I have found an upload script in hotscripts and have implemented it into the website, I followed the installation steps to 'give write permissions to php on the upload folder (which is _uploadedfiles_xxxx) (php must be allowed to move uploaded files to this folder' - uploadedfiles_xxxx.
I typed
Expand|Select|Wrap|Line Numbers
- <?php chmod ('_uploadedfiles_xxxx',640); ?>
This is the code which is quite long and thanks for any help received
Expand|Select|Wrap|Line Numbers
- <?php
- @set_time_limit(90); // try to change to maximum allowed execution time for this page
- define('CFG_UPLOADFOLDER','_uploadedfiles_xxxx/');
- $bSecure = (isset($_SERVER['HTTPS']))? true : false;
- include('inc.ErrorHandling.php');
- include('inc.init.php');
- include('class.DataException.php');
- include('class.File.php');
- function ProduceJavaScriptResponse($aResponse){
- $response = <<<EOD
- <html><head>
- <meta http-equiv="content-type" content="text/html; charset=UTF-8">
- <meta http-equiv="Cache-Control" content="no cache" >
- <meta http-equiv="Pragma" content="no_cache" >
- <meta name="language" content="en" >
- </head>
- <body>
- <script type="text/javascript">{code}</script>
- </body></html>
- EOD;
- // encode into JSON
- $jsResponse = 'window.parent.'. $_REQUEST['callback'] .'('. json_encode($aResponse) .');';
- $response = str_replace('{code}', $jsResponse, $response);
- return $response;
- }
- // Upload file
- $errorMessage = '';
- $aResponse = array();
- if ($_SERVER['REQUEST_METHOD'] == 'POST'){
- ############################################################
- if (!headers_sent()){
- Header("Pragma: no-cache");
- Header("Cache-Control: no-cache");
- Header('Expires: '. GMDate("D,d M Y H:i:s") .' GMT');
- }
- $blacklist = array('.php', '.phtml', '.php3', '.php4');
- foreach ($blacklist as $item) {
- if (preg_match("/$item\$/i", $_FILES['_file']['name'])){
- $errorMessage = 'Uploading PHP files is not allowed!';
- }
- }
- try{
- if ($errorMessage == ''){
- $maxAllowedSize = null; // no limit (see FAQ)
- $aAllowedContenTypes = null; // any file (see FAQ)
- $oFile = File::UploadFile('_file', CFG_UPLOADFOLDER, $maxAllowedSize, $aAllowedContenTypes);
- }
- }catch(Exception $e){
- $errorMessage = 'An error occured:'. $e->getMessage();
- }
- // produce response
- if (isset($_REQUEST['output']) && $_REQUEST['output'] == 'js'){
- if (!isset($_REQUEST['callback']) || empty($_REQUEST['callback'])){
- // ERROR: BAD AJAX call
- $errorMessage = "Bad Ajax call! URL argument \'callback\' was not specified.";
- die('<script type="text/javascript">alert("'. $errorMessage .'");</script>');
- }else if(empty($errorMessage) && $oFile){
- // SUCCESS (file was uploaded)
- $aResponse['result'] = 'success';
- $aResponse['file'] = array('size' => $oFile->getSize(),
- 'sizeFormatted' => $oFile->FormatFileSize($oFile->getSize()),
- 'name' => $oFile->getName()
- );
- }else{
- // UPLOAD ERROR
- $aResponse['result'] = 'failure';
- $aResponse['message'] = 'Upload error ('. $errorMessage .').';
- }
- $response = ProduceJavaScriptResponse($aResponse);
- }else{
- $response = file_get_contents('fileUploaded.tpl.php');
- $aValues = array($oFile->getName(), $oFile->FormatFileSize($oFile->getSize()));
- $aPlaceHolders = array('{filename}', '{filesize}');
- $response = str_replace($aPlaceHolders,$aValues,$response,$count);
- }
- die($response);
- ############################################################
- }
- ?>
- <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
- <html lang="en">
- <head>
- <meta http-equiv="content-type" content="text/html; charset=UTF-8">
- <meta name="language" content="en" >
- <meta name="description" content="Secure file uploading : a page for uploading files securely">
- <meta name="author" content="attila szabo (www.w3net.eu)" >
- <meta name="robots" content="noindex,nofollow" >
- <title><?php if($bSecure){echo 'Secure ';}?>File Upload form</title>
- <link media="handheld" href="css/handheld.css" type="text/css" rel="stylesheet">
- <link rel="stylesheet" type="text/css" media="all" href="css/main.css">
- <script type="text/javascript" src="js/common.js"></script>
- <script type="text/javascript" src="js/FileListing.js"></script>
- <script type="text/javascript" src="js/PageController.js"></script>
- </head>
- <body id="home">
- <table border="0" cellpadding="0" cellspacing="0" width="627" align="center">
- <tr>
- <td>
- <div id="logo">
- <img src="../images/logoGreyPurple.gif" width="627" height="75" border="0" alt="" /></div> </td>
- </tr>
- </table>
- <table border="0" cellpadding="0" cellspacing="0" width="627" align="center">
- <tr>
- <td>
- <div id="imgHeader">
- <img src="../images/acounts.jpg" width="627" height="33" border="0" alt="" /></div>
- <div id="nav">
- <ul>
- <li><a href="index.html">Home</a></li>
- <li><a href="about.html">About</a></li>
- <li><a href="HowWeWork.html">How we work</a></li>
- <li><a href="requirementsForm.html">Requirements Form</a></li>
- <li><a href="servicesAndRates.html">Services & Rates</a></li>
- <li><a href="contact.html">Contact</a></li>
- </ul>
- </div>
- </table>
- <div id="container">
- <ul id="skip">
- <li><a href="#main">Skip to main content</a></li>
- <li><a href="#form">Skip to the upload form</a></li>
- </ul>
- <iframe id="uploadIfr" src="blank.htm" name="uploadIfr" class="hiddenUploadIframe" title="ignore this frame"></iframe>
- <!-- @@@ listing of uploaded files -->
- <div id="uploadedFiles">
- </div>
- <!-- end listing of uploaded files @@@ -->
- <a name="main"></a>
- <h1><?php if($bSecure){echo 'Secure file';}else{echo 'File';}?> uploading</h1>
- <?php
- if($bSecure){
- ?>
- <p class="message" id="annotationSecure">
- Uploading files using this web page is secure. This webpage transmits the file using a high-level encryption so that
- only I will be able to access the information.
- Web pages beginning with "https" instead of "http" enable secure information transmission.
- </p><?php
- }else{
- echo "<p></p>";
- }
- ?>
- <div id="frmAttachFile_ErrorMessage" class="form_boxErrorMsg" style="display: none"></div>
- <!-- @@@ file upload form -->
- <div id="fileuploadForm"><a name="form"></a>
- <form name='frmUploadFile' id="frmUploadFile" action="index.php" method="post" enctype="multipart/form-data" > <!-- uploadIfr -->
- <fieldset title="Choose the file to upload">
- <legend> 1: Choose a file to upload</legend>
- <p>Click the button to browse the file system of your computer. Find and select the file you want to upload.</p>
- <label for="fileInput" class="form_label">File:</label>
- <input type="file" accept="" name="_file" id="fileInput" >
- </fieldset>
- <fieldset id="confirmation" title="Confirmation">
- <legend> 2: Upload file</legend>
- <p>When you have selected the file to upload, click on the <strong>Upload</strong> button.</p>
- <div class="actionBar" id="submitBtnBox">
- <input type="submit" value="Upload" >
- </div>
- </fieldset>
- </form>
- </div>
- <!-- end file upload form @@@ -->
- </div>
- </div>
- </body></html>
Expand|Select|Wrap|Line Numbers
- BODY {
- margin: 50px 0px 0px 0px;
- padding: 0px 0px 0px 0px;
- font-family: arial, helvetica, sans-serif;
- /* part 1 of 2 centering hack */
- color:#000;
- background:#C2CACB;
- font-family: arial, helvetica, sans-serif;
- font-size: x-small; /* for IE5/Win */
- voice-family: "\"}\"";
- voice-family: inherit;
- font-size: small; /* for compliant browsers */
- }
- html>body {font-size:small;}
- #container {
- font-size: 110%;
- margin-right: auto;
- margin-left: auto; /* opera does not like 'margin:20px auto' */
- background: #fff;
- border:solid 1px #FFFFFF;
- text-align:left; /* part 2 of 2 centering hack */
- width: 627px; /* ie5win fudge begins */
- voice-family: "\"}\"";
- voice-family:inherit;
- width: 627px;
- }
- form {
- margin: 0;
- }
- #skip {
- display: none;
- }
- h1 {
- font-size: 170%;
- background: transparent url(../imgs/green_up.gif) no-repeat right;
- padding-right: 40px;
- padding-right: 30px;
- display: inline;
- }
- #uploadedFiles {
- margin-bottom: 20px;
- }
- #fileuploadForm {
- margin-right: auto;
- margin-left: auto; /* opera does not like 'margin:20px auto' */
- background: #fff;
- border:solid 1px #FFFFFF;
- text-align:left; /* part 2 of 2 centering hack */
- width: 625px; /* ie5win fudge begins */
- voice-family: "\"}\"";
- voice-family:inherit;
- width: 627px;
- }
- fieldset {
- border-left:0;
- border-right:0;
- border-bottom:0;
- padding: 0.5em;
- }
- legend {
- background-color:#B2CBE7;
- color:#000;
- font-weight:bold;
- margin:0px;
- padding:5px 10px;
- }
- #confirmation {
- margin-top: 2em;
- }
- .actionBar {
- background-color:#B2CBE7;
- padding: 0.6em;
- text-align: center;
- }
- .actionBar input {
- font-size: 110%;
- }
- .hiddenUploadIframe {
- width:0;
- height:0;
- border:0;
- position: absolute;
- top: -1000px;
- }
- /* Msg boxes
- ------------------------------ */
- .message {
- margin: 1.5em 0;
- /* padding: 15px;*/
- font-size: 90%;
- line-height: 1.5em;
- border-left: none;
- border-right: none;
- }
- .success {
- background-color: #A2D489;
- border-top: 3px solid #339900;
- border-bottom: 3px solid #339900;
- }
- .error {
- background-color: #FFDDCC;
- border-top: 3px solid #DD0000;
- border-bottom: 3px solid #DD0000;
- }
- .alert {
- background-color: #FFF3CE;
- border-top: 3px solid #FDDC9A;
- border-bottom: 3px solid #FDDC9A;
- }
- #annotationSecure {
- background: #FFFFAA ;
- padding:2px;
- /* padding-left: 15px;*/
- }
- /* Uploaded files
- ------------------------------ */
- table {
- border-collapse:collapse;
- }
- #uploadedFiles caption {
- line-height: 2.1em;
- text-align: left;
- padding-left: 20px;
- background: #fff url(../imgs/lock.png) no-repeat left;
- }
- #uploadedFiles th,
- #uploadedFiles td{
- border:1px solid #CCCCCC;
- padding:0.5em;
- }
- #uploadedFiles thead{
- background-color:#DDDDDD;
- }
- #uploadedFiles tr.rowodd {
- background-color:#FFFFFF;
- }
- #uploadedFiles tr.roweven {
- background-color:#F2F2F2;
- }
- /* Busy page
- ------------------------------ */
- #dropSheet{
- background-color/**/: #000000;
- background-image: url(imgs/dots.gif);
- background-image/**/: none;
- opacity: 0.35;
- filter: alpha(opacity=35);
- }
- div.busyDialog {
- background-color: #ECB7B2;
- font-size: 110%;
- font-weight: bold;
- margin: 0;
- padding: 0;
- }
- div.busyDialog p {
- margin:0;
- padding: 5px;
- }
- /* Footer */
- #footer {
- width:627px;
- height:20px;
- background-color:#FFFFFF;
- font-family:Arial, Helvetica, sans-serif;
- font-size:0.8em;
- color:black;
- text-align:center;
- font-weight:normal;
- padding-top:1%;
- }
- /*Links - a, a:visited*/
- a {
- text-decoration: none;
- color: #000000;
- }
- a:visited {
- color:#000000;
- text-decoration:none;
- }
- /* Misc */
- .margin { /*margin between content & footer*/
- margin-top:1.5%;
- }
- #nav {
- width:627px;
- float:left;
- font-family:Arial, Helvetica, sans-serif;
- font-size:1.0em;
- color:#ffffff;
- }
- #nav ul {
- background-color:#ffffff;
- text-align:left;
- font-size:1.0em;
- font-family:Arial, Helvetica, sans-serif;
- margin-left:0.95%;
- padding-left:0;
- margin-top:-.55%;
- }
- #nav li {
- list-style-type:none;
- padding:1.6em 1em;
- display:inline;
- color:#5F5E61;
- }
- #imgHeader {
- margin-top:2%;
- }