Because finding a working, customizable image upload script is hard nowadays, I decided to make my own (Not the best upload script, but it works).
This is fully customizable, and you can easily make it so that it submits the images to a database allowing you to add "Recently uploaded" and a "Share Image" pages. If you need help with that bit, just reply and ill tell you what to add :)

All you have to do is removed "exit;" from line 11 just to show that you actually read this and change the domains to your domain (Remember to CHMOD your folder).
Credit to Invent for telling me how to use arrays.

Demo: www.v-habbo.com/upload (http://www.v-habbo.com/upload)
Download link: http://v-habbo.com/upload/imager.zip

upload.php


<?php
$dir = "/home/vhabbo/public_html/images/uploads"; // This is the directory you wish your images to be uploaded. Change "vhabbo" to your username and remember to CHMOD to 777.
$maxsize = "10000000"; // This is the max file size
$types_alowed = array("gif", "png", "bmp", "jpg", "jpeg"); // These are the files alowed to upload
$websiteurl = ("v-habbo.com"); // Change this to your website URL, adding a www. is additional.

// Only edit below if you have knowledge in php.
if(isset($_FILES["file"])) {
$file = $_FILES["file"]["name"];
$dot = explode( ".", $file);
$tempname = $_FILES["file"]["tmp_name"];


$tmpname = $_FILES["file"]["tmp_name"];
$info = getimagesize( $tmpname );
$re1 = '(image)';

if ( $_FILES["file"]["size"] > $maxsize || $file == "" ) {
echo ( "<p>The following errors occured:<ul>" );
$end = "</ul></p>";

if($file == "") {
echo("<li>Please complete the required field \"File\".</li>");
$error2 = "1";
}
if($_FILES["file"]["size"] > $maxsize) {
echo("<li>The size of your image is too big.</li>");
}
}
else {
if ( preg_match( "/" . $re1 . "/is", image_type_to_mime_type( $info[2] ) ) ) {

$name = uniqid("img").$_FILES["file"]["name"]; // This will create a random name for the file
$newname = str_replace( " ", "_", $name); // This will replace any spaces in the file name
move_uploaded_file($tempname, "$dir/$newname");
echo("<img src=\"http://$websiteurl/images/uploads/$newname\" border=\"0\" />
<fieldset>
<legend>Direct Link:</legend>
<input type=\"text\" name=\"direct\" value=\"http://$websiteurl/images/uploads/$newname\" class=\"file\" size=\"100%\"><br>
</fieldset>
<legend>HTML Clode:</legend>
<input type=\"text\" name=\"direct\" value=\"&lt;a href=&quot;http://www.$websiteurl/upload&quot; target=&quot;_blank&quot;&gt;&lt;img src=&quot;http://$websiteurl/images/uploads/$newname&quot; border=&quot;0&quot;&gt;&lt;/a&gt;\" class=\"file\" size=\"100%\"><br>
</fieldset>");
}
else {
echo ( "<p>The following errors occured:<ul>" );
$end = "</ul></p>";
echo("<li>You can only upload image files.</li></ul></p>");
echo("$end");
}

}
}
else {
?>
<form method="post" enctype="multipart/form-data">
<fieldset>
<legend>Select File:</legend>
<input type="file" name="file" class="file" size="20"><br>
</fieldset>
<br>
<input class="submit" type="submit" value="Upload" name="submit">
</form>
<?
}
?>
Post updated by ,Jess, (Forum Super Moderator): On request of user.

Nice, this should be put in tutorials except it isn't one. It'll prevent a lot of threads.

Quite nice, although they're is some picky things, such as when you concatinate strings, you should use ' ' instead of " ", without the space, as ' ' is faster than " ".
uniqid, can be a bit slow, although it isn't deprecated yet.

Other than that it's really good! WD:)

Very nice but it would be better if you displayed a link as to where their image is.

Point it though, that this is just a base. If people want to add the links to the users image then they can do it by themselves.

Nicely done btw.

Point it though, that this is just a base. If people want to add the links to the users image then they can do it by themselves.

Nicely done btw.Take someone who knows jack crap about php, how do you expect him to add in code?

Looks quite nice, i'll try it out now.

EDIT;

Parse error: syntax error, unexpected '/', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/biolabs/public_html/test.php on line 42

Looks quite nice, i'll try it out now.

EDIT;
Urg, I wish the forum didn't change the code.

Try this, I had to remove the BB Code part :(


<?php
$dir = "/home/vhabbo/public_html/images/uploads"; // This is the directory you wish your images to be uploaded. Change "vhabbo" to your username and remember to CHMOD to 777.
$maxsize = "10000000"; // This is the max file size
$types_alowed = array("gif", "png", "bmp", "jpg", "jpeg"); // These are the files alowed to upload
$websiteurl = ("v-habbo.com"); // Change this to your website URL, adding a www. is additional.

// Only edit below if you have knowledge in php.
if(isset($_FILES["file"])) {
$file = $_FILES["file"]["name"];
$dot = explode( ".", $file);
$tempname = $_FILES["file"]["tmp_name"];


$tmpname = $_FILES["file"]["tmp_name"];
$info = getimagesize( $tmpname );
$re1 = '(image)';

if ( $_FILES["file"]["size"] > $maxsize || $file == "" ) {
echo ( "<p>The following errors occured:<ul>" );
$end = "</ul></p>";

if($file == "") {
echo("<li>Please complete the required field \"File\".</li>");
$error2 = "1";
}
if($_FILES["file"]["size"] > $maxsize) {
echo("<li>The size of your image is too big.</li>");
}
}
else {
if ( preg_match( "/" . $re1 . "/is", image_type_to_mime_type( $info[2] ) ) ) {

$name = uniqid("img").$_FILES["file"]["name"]; // This will create a random name for the file
$newname = str_replace( " ", "_", $name); // This will replace any spaces in the file name
move_uploaded_file($tempname, "$dir/$newname");
echo("<img src=\"http://$websiteurl/images/uploads/$newname\" border=\"0\" />
<fieldset>
<legend>Direct Link:</legend>
<input type=\"text\" name=\"direct\" value=\"http://$websiteurl/images/uploads/$newname\" class=\"file\" size=\"100%\"><br>
</fieldset>
<legend>HTML Clode:</legend>
<input type=\"text\" name=\"direct\" value=\"&lt;a href=&quot;http://www.$websiteurl/upload&quot; target=&quot;_blank&quot;&gt;&lt;img src=&quot;http://$websiteurl/images/uploads/$newname&quot; border=&quot;0&quot;&gt;&lt;/a&gt;\" class=\"file\" size=\"100%\"><br>
</fieldset>");
}
else {
echo ( "<p>The following errors occured:<ul>" );
$end = "</ul></p>";
echo("<li>You can only upload image files.</li></ul></p>");
echo("$end");
}

}
}
else {
?>
<form method="post" enctype="multipart/form-data">
<fieldset>
<legend>Select File:</legend>
<input type="file" name="file" class="file" size="20"><br>
</fieldset>
<br>
<input class="submit" type="submit" value="Upload" name="submit">
</form>
<?
}
?>
If you want the BB Code part, just simply download the file :D
http://v-habbo.com/upload/imager.zip

Now its...


Parse error: syntax error, unexpected '/', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/biolabs/public_html/test2.php on line 43

Now its...
Shouldn't be?
I edited it a couple of mins ago, try new 1 :P

Yeah, works now - thanks. :)

I just tried it on my site,

and when you get to the second part it loads a blank page of upload.php

Good job making an extremely vulnerable script, and you are not actually even checking the integrity of the file.

Warning: move_uploaded_file(/home/biolabs/public_html/images/uploads/) [function.move-uploaded-file (http://biolabs.x10hosting.com/function.move-uploaded-file)]: failed to open stream: Is a directory in /home/biolabs/public_html/upload.php on line 32

Warning: move_uploaded_file() [function.move-uploaded-file (http://biolabs.x10hosting.com/function.move-uploaded-file)]: Unable to move '/tmp/phpnpJstu' to '/home/biolabs/public_html/images/uploads/' in /home/biolabs/public_html/upload.php on line 32

This forum is mashed, it won't let me paste my code. :S

I just tried it on my site,

and when you get to the second part it loads a blank page of upload.php
tut tut some 1 didn't read :P
delete exit; from line 11.

Good job making an extremely vulnerable script, and you are not actually even checking the integrity of the file.
Why use a word that I have never heard of?

Is it even possible to not have heard any of those words before :/

Hmmmmm

This forum is mashed, it won't let me paste my code. :S
create a folder called uploads in your image dir :P

http://www.nivade.com/upload.php

Doesn't work, I get the same error as Biohazard.

Edit: Done that, and no difference.

Arbitrary File Upload Vulnerability

create a folder called uploads in your image dir :P

I did that at the start, it doesn't work. :P

Don't use the script unless you want someone uploading PHP files to your server.

http://v-habbo.com/images/uploads/img485bd3b334294270911980_0baa512314.jpg

Actually, I'll find another uploader, thanks anyway :P



<?php
$dir = "/home/vhabbo/public_html/images/uploads"; // This is the directory you wish your images to be uploaded. Change "vhabbo" to your username and remember to CHMOD to 777.
$maxsize = "10000000"; // This is the max file size
$websiteurl = ("vhabbo.com"); // Change this to your website URL, adding a www. is additional.
$types_alowed = array("gif", "png", "bmp", "jpg", "jpeg"); // These are the files alowed to upload

// Only edit below if you have knowledge in php.
if(isset($_FILES["file"])) {
$file = $_FILES["file"]["name"];
$dot = explode( ".", $file);
$tempname = $_FILES["file"]["tmp_name"];

if($_FILES["file"]["size"] > $maxsize || $file == "" || !in_array($dot[1], $types_alowed)) {
echo("<p>The following errors occured:<ul>");
$end = "</ul></p>";
$error = "1";
}

if($file == "") {
echo("<li>Please complete the required field \"File\".</li>");
$error2 = "1";
}
if(!in_array($dot[1], $types_alowed) && $error2 != "1") {
echo("<li>You can only upload image files.</li>");
}
if($_FILES["file"]["size"] > $maxsize) {
echo("<li>The size of your image is too big.</li>");
}
echo("$end");
if($error != "1") {
$name = uniqid("img").$_FILES["file"]["name"]; // This will create a random name for the file
$newname = str_replace( " ", "_", $name); // This will replace any spaces in the file name
move_uploaded_file($tempname, "$dir/$newname");
echo("<img src=\"http://". $websiteurl ."/images/uploads/$newname\" border=\"0\" />
<fieldset>
<legend>Direct Link:</legend>
<input type=\"text\" name=\"direct\" value=\"http://". $websiteurl ."/images/uploads/$newname\" class=\"file\" size=\"100%\"><br>
</fieldset>
<legend>HTML Clode:</legend>
<input type=\"text\" name=\"html\" value=\"&lt;a href=&quot;http://". $websiteurl ."/upload&quot; target=&quot;_blank&quot;&gt;&lt;img src=&quot;http://v-habbo.com/images/uploads/$newname&quot; border=&quot;0&quot;&gt;&lt;/a&gt;\" class=\"file\" size=\"100%\"><br>
</fieldset>
");
}
}
else {
?>
<form method="post" enctype="multipart/form-data">
<fieldset>
<legend>Select File:</legend>
<input type="file" name="file" class="file" size="20"><br>
</fieldset>
<br>
<input class="submit" type="submit" value="Upload" name="submit">
</form>
<?
}
?>


That code is probably easier to use for the newbies, I removed line 11, I added websiteURL, change that too your Site URL (Don't add a HTTP)

Sorry if your thread xD

With the help of Caleb, I have fixed the problem with uploading .gif.php files.
The downloadable version and the starter thread code should now work :)

With the help of Caleb, I have fixed the problem with uploading .gif.php files.
The downloadable version and the starter thread code should now work :)

So the error that I posted, will now be fixed?

Yay - you used my mini addon thing :D

So the error that I posted, will now be fixed?
I think the error your getting is just setup.


Yay - you used my mini addon thing :D
Yep, thought I credited you in the post. :(

I think the error your getting is just setup.


Yep, thought I credited you in the post. :(
lol, it's ok :)

I have updated the demo and download link.
There now is:
- Private upload (Doesn't display on recently uploaded page)
- Recently Uploaded page
- Share Page

Demo:
www.v-habbo.com/upload

Download:
www.v-habbo.com/upload/imager.zip

That layout is reminding me of TehUpload too much :|

That layout is reminding me of TehUpload too much :|
Yea, thats what I was thinking. But its the easiest layout to design and code :(

I don't want a billion TehUpload clones popping up.

I don't want a billion TehUpload clones popping up.
Its not good enought to be a clone :P
Anyways, yours has a desktop application, thats a big advantage.

Jack, just so you know, its pretty unstable, as you can upload any files such as .psd, .tmp, .php.gif. Who knows how many more!


I don't want a billion TehUpload clones popping up.

But its just a basic fieldset, and its not like any of the others will even come close to being as popular as TehUpload. :P

Still, it looks too much like it for my liking.

Jack, just so you know, its pretty unstable, as you can upload any files such as .psd, .tmp, .php.gif. Who knows how many more!

Caleb told me how to fix that. You be able to upload them in the new version?
About the psd, that's the only one which needs fixing :(

Caleb told me how to fix that. You be able to upload them in the new version?
About the psd, that's the only one which needs fixing :(


.tmp is also uploadable, but thats fine, unless it has another extension at the end such as .tmp.php. ;)

Can't edit.

I've just looked at the new one, and it does look a lot like TehUpload. :P

It looks so good though. :(

Sorry but you're uploader just got put out of business :(

Sorry but you're uploader just got put out of business :(
But my uploader wasn't in business in the first place?

Also.. explain..