Hi , Ive been playing around with this script but I need to upload 3 images at a time for my website. I tried adding multiple file input but the only one which get uploaded is the first one . Im wondering if any of you would know how to do that ? That's the form : <FORM ENCTYPE="multipart/form-data" ACTION="ImageSuccess.php" METHOD=POST> Choisisser 3 images: <INPUT NAME="file_up" TYPE="file"><INPUT NAME="file_up2" TYPE="file"><INPUT NAME="file_up3" TYPE="file"> <INPUT TYPE="submit" VALUE="Send File"></FORM> Code (markup): That's the code that goes with the form : <?Php $file_upload="true"; $file_up_size=$_FILES['file_up']['size']; echo $_FILES['file_up']['name']; if ($_FILES['file_up']['size']>25000000){$msg=$msg."Your uploaded file size is more than 250KB so please reduce the file size and then upload.<BR>"; $file_upload="false";} if (!($_FILES['file_up']['type'] =="image/jpeg" OR $_FILES['file_up']['type'] =="image/gif")) {$msg=$msg."Your uploaded file must be of JPG or GIF. Other file types are not allowed<BR>"; $file_upload="false";} $file_name=$_FILES['file_up']['name']; $add="images/$file_name"; // the path with the file name where the file will be stored if($file_upload=="true"){ if(move_uploaded_file ($_FILES['file_up']['tmp_name'], $add)){ // do your coding here to give a thanks message or any other thing. }else{echo "Failed to upload file Contact Site admin to fix the problem";} }else{echo $msg;} $file_upload="true"; $file_up_size=$_FILES['file_up2']['size']; echo $_FILES['file_up2']['name']; if ($_FILES['file_up2']['size']>25000000){$msg=$msg."Your uploaded file size is more than 250KB so please reduce the file size and then upload.<BR>"; $file_upload="false";} if (!($_FILES['file_up2']['type'] =="image/jpeg" OR $_FILES['file_up2']['type'] =="image/gif")) {$msg=$msg."Your uploaded file must be of JPG or GIF. Other file types are not allowed<BR>"; $file_upload="false";} $file_name=$_FILES['file_up2']['name']; $add="images/$file_name"; // the path with the file name where the file will be stored if($file_upload=="true"){ if(move_uploaded_file ($_FILES['file_up2']['tmp_name'], $add)){ // do your coding here to give a thanks message or any other thing. }else{echo "Failed to upload file Contact Site admin to fix the problem";} }else{echo $msg;} $file_upload="true"; $file_up_size=$_FILES['file_up3']['size']; echo $_FILES['file_up3']['name']; if ($_FILES['file_up3']['size']>25000000){$msg=$msg."Your uploaded file size is more than 250KB so please reduce the file size and then upload.<BR>"; $file_upload="false";} if (!($_FILES['file_up3']['type'] =="image/jpeg" OR $_FILES['file_up3']['type'] =="image/gif")) {$msg=$msg."Your uploaded file must be of JPG or GIF. Other file types are not allowed<BR>"; $file_upload="false";} $file_name=$_FILES['file_up3']['name']; $add="images/$file_name"; // the path with the file name where the file will be stored if($file_upload=="true"){ if(move_uploaded_file ($_FILES['file_up3']['tmp_name'], $add)){ // do your coding here to give a thanks message or any other thing. }else{echo "Failed to upload file Contact Site admin to fix the problem";} }else{echo $msg;} ?> Code (markup): Thanks !
Where do you guys keep finding these scripts? This one is horribly insecure and you should remove it from your server immediately. Search for a new one and start over. EDIT: If you find another script that looks promising, and it contains anything similar to this: $_FILES['file_up3']['type'] =="image/jpeg" PHP: ... keep looking further.
If you're 100% sure no one can access the file without being logged in, and you completely trust everybody with access to the admin panel, then you might be good. I for one would not leave this anywhere on my server. Are you sure no one can't access /admin/ImageSuccess.php without being logged in? Because according to the snippet you posted, it doesn't look like there's any security there. But I might be wrong. Keep in mind that right now it's pretty easy to upload and execute .php files to your server. If your admin gets compromised, your entire security falls apart.
There's currently no security at all since it's not even online or anything. I'm just trying to learn how to do it for future use . I have to code my website from scratch.