I am currently making a little web portal for a small group of people to download files & manuals. In the site I also want people to be able to upload files so I am using Mini Ajax File Upload. On the upload form I want to have a dropdown box so people can choose where they want the files to be uploaded. I'm just having trouble figuring out how to do this dropdown to change the upload directory.
The upload directory is set here:
if(move_uploaded_file($_FILES['upl']['tmp_name'], 'uploads/'.$_FILES['upl']['name'])){
echo '{"status":"success"}';
exit;
}
I've found a solution and modified it so it does what I want it to. Here's the script in case anyone else ever wants it. Please note that this exposes the directory structure of your server, and it also has a shell_exec wget feature that exposes you to injection. This is not safe / secure by itself, you need to add security on top or use publicly at your own risk.
The script will let users choose a folder in the same directory as this script to upload a file, they can also enter a URL of a file and have the server download it (on Linux servers).
<?php
if ($_POST['variable'] == '')
{
$variable = './'; // default folder
}
else
{
$variable = $_POST['variable'] ;
}
$folder = $variable;
$uploadpath = "$folder/";
$max_size = 2000000;
$alwidth = 90000;
$alheight = 90000;
$allowtype = array('bmp', 'gif', 'jpg', 'jpe', 'jpeg', 'png', 'psd', 'tga', 'tif', '7z', 'bz', 'gz', 'rar', 'tar', 'zip', 'aac', 'flac', 'mid', 'midi', 'mp3', 'ogg', 'wma', 'wav', 'c', 'class', 'cpp', 'css', 'erb', 'htm', 'html', 'java', 'js', 'php', 'pl', 'py', 'rb', 'xhtml', 'xml', 'accdb', 'db', 'dbf', 'mdb', 'pdb', 'sql', 'csv', 'doc', 'docx', 'odt', 'pdf', 'xls', 'xlsx', 'ppt', 'app', 'bat', 'com', 'exe', 'jar', 'msi', 'vb', 'eot', 'otf', 'ttf', 'woff', 'gam', 'nes', 'rom', 'sav', 'box', 'deb', 'rpm', 'bat', 'cmd', 'sh', 'cfg', 'ini', 'log', 'md', 'rtf', 'txt', 'ai', 'drw', 'eps', 'ps', 'svg', 'avi', 'flv', 'mkv', 'mov', 'mp4', 'mpg', 'ogv', 'webm', 'wmv', 'swf', 'bak', 'msg', 'blank');
$wgeturl = $_POST['wget-url'];
$command = "wget -P $uploadpath $wgeturl";
$output = shell_exec($command);
if(isset($_FILES['fileup']) && strlen($_FILES['fileup']['name']) > 1) {
$uploadpath = $uploadpath . basename( $_FILES['fileup']['name']);
$sepext = explode('.', strtolower($_FILES['fileup']['name']));
$type = end($sepext);
list($width, $height) = getimagesize($_FILES['fileup']['tmp_name']);
$err = '';
if(!in_array($type, $allowtype)) $err .= 'The file: <b>'. $_FILES['fileup']['name']. '</b> not has the allowed extension type.';
if($_FILES['fileup']['size'] > $max_size*1000000) $err .= '<br/>Maximum file size must be: '. $max_size. ' KB.';
if(isset($width) && isset($height) && ($width >= $alwidth || $height >= $alheight)) $err .= '<br/>The maximum Width x Height must be: '. $alwidth. ' x '. $alheight;
if($err == '') {
if(move_uploaded_file($_FILES['fileup']['tmp_name'], $uploadpath)) {
echo 'File: <b>'. basename( $_FILES['fileup']['name']). '</b> successfully uploaded:';
echo '<br/>File type: <b>'. $_FILES['fileup']['type'] .'</b>';
echo '<br />Size: <b>'. number_format($_FILES['fileup']['size']/1024, 3, '.', '') .'</b> KB';
if(isset($width) && isset($height)) echo '<br/>Image Width x Height: '. $width. ' x '. $height;
echo '<br/><br/>Image address: <b>http://'.$_SERVER['HTTP_HOST'].rtrim(dirname($_SERVER['REQUEST_URI']), '\\/').'/'.$uploadpath.'</b>';
}
else echo '<b>Unable to upload the file.</b>';
}
else echo $err;
}
?>
<div style="margin:1em auto; width:333px; text-align:center;">
</div>
<div style="margin:1em auto; width:333px; text-align:center;">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" enctype="multipart/form-data">
<b>Upload from URL:</b> <input type="text" name="wget-url" value="URL to file"><br\>
<input type="file" name="fileup" /><br/>
<select name="variable" />
<option value="" selected="selected">Select a folder</option>
<form name="input" action="upload.php" method="post" onchange="this.form.submit()">
<?php
$dirs = glob("*", GLOB_ONLYDIR);
foreach($dirs as $val){
echo '<option value="'.$val.'">'.$val."</option>
";
}
?>
</select>
<button type="submit" class="btn btn-primary btn-lg" name='submit' value="Upload" />Upload</button>
</div>
</form>