Log in

View Full Version : HTTP Upload Hack


Pseudomizer
05-02-2004, 10:00 PM
Hi @LL,

UPDATE:

This version is now obsolete. I have just posted the next version for this upload hack. You can find it here (https://vborg.vbsupport.ru/showthread.php?p=514236).

This version will no longer be supported !!!


many people requested this hack and many people wanted to have it independant of VBulletin. Due to this i created this simple hack which uploads files via HTTP.

Copy both files in the same directory where you want to upload files into it. This works only in the same directory. So you can not choose where to put the files. It just uploads the files.

I have added a little bit security to this because many people will try to use this as soon as they know about it. The config file has the login and the password to log into the script.

In addition to this i have made this session depending. You can not call specific subroutines of this script without having logged in properly. As soon as you close your browser and you try to call subroutines you will be blocked.

I have also implemented a small check for existing files. It will deny the upload if you want to upload a file which already exists. With this you will be on the secure side so no one overwrites any important file with rubbish.

This has nothing to do with VBulletin but many people requested this as part of their administrative work.

I take no responsibility for this hack !!! If someone finds a security hole or a bug and something happens i will not be responsible for any damage !!!

After reading the rules for VBulletin.org this hack could be removed due to not cooperating with VBulletin. So it is up to the staff of VBulletin.org to decide to remove this hack or to follow the demands of their members and leave it. I just want to help some members here and i hope i do not cause any trouble with this hack.

Enjoy it.

Cheers,

FleaBag
05-03-2004, 02:15 AM
How would I go about removing the overwrite check mate? I'd like to use this for offering some very simple web-hosting for my members.

deathemperor
05-03-2004, 06:16 AM
well, this is cool, I was creating a script like this but couldn't figure out all I need.
can you limit file type ? I'd like to let my users upload just image and zip file.
/me clicks install.

Pseudomizer
05-03-2004, 09:53 AM
To both of your questions: Yes, but this would take some time if i would go for it.

Cheers,

MentaL
05-03-2004, 10:03 PM
would be better without id and password support and additional extension support =P .. ide use it then ^____^

Pseudomizer
05-03-2004, 10:46 PM
would be better without id and password support and additional extension support =P .. ide use it then ^____^

What do you mean with addtional extension support ? You can upload whatever you want. Please specify.

Cheers,

Pseudomizer
05-04-2004, 12:18 AM
Ok guys.

Some people do not want the password protection and some people do not want to upload every filetype. :paranoid:

So.... :bandit:

If i :
- build in one switch to enable or disable the password protection in the config file
- build in file extension definition which files are allowed to be uploaded in the config file

Would this be what you all need ? :chinese:

Cheers,

FleaBag
05-04-2004, 12:45 AM
It would be a useful. :)

deathemperor
05-04-2004, 02:47 AM
I need both of that, uploading a file shouldn't cause much trouble like logging and if letting user upload any type of file, they could be the new owner of that host.

webrats
05-04-2004, 03:13 AM
can you make it rename the filename when it uploads but keep the extension

also maybe allow multiple uploads? and have the preformated [img] tags on the display of what was uploaded?

gmarik
05-04-2004, 02:51 PM
any demos?

Pseudomizer
05-04-2004, 05:12 PM
any demos?

I guess no one will give you the link to upload any files to their webserver. Bad request.

But i will attach the screenshots, so you can see how simple this is.

Cheers,

Oldfart
05-15-2004, 08:59 PM
I have a question.

Would it be possable to make this hack to be able to download as well as upload from the same directory?

I guess I should explain. What i'm looking for is a non PHP MySql upload/download program for my website. I have pafiledb but I can't upload anything larger than 2mbs because of my hosts php upload settings. I have over 7 gig's worth of web space that I pay for but never use anywheres close to it and I would like to allow my members to be able to use some of this unsed space.

Thanks for your reply.

Pseudomizer
05-16-2004, 01:19 AM
I have a question.

Would it be possable to make this hack to be able to download as well as upload from the same directory?

I guess I should explain. What i'm looking for is a non PHP MySql upload/download program for my website. I have pafiledb but I can't upload anything larger than 2mbs because of my hosts php upload settings. I have over 7 gig's worth of web space that I pay for but never use anywheres close to it and I would like to allow my members to be able to use some of this unsed space.

Thanks for your reply.

Hi Oldfart,

the PHP setting for the upload is per default 2MB. You have to change this setting to upload more then 2MB. If you want to upload into a MySQL database then you have to edit your .cnf file to allow bigger uploads into the DB.

This is an HTTP upload with PHP files and this will always rely on the php.ini setting. If you are not able to edit the 2MB limit, then this hack will not help you at all. Sorry, but no way to get around this.

Cheers,

d3nnis
05-18-2004, 01:17 PM
hi how is it possible to modify to integrate into vbulletin(requires registration before they can use)? I would like to have some image hosting for my community members.

Pseudomizer
05-18-2004, 01:31 PM
hi how is it possible to modify to integrate into vbulletin(requires registration before they can use)? I would like to have some image hosting for my community members.

Take this at the beginning:


if($bbuserinfo[userid]!=0)
{


and at the end put this:


}
else
{
echo "You are not logged in";
}


But please keep in mind that this upload hack allows the upload of any file. It is not limited to just graphics. So they could upload any php file and run it.

This is DANGEROUS !!!!!!!!!

Cheers,

d3nnis
05-19-2004, 01:56 AM
Take this at the beginning:


if($bbuserinfo[userid]!=0)
{


and at the end put this:


}
else
{
echo "You are not logged in";
}


But please keep in mind that this upload hack allows the upload of any file. It is not limited to just graphics. So they could upload any php file and run it.

This is DANGEROUS !!!!!!!!!

Cheers,

so how do i restrict to certain file types only?

Pseudomizer
05-19-2004, 07:03 AM
so how do i restrict to certain file types only?

This needs some recoding work. Will be added in the next version.

Cheers,

subu1
05-19-2004, 11:05 AM
klasse super und eingebaut, es sei noch zu erw?hnen dem Ordner die 777 zu geben;)

Pseudomizer
05-20-2004, 02:47 PM
Hi @LL,

this version is now obsolete. I have just posted the next version for this upload hack. You can find it here (https://vborg.vbsupport.ru/showthread.php?p=514236).

This version will no longer be supported !!!

Cheers,