A simple upward triangle inside a box - what do you expect? it's free! corz simple upload

Fully-Featured Upload Facility..

Drop in, Upload..

corz simple upload is, as the name implies, an extremely simple upload facility for your web site.

Tested and tweaked over a decade of continual use to produce the most reliable results across all browsers, corz simple upload can not only handle your uploading needs securely, but let you know all about it, with instant web master email notifications, even attaching the uploaded files to the email.

corz simple upload is simple to install (drop it somewhere, set a couple of prefs) and simple to use..

To use..

Note you MUST ensure that both post_max_size and upload_max_filesize php directives are large enough to handle the largest file you expect to upload, or the upload will fail. The "MAX_FILE_SIZE" (in bytes) hidden form element is often (usually) ignored by browsers, don't trust it.

In a default installation, the upload filesize is set to 10MB, as are the php directives at my site, in the relevant .htaccess file..

php_value upload_max_filesize 10M
php_value post_max_size 10M

If you run php as a cgi/FastCGI/etc., you would have the directives in your relevant php.ini (or .user.ini file in a per-site configuration)..

upload_max_filesize = 10M
post_max_size = 10M

If an error occurs during any upload, the script will attempt to explain.

Uploading large files PHP is generally not an ideal scenario, and a decent FTP server is preferable every time! Having said that, this very script is responsible for a HUGE amount of successful; though highly suspect, content-wise; uploads to corz.org!


0.9.6: Added optional User comments.

0.9: uploaded files are now zipped before attaching to admin notifications mails.
     multiple files are simply added to the original archive, named "first-file.zip"

     Note: they are zipped before any name transformations.

0.8: simple upload can now mail you the uploaded file as an attachment to your notification.

0.7: HTML5 output, added more "unsafe" types, fixed minor php warnings.

0.6: upload.php can now mail you on new uploads.

0.4: the XHTML upgrade - you can style things easily enough now.

0.3.5: added more extensions to the security checks (some servers will parse anything!).

0.3.4: added stripslashes to catch names with "'" (apostrophe characters) in them.

0.1-0.3: test releases.

corz simple upload is FREE!
Help Yourself..

You can view the php source code here..

php document icon, transparent

And a ready-to-go zip is right here..



click to see zip archive contents

LIVE MD5+SHA1 Multi-Hashes..
# made with checksum.. point-and-click hashing for windows (64-bit edition). # from corz.org.. http://corz.org/windows/software/checksum/ # #md5#upload.zip#2021.12.30@04.15:33 8457c499d0e06a5f829c87bd3de9a09d *upload.zip


Finally, I should mention that if you do have a working upload facility on your own web site (like the one above), you will start to collect all sorts of interesting documents, mainly web "attack" scripts like c99.php, r57.php and their many variants.

All these lame attempts fail, of course - simple upload knows just how to handle this sort of malarkey, but BE WARNED! Many of the script people will upload would be dangerous to run (in a web browser), even once you get them home.

It's fun to look, but be careful of the environment you are in when looking!

You will also get lots of strange images.
Some will be keepers!

Have fun!

;o) corz.org


If you have a question, feel free to leave a comment, below. I don't expect it to get too busy; simple upload usually just works! Hence the name!

Welcome to the comments facility!

cvxv - 30.06.14 11:34 pm


Segwhey - 17.10.14 12:33 am

Mine doesn't look as nice as yours! What's up with that?

That's because you don't have any CSS!

Feel free to grab a copy of my style sheet for your own use, here..


Then edit the path inside your copy of upload.php to match wherever you put it..

<link rel="stylesheet" href="/path/to/upload.css" type="text/css" media="screen" />

Note; there are a few styles in there that you won't need - edit as required.


REG - 23.10.15 8:48 pm

This is very good and extremely useful - I need something very simple for the wife to use on her web site to upload pictures.

I've changed the name from "upload.php" but is there any way bots or hackers can read through her site and identify the code contained within the php file - even though its now called something else? Just worried about security.

TIA - fantastic work btw smiley for :)

You don't have to worry about security. So long as the final resting place of the files is somewhere folk can't get to, all is well.

Assuming a web server is correctly setup, there is NO WAY for bots, "hackers", or anything else to be able to read the source code of your scripts. Once they load the page, it's obvious what it is, but that is simply not a problem.

Seriously, worry not; simple upload was designed to be openly available on the web and has survived tens of thousands of attempted hacks over the years. I link to my own copy from every page!

Your wife will very likely get daily emails with interesting things, as I do; many not safe to run from even a sandboxed web browser, but that's about it.


T.M Sincuba - 06.10.16 7:19 pm


This is a great script i would like to know whether it would be possible for to alter the script so that it creates a new directory for every upload.


Of course! It's PHP! ;o)

Jake Tous - 03.11.16 9:57 am

hismiley for :lol:smiley for :ken:

ufa - 24.11.16 8:22 am

No email for me. Is there any email config besides the address that should be made?

Please email me what your log says about it. ;o)

ps. I got your mail this morning and replied but the mail came back as the address you gave does not exist (the host name is invalid). This may be the cause of your mail issues. Please supply me with a working email address.

Mike - 26.04.18 6:38 pm

Thanks for the script.
I first had problems with sending mail as well.
The problem was the "from:" header.
My web hoster requires the "from:" email address to exist in my account in order to send mail.

Alan - 04.05.18 7:43 am

Hi there - I find that the upload changes the file settings from 644 to 1411 which cannot be read by a browser - do you know of a solution to this?
Your upload software is very simple to use - I just put the .php file in the loading directory.
Hoping you can help,

Cor - 04.05.18 8:31 am

You could use use the server to set them to something else. A php script, for example.

See here: http://php.net/manual/en/function.chmod.php

Get something like this: https://gist.github.com/jasperf/5755794


MKJ - 15.12.19 12:38 am


Great script and I am using it on a forum I am developing. I would prefer to make the script for images only though. Is there a quick fix for this?


If you are a developer, you should find it pretty easy to hack in such a facility. Look inside the code; it's really simple in there, precisely so that it's easy to hack!

If you are a complete beginner, check out what I do with the "transform_types" array. Instead of checking for extensions to transform, you will check for extensions to allow; i.e. images. If it isn't an image, you can just error out right there.

You will want to do this fairly early on in the process, so as not to waste server resources with non-images; before simple upload sends email, perhaps.


aaaa - 14.01.24 3:20 am

Using the HTTP_HOST as the sending domain for e-mails isn't going to work in many cases because of DMARC or whatever

I mutilated my copy of the script to get what I wanted but there should really be a variable to more easily customize this.

First, confirm that you are human by entering the code you see..

(if you find the code difficult to decipher, click it for a new one!)

Enter the 5-digit code this text sounds like :

lower-case em, Upper-Case You, too!, lower-case em, Upper-Case See


Welcome to corz.org!

I'm always messing around with the back-end.. See a bug? Wait a minute and try again. Still see a bug? Mail Me!