!!INDEX.PHP
Código PHP :
<?php
// VARIABLES
//NAME //DESCRIPTION
$basedir = "images/"; //The directory for storing files.
$thisDir = "p"; //The directory that this file is stored in. No slashes.
$maxFileSize = 10000000; //The maximum size in bytes that an uploaded file can be.
$ftypes = array("gif","jpg","png","bmp","tiff","tif","jpeg");
//^ Allowed filetypes.
//YOU DO NOT NEED TO EDIT ANYTHING BEYOND THIS POINT
if (!$_REQUEST["fd"]) $fd = $basedir;
else $fd = $_REQUEST["fd"];
$ud = $fd; //Upload Directory. This should always be the same as $fd.
function isDirOkay($dir, $basedir, $thisDir) { //Kind of hackish.
if (substr($dir,0,1)=="/" || substr_count($dir,"../") > substr_count($basedir,"../") || $dir==$basedir.$thisDir)
die(messageBox("ERROR: Forbidden directory.", "index.php?fd=".$fd, TRUE));
}
isDirOkay($fd, $basedir, $thisDir);
function messageBox($msgtxt, $redir, $errbox=FALSE) { //Message Box
if ($errbox==TRUE) $boxtype = "errorbox";
else $boxtype = "messagebox";
echo("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html xmlns=\"http://www.w3.org/1999/xhtml\">
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\" />
<meta http-equiv=\"refresh\" content=\"10;$redir\" />
<link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\" />
<title>$msgtxt</title>
</head>
<body>
<div class=\"$boxtype\">
<p>$msgtxt</p>
<p><a href=\"$redir\" class=\"actn\">Okay.</a></p>
</div>
</body>
</html>");
}
function getDir($dir) { //Get contents of directory. Now supports PHP 4 and 5.
if (version_compare(PHP_VERSION, "5.0.0", ">=")) return scandir($dir);
else {
$dh = opendir($dir);
while (false !== ($filename = readdir($dh))) {
$files[] = $filename;
}
sort($files);
return $files;
}
}
function updir($curdir) {
$dir = explode("/", $curdir);
unset($dir[count($dir)-2]);
return "index.php?fd=".implode("/",$dir);
}
/** By stefano at takys dot it (found on www.php.net/rmdir)
* rm() -- Very Vigorously erase files and directories. Also hidden files !!!!
*
* @param $dir string
* be carefull to:
* if($obj=='.' || $obj=='..') continue;
* if not it will erase all the server...it happened to me ;)
* the function is permission dependent.
*/
function rm($dir) {
if(!$dh = @opendir($dir)) return;
while (($obj = readdir($dh))) {
if($obj=='.' || $obj=='..') continue;
if (!@unlink($dir.'/'.$obj)) rm($dir.'/'.$obj);
}
@rmdir($dir);
}
if (!$_REQUEST["a"]) { //Index Page
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>The Picturebox</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="-1">
<meta http-equiv="Cache-Control" content="no-cache">
<link rel="stylesheet" type="text/css" href="style.css">
<script type="text/javascript">
<!--
function confDelete(filename) {
var primaryOK = confirm("Are you sure you want to delete "+filename+"?");
if (primaryOK==true) {
var secondaryOK = confirm("Are you REALLY sure?");
if (secondaryOK==true) { window.location="index.php?a=del&fd=<?php echo($fd); ?>&filename="+filename; }
else { alert("Phew... Saved it. No action was taken."); }
}
else { alert("ABORT! ABORT! The file was not deleted."); }
}
function confDeleteDir(dirname) {
var primaryOK = confirm("Are you sure you want to delete the directory "+dirname+" and ALL of its contents?");
if (primaryOK==true) {
var secondaryOK = confirm("Are you REALLY sure?");
if (secondaryOK==true) { window.location="index.php?a=dld&fd=<?php echo($fd); ?>&dirname="+dirname; }
else { alert("Phew... Saved it. No action was taken."); }
}
else { alert("ABORT! ABORT! The directory was not deleted."); }
}
-->
</script>
</head>
<body>
<div class="fldiv"> <p class="dtitle">Files</p>
<table>
<?php
$curdir = $fd;
$curdir = ereg_replace(addcslashes($basedir, "."),"Home » ",$curdir);
$curdir = ereg_replace("/"," » ",$curdir);
echo "<p class=\"curdir\">Current Directory: $curdir";
if ($fd!=$basedir) echo " <a class=\"actn\" href=\"".updir($fd)."\">Up</a>";
echo "</p>";
clearstatcache();
$flist = getDir($fd);
$nsofar = 0;
echo "<tr>";
for ($i=2; $i<count($flist); $i++) {
$fnf = explode(".", $flist[$i]);
$fext = strtolower($fnf[count($fnf)-1]);
if ((in_array($fext, $ftypes) || is_dir($fd.$flist[$i])) && $flist[$i]!=$thisDir) {
$f2 = "";
if ($nsofar==5) {
echo "</tr><tr>";
$nsofar = 0;
}
$nsofar++;
if ($i%2==0) $f2 = "2";
/*dir*/ if (is_dir($fd.$flist[$i])) echo "<td class=\"pic".$f2."\"><a href=\"index.php?fd=".$fd.$flist[$i]."/\"><img border=\"0\" src=\"f.png\" width=\"128\" height=\"128\" alt=\"".$flist[$i]."\"/></a><br /><a class=\"pname\" href=\"".$fd.$flist[$i]."\">".$flist[$i]."</a> <a class=\"actn\" href=\"#\" onClick=\"confDeleteDir('".$flist[$i]."')\">Delete</a></td>";
/*pic*/ else {
$imgprop = getimagesize($fd.$flist[$i]);
$width = $imgprop[0];
$height = $imgprop[1];
if ($width<=128 && height<=128) {
$picWidth = $width;
$picHeight = $height;
}
elseif ($width>$height) {
$picWidth = 128;
$picHeight = 128 * $height / $width;
}
else {
$picHeight = 128;
$picWidth = 128 * $width / $height;
}
echo "<td class=\"pic".$f2."\"><a href=\"".$fd.$flist[$i]."\"><img border=\"0\" src=\"".$fd.$flist[$i]."\" width=\"".round($picWidth,0)."\" height=\"".round($picHeight, 0)."\" alt=\"".$flist[$i]."\"/></a><br /><a class=\"pname\" href=\"".$fd.$flist[$i]."\">".$flist[$i]."</a> <a class=\"actn\" href=\"#\" onClick=\"confDelete('".$flist[$i]."')\">Delete</a></td>";
}
}
}
?>
</table>
</div>
<div class="fnc"> <p class="dtitle">Upload File</p>
<div class="fnctn" id="uploadfile" style="margin-bottom:30px">
<form action="index.php" method="post" name="upl" enctype="multipart/form-data">
<input type="hidden" name="a" value="upl" />
<input type="hidden" name="fd" value="<?php echo($fd) ?>" />
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo($maxFileSize); ?>" />
Upload file <input type="file" name="upFile" />
<input type="submit" name="go" value="Go >" />
</form>
</div>
<p class="dtitle">New Directory</p>
<div class="fnctn" id="mkdir">
<form action="index.php" method="post" name="mkd">
<input type="hidden" name="a" value="mkd" />
<input type="hidden" name="fd" value="<?php echo($fd) ?>" />
Directory Name: <input type="text" name="dirname" value="" />
<input type="submit" name="go" value="Go >" />
</form>
</div>
</div>
</body>
</html>
<?php }
elseif ($_REQUEST["a"] == "upl") { //Upload File
$ufname = stripslashes(basename($_FILES['upFile']['name']));
$fnf = explode(".", $ufname);
$fext = strtolower($fnf[count($fnf)-1]);
if (in_array($fext, $ftypes)) {
$uf = $ud.$ufname;
if (move_uploaded_file(stripslashes($_FILES['upFile']['tmp_name']), $uf)!=1) die(messageBox("ERROR: File upload failed.", "index.php?fd=".$fd, TRUE));
chmod($uf, 0755);
messageBox("The file ".$ufname." was uploaded.", "index.php?fd=".$fd);
}
else die(messageBox("ERROR: That file type is not permitted.", "index.php?fd=".$fd, TRUE));
}
elseif ($_REQUEST["a"] == "mkd") { //Make Directory
if (ereg('\/', $_REQUEST["dirname"])==1) die(messageBox("ERROR: Working out of directory is forbidden. Do not add any trailing slashes at the end of the directory name.", "index.php?fd=".$fd, TRUE));
if (file_exists($fd.$_REQUEST["dirname"])) die(messageBox("ERROR: The file ".$_REQUEST["dirname"]." already exists!", "index.php?fd=".$fd, TRUE));
///////////////////////////
if (mkdir($fd.$_REQUEST["dirname"], 0755)==1) messageBox("The directory ".$_REQUEST["dirname"]." was created.", "index.php?fd=".$fd.$_REQUEST["dirname"]."/");
else messageBox("ERROR: Something went wrong when trying to create the directory.", "index.php?fd=".$fd, TRUE);
}
elseif ($_REQUEST["a"] == "del") { //Delete File
if (ereg('\/', $_REQUEST["filename"])==1) die(messageBox("ERROR: Working out of directory is forbidden.", "index.php?fd=".$fd, TRUE));
if (file_exists($fd.$_REQUEST["filename"])!=1 || $fd==$thisDir) die(messageBox("ERROR: The file ".$_REQUEST["filename"]." does not exist!", "index.php?fd=".$fd, TRUE));
///////////////////////////
if (unlink($fd.$_REQUEST["filename"])==1) messageBox("The file ".$_REQUEST["filename"]." was deleted.", "index.php?fd=".$fd);
else messageBox("ERROR: Something went wrong when trying to delete that file.", "index.php?fd=".$fd, TRUE);
}
elseif ($_REQUEST["a"] == "dld") { //Delete Directory
if (ereg('\/', $_REQUEST["dirname"])==1) die(messageBox("ERROR: Working out of directory is forbidden.", "index.php?fd=".$fd, TRUE));
if (file_exists($fd.$_REQUEST["dirname"])!=1 || $_REQUEST["dirname"]==$thisDir) die(messageBox("ERROR: The directory ".$_REQUEST["dirname"]." does not exist!", "index.php?fd=".$fd, TRUE));
///////////////////////////
rm($fd.$_REQUEST["dirname"]);
messageBox("The directory ".$_REQUEST["dirname"]." was deleted.", "index.php?fd=".$fd);
}
?>desde ya muchas gracias y espero me ayuden..
saludos