<?php
////////////////////////////////////
// © 2009 Wouter De Schuyter
// info[@]paradox-productions[.]net
// http://paradox-productions.net/
// UPLOAD SCRIPT V1.0
////////////////////////////////////

/* NOTE
*******
!! DON'T FORGET TO CHMOD THE UPLOAD FOLDER TO 0777

THIS WORK IS LICENSED UNDER A CREATIVE COMMONS ATTRIBUTION 3.0 LICENSE.
THIS MEANS YOU MAY USE IT FOR ANY PURPOSE, AND MAKE ANY CHANGES YOU LIKE.
ALL I ASK IS TO LEAVE THE ORIGINAL COPYRIGHT AT TOP OF THE SCRIPT.
VIEW LICENSE ONLINE: http://creativecommons.org/licenses/by/3.0/
*/

/* CONFIG
*********/

$extensions = array('png', 'gif', 'jpg', 'jpeg', 'bmp', 'pdf', 'doc', 'docx', 'html', 'psd', 'css'); // ALLOWED EXTENSIONS
$tfolder = "uploads/"; // UPLOADS FOLDER WITH "/" AT THE END (JUST DIR)!
$scriptloc = "http://paradox-productions.net/upload-project/"; // SCRIPT LOCATION WITH "/" AT THE END (FULL URL)!
$maxfsize = 3; // MAXIMUM FILESIZE (IN MEGABYTES)

    // CHECK IF THE FORM HAS BEEN SUBMITTED
    if($_SERVER['REQUEST_METHOD'] == "POST") {
        $fname = $_FILES['filen']['name']; // FILE NAME FOR EXTENSION CHECK
        $fext = strtolower(end(explode('.', $fname))); // GET EXTENSION
        $ftemp = $_FILES['filen']['tmp_name']; // TEMP NAME
        $newname = md5(rand(rand(1, 9999), rand(1, 9999))) . "." . $fext; // RANDOM NUMBER BETWEEN 2 RANDOM NUMBERS BETWEEN 1 AND 9999 AND MD5 ENCODED = RANDOM FILE NAME
        $target = $tfolder . $newname; // LOCATION FILE
        
        // CHECK IF THERE IS A FILE SELECTED
        if(!empty($fname)) {
            // CHECK THE EXTENSION
            foreach($extensions as $check) {
                if($check == $fext) {
                    $extensioncheck = true;
                }
            }
            // IF EXTENSION IS ALLOWED
            if($extensioncheck == true) {
                // IF FILE IS TOO BIG
                if(filesize($ftemp) > $maxfsize * (1024*1024)) {
                    echo "Your file is too big. The maximum filesize is <b>" . $maxfsize . "</b>MB.";
                }
                // IF FILESIZE IS ALLOWED
                else {
					// CHECK FOR FALSE FILES EG image.php.gif (SOME SERVERS JUST TAKE .php AND THIS IS A POSSIBLE RISK)
					if(!strstr(strtolower($fname), "php")) {
						$upload = move_uploaded_file($ftemp, $target); // MOVE TO FOLDER WITH NEW RANDOM NAME
						// TRY TO MOVE THE FILE TO THE DIRECTORY
						if($upload) {
							echo "Your file has succesfully been uploaded.<br />Download link: <b>" . $scriptloc . $target . "</b>";
							$succes = true;
						}
						// UPLOAD ERROR
						else {
							echo "upload error";
						}
					}
					// WHEN THE FILE NAME CONTAINS php
					else {
						echo "Your file cannot contain the string 'php'!";
					}
                } // CLOSE FILESIZE ALLOWED ELSE FUNCTION
            } // CLOSE EXTENSION ALLOWED IF FUNCTION
            // EXTENSION ERROR
            else {
                echo "This extension is not allowed.";
            }
        } // CLOSE IF FILE SELECTED IF FUNCTION
        // NO FILE SELECTED ERROR
        else {
            echo "Please select a file to upload.";
        }
        
    } // CLOSE IF SUBMIT IS PRESSED FUNCTION
    
    // IF FILE WAS UPLOADED SUCESSFULLY HIDE FORM
    if($succes !== true) {
        echo '<form action="" method="post" enctype="multipart/form-data">';
        echo 'File: <input type="file" name="filen" /> <input type="submit" name="subform" value="Upload File!" />';
        echo '</form>';
    }
?> 