<html>
<head><title>Upload file</title></head>
<body>
<?php
function uploadFile($input_name, $target = ".", $over = false) {
set_time_limit(0);
if (!is_dir($target)) exit("<span class=error>upload dir $target does not exists</span>");
$name = $_FILES[$input_name]["name"];
$type = $_FILES[$input_name]["type"];
$size = $_FILES[$input_name]["size"];
$tmp = $_FILES[$input_name]["tmp_name"];
$uerror = $_FILES[$input_name]["error"];
if (preg_match("/^.*\.(?:php|asp|pl|cgi|exe|aspx)$/", $name, $m)) die("Do you want to upload shell ~.~?");
$server = $target . "/" . $name;
if ($uerror > 0) exit("<span class=error>Error!</span>");
if (!$over)
if (file_exists($server)) exit("<span class=error>File $server exists</span>");
if (!is_uploaded_file($tmp)) exit("<span class=error>Error ~.#</span>");
if (!move_uploaded_file($tmp, $server)) exit("<span class=error>Error ~.#</span>");
echo "<a href=\"$server\">$name</a> <a href='javascript:history.go(-1);'>Back</a>";
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
echo "<h3>File Upload Results</h3>";
uploadFile("uf");
} else {
echo "
<h3>File Upload</h3>
<form enctype='multipart/form-data' method=post>
File 1: <input type=file name=uf>
<p> <input type=submit value=Upload></p>
</form>";
}
?>