上传脚本问题

时间:2012-09-02 02:35:58

标签: php

我发现这个脚本在线试图改变它但现在它不起作用,我只添加了2行和它看起来的文件夹。

这是脚本:

<?PHP
/*
Silentum Uploader v1.6
Modified July 8, 2012
uploader.php copyright 2005-2012 HyperSilence
*/

// Begin options

$file_extensions = array(".mp3"); // Add or delete the file extensions you want to allow Sample: (".mp3", ".gif", ".htm", ".html", ".jpg", ".png", ".txt")
$file_extensions_list = ".mp3"; // Type the same as above, without the quotation marks Sample: ".doc, .gif, .htm, .html, .jpg, .png, .txt"
$max_length = 30; // The maximum character length for a file name
$maximum_file_size = 10000000; // In bytes
$upload_log_file = "upload_log.txt"; // The log file you want to use

// End options
// If you're using a different folder name for uploaded files other than "files", change both occurrences of "files" on lines 27 and 28 below

$folder_directory = "http://".$_SERVER["HTTP_HOST"].dirname($_SERVER["PHP_SELF"]);
$message = "";
$set_chmod = 0;
$site_uri = "http://".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"];
$upload_directory = "/uploads";
$upload_uri = $folder_directory."/uploads/";

$folder_name_length = strlen($upload_directory);

if($_FILES["userfile"]) {
$resource = fopen($upload_log_file,"a");
fwrite($resource,date("F d, Y / h:i:sa")." - ".$_FILES["userfile"]["name"]." "
.$_FILES["userfile"]["type"]." uploaded by ".$_SERVER["REMOTE_ADDR"]."\n");
fclose($resource);

$file_type = $_FILES["userfile"]["type"]; 
$file_name = $_FILES["userfile"]["name"];
$file_ext = strtolower(substr($file_name,strrpos($file_name,".")));
@chmod($upload_uri."".$file_name, 0755);
if($_FILES["userfile"]["size"] > $maximum_file_size) {
$message = "ERROR: File size cannot be over ".$maximum_file_size." bytes.";
}

elseif($file_name == "") $message = "ERROR: Please select a file to upload.";
elseif(file_exists($upload_directory.$file_name)) $message = "ERROR: A file with that name already exists.";
elseif(strlen($file_name) > $max_length) $message = "ERROR: The maximum length for a file name is ".$max_length." characters.";
elseif(!preg_match("/^[A-Z0-9_.\- ]+$/i",$file_name)) $message = "ERROR: Your file name contains invalid characters.";
elseif(!in_array($file_ext, $file_extensions)) $message = "ERROR: <u>$file_ext</u> is not an allowed file extension.";
else $message = upload_file($upload_directory, $upload_uri);
header("Location: $site_uri?message={$message}");
}

elseif(!$_FILES["userfile"]);
else $message = "ERROR: Invalid file specified.";

$open = opendir($upload_directory);
$uploaded_files = "";
while($file = readdir($open)) {
if(!is_dir($file) && !is_link($file)) {
$uploaded_files .= "        <tr>
            <td style=\"background: #fff; color: #000; text-align: left\"><a href=\"$upload_directory$file\" title=\"$file (".filesize($upload_directory.$file)." bytes)\">".$file."</a> (".filesize($upload_directory.$file)." bytes)</td>
        </tr>
        <tr>
            <td style=\"background: #eee; color: #000; text-align: left; text-indent: 20px\">Uploaded <b>".date("F d, Y / h:ia", filemtime($upload_directory.$file))."</b></td>";
$uploaded_files .="
        </tr>
";
}
}

function upload_file($upload_directory, $upload_uri) {
$mp3_name=substr($file_name,0,-4);
$mp3 = md5($mp3_name.rand().mktime()).".mp3";
$file_name = $mp3;
//$file_name = md5($_FILES["userfile"]["name"].rand()).".mp3";
//$file_name = str_replace(" ","_",$file_name);
$file_path = $upload_directory.$file_name;
$temporary = $_FILES["userfile"]["tmp_name"];

$result = move_uploaded_file($temporary, $file_path);
if(!chmod($file_path,0777))
$message = "ERROR: A folder to place the files was not found, or the files need to be CHMODed to 777.";
else $message = ($result)?"File has been uploaded." : "An error has occurred.";
return $message;
}
?>

我添加的部分是:

$mp3_name=substr($file_name,0,-4);
$mp3 = md5($mp3_name.rand().mktime()).".mp3";

这不应该搞乱脚本,我只是想让它更安全。

我得到的错误是:

  

错误:找不到放置文件的文件夹,或文件需要的文件夹   被CHMODed到777。   我确实将文件夹更改为0777,但它仍无法正常工作。

1 个答案:

答案 0 :(得分:0)

我建议在echo之前对变量$file_path进行chmod()。我有一种感觉,它并没有指向你认为的道路。

我在您添加的行中看到的一个错误是您在$file_name函数中引用了upload_file变量。问题是该函数内部不存在变量,因此未设置变量。