<?php
$function = $_GET['action'];
$currentloc = $HTTP_SERVER_VARS['DOCUMENT_ROOT'];
switch ($function)
{
case 'upload':
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of
// $_FILES. In PHP earlier then 4.0.3, use copy() and is_uploaded_file()
// instead of move_uploaded_file
$uploaddir = '/var/www/html/upload/uploads/';
$uploadfile = $uploaddir. basename($_FILES['userfile']['name']);
print $currentloc;
print "<pre>";
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded. ";
print "Here's some more debugging info:\n";
print_r($_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
print "</pre>";
break;
default:
print $currentloc;
echo '<html><head><title>Upload files</title></head>\n
<body bgcolor = "#78F0B4">
<Font color = "#ff0000">
<h2>Upload a file</h2>
<form enctype="multipart/form-data" action="upload.php?action=upload" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="30000000">
Send this file: <input name="userfile" type="file"><br>
<input type="submit" value="Send File">
</form>';
break;
}
?>