) echo '<br/>Image Width x Height: '. $width. ' x '. $height;
echo '<br/><br/>Image address: <b>http://'.$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['REQUEST_URI']), '\\/').'/'.$uploadpath.'</b>';
}
else echo '<b>Unable to upload the file.</b>';
}
else echo $err;
}
?>
<div style="margin:1em auto; width:333px; text-align:center;">
</div>
<div style="margin:1em auto; width:333px; text-align:center;">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" enctype="multipart/form-data">
<b>Upload from URL:</b> <input type="text" name="wget-url" value="URL to file"><br\>
<input type="file" name="fileup" /><br/>
<select name="variable" />
<option value="" selected="selected">Select a folder</option>
<form name="input" action="upload.php" method="post" onchange="this.form.submit()">
<?php
$dirs = glob("*", GLOB_ONLYDIR);
foreach($dirs as $val){
echo '<option value="'.$val.'">'.$val."</option>\n";
}
?>
</select>
<button type="submit" class="btn btn-primary btn-lg" name='submit' value="Upload" />Upload</button>
</div>
</form>