Fully-Featured Upload Facility..
One Single PHP File.
Multiple Upload Slots.
Brain-Dead Simple Operation.
Secure, Reliable Uploading.
Optional User Comments.
Web Master Email Notifications.
Even attaching a zip of the uploads!
100% HTML5 Output.
Drop in, Upload..
corz simple upload is, as the name implies, an extremely simple upload facility for your web site.
Tested and tweaked over a decade of continual use to produce the most reliable results across all browsers, corz simple upload can not only handle your uploading needs securely, but let you know all about it, with instant web master email notifications, even attaching the uploaded files to the email.
corz simple upload is simple to install (drop it somewhere, set a couple of prefs) and simple to use..
Note you MUST ensure that both
upload_max_filesizephp directives are large enough to handle the largest file you expect to upload, or the upload will fail. The "
MAX_FILE_SIZE" (in bytes) hidden form element is often (usually) ignored by browsers, don't trust it.
In a default installation, the upload filesize is set to 10MB, as are the php directives at my site, in the relevant .htaccess file..
php_value upload_max_filesize 10M
php_value post_max_size 10M
If you run php as a cgi/FastCGI/etc., you would have the directives in your relevant
.user.inifile in a per-site configuration)..
upload_max_filesize = 10M
post_max_size = 10M
If an error occurs during any upload, the script will attempt to explain.
Uploading large files PHP is generally not an ideal scenario, and a decent FTP server is preferable every time! Having said that, this very script is responsible for a HUGE amount of successful; though highly suspect, content-wise; uploads to corz.org!
0.9.6: Added optional User comments.
0.9: uploaded files are now zipped before attaching to admin notifications mails.
multiple files are simply added to the original archive, named "first-file.zip"
Note: they are zipped before any name transformations.
0.8: simple upload can now mail you the uploaded file as an attachment to your notification.
0.7: HTML5 output, added more "unsafe" types, fixed minor php warnings.
0.6: upload.php can now mail you on new uploads.
0.4: the XHTML upgrade - you can style things easily enough now.
0.3.5: added more extensions to the security checks (some servers will parse anything!).
0.3.4: added stripslashes to catch names with "'" (apostrophe characters) in them.
0.1-0.3: test releases.
corz simple upload is FREE!
You can view the php source code here..
And a ready-to-go zip is right here..download
click to see zip archive contentsLIVE MD5+SHA1 Multi-Hashes..
# made with checksum.. point-and-click hashing for windows (64-bit edition). # from corz.org.. http://corz.org/windows/software/checksum/ # #email@example.com:33 8457c499d0e06a5f829c87bd3de9a09d *upload.zip
Finally, I should mention that if you do have a working upload facility on your own web site (like the one above), you will start to collect all sorts of interesting documents, mainly web "attack" scripts like c99.php,
r57.phpand their many variants.
All these lame attempts fail, of course - simple upload knows just how to handle this sort of malarkey, but BE WARNED! Many of the script people will upload would be dangerous to run (in a web browser), even once you get them home.
It's fun to look, but be careful of the environment you are in when looking!
You will also get lots of strange images.
Some will be keepers!
If you have a question, feel free to leave a comment, below. I don't expect it to get too busy; simple upload usually just works! Hence the name!
Welcome to the comments facility!
Mine doesn't look as nice as yours! What's up with that?
Feel free to grab a copy of my style sheet for your own use, here..
Then edit the path inside your copy of upload.php to match wherever you put it..
<link rel="stylesheet" href="/path/to/upload.css" type="text/css" media="screen" />
Note; there are a few styles in there that you won't need - edit as required.
This is very good and extremely useful - I need something very simple for the wife to use on her web site to upload pictures.
I've changed the name from "upload.php" but is there any way bots or hackers can read through her site and identify the code contained within the php file - even though its now called something else? Just worried about security.
TIA - fantastic work btw
Assuming a web server is correctly setup, there is NO WAY for bots, "hackers", or anything else to be able to read the source code of your scripts. Once they load the page, it's obvious what it is, but that is simply not a problem.
Seriously, worry not; simple upload was designed to be openly available on the web and has survived tens of thousands of attempted hacks over the years. I link to my own copy from every page!
Your wife will very likely get daily emails with interesting things, as I do; many not safe to run from even a sandboxed web browser, but that's about it.
This is a great script i would like to know whether it would be possible for to alter the script so that it creates a new directory for every upload.
No email for me. Is there any email config besides the address that should be made?
Thanks for the script.
I first had problems with sending mail as well.
The problem was the "from:" header.
My web hoster requires the "from:" email address to exist in my account in order to send mail.
Hi there - I find that the upload changes the file settings from 644 to 1411 which cannot be read by a browser - do you know of a solution to this?
Your upload software is very simple to use - I just put the .php file in the loading directory.
Hoping you can help,
You could use use the server to set them to something else. A php script, for example.
See here: http://php.net/manual/en/function.chmod.php
Get something like this: https://gist.github.com/jasperf/5755794
Great script and I am using it on a forum I am developing. I would prefer to make the script for images only though. Is there a quick fix for this?
If you are a complete beginner, check out what I do with the "transform_types" array. Instead of checking for extensions to transform, you will check for extensions to allow; i.e. images. If it isn't an image, you can just error out right there.
You will want to do this fairly early on in the process, so as not to waste server resources with non-images; before simple upload sends email, perhaps.