files lezen uit zelfde dir gaat niet

[Tijdelijk123]

Hallo!

Ben bezig met een image upload pagina en daar gebruik ik het onderstaande script voor:

<?php
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 2000000;
                            
//Allowable file ext. names. you may add more extension names.            
$FILE_EXTS  = array('.zip','.jpg','.png','.gif','.doc'); 

//Allow file delete? no, if only allow upload only
$DELETABLE  = true;                               


//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
//   Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
 *     Setup variables
 ************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this =  "http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

/************************************************************
 *     Create Upload Directory
 ************************************************************/
if (!is_dir("files")) {
  if (!mkdir($upload_dir))
  	die ("upload_files directory doesn't exist and creation failed");
  if (!chmod($upload_dir,0755))
  	die ("change permission to 755 failed.");
}

/************************************************************
 *     Process User's Request
 ************************************************************/
if ($_REQUEST[del] && $DELETABLE)  {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]\n");
  fclose($resource);
  
  if (strpos($_REQUEST[del],"/.")>0);                  //possible hacking
  else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking
  else if (substr($_REQUEST[del],0,6)==$upload_dir) {
    unlink($_REQUEST[del]);
    print "<script>window.location.href='$url_this?message=deleted successfully'</script>";
  }
}
else if ($_FILES['userfile']) {
  $resource = fopen("log.txt","a");
  fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]"
            .$_FILES['userfile']['name']." "
            .$_FILES['userfile']['type']."\n");
  fclose($resource);

  $file_type = $_FILES['userfile']['type']; 
  $file_name = $_FILES['userfile']['name'];
  $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

  //File Size Check
  if ( $_FILES['userfile']['size'] > $MAX_SIZE) 
     $message = "The file size is over 2MB.";
  //File Extension Check
  else if (!in_array($file_ext, $FILE_EXTS))
     $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
  else
     $message = do_upload($upload_dir, $upload_url);
  
  print "<script>window.location.href='$url_this?message=$message'</script>";
}
else if (!$_FILES['userfile']);
else 
	$message = "Invalid File Specified.";

/************************************************************
 *     List Files
 ************************************************************/
$handle=opendir($upload_dir);
$filelist = "";
while ($file = readdir($handle)) {
   if(!is_dir($file) && !is_link($file)) {
      $filelist .= "<a href='$upload_dir$file'>".$file."</a> - URL: <b>$upload_url$file</b>";
      if ($DELETABLE)
        
      $filelist .= " Added at  ".date("d-m H:i", filemtime($upload_dir.$file))
                   ."";
$filelist .= " <a style='text-decoration:none; font-weight:bold'  href='?del=$upload_dir".urlencode($file)."' title='delete'>x</a>";
      $filelist .="<br>";
   }
}

function do_upload($upload_dir, $upload_url) {

	$temp_name = $_FILES['userfile']['tmp_name'];
	$file_name = $_FILES['userfile']['name']; 
  $file_name = str_replace("\\","",$file_name);
  $file_name = str_replace("'","",$file_name);
	$file_path = $upload_dir.$file_name;

	//File Name Check
  if ( $file_name =="") { 
  	$message = "Invalid File Name Specified";
  	return $message;
  }

  $result  =  move_uploaded_file($temp_name, $file_path);
  if (!chmod($file_path,0777))
   	$message = "change permission to 777 failed.";
  else
    $message = ($result)?"$file_name was uploaded successfully." :
     	      "Something is wrong with uploading the file.";
  return $message;
}

?>


<html>
<head>
<title>Simple uploader</title>
<link rel=stylesheet href=style.css>
</head>
<body>
<br><br>
<center>
   <font color=red><?=$_REQUEST[message]?></font>
   <br>
   <form name="upload" id="upload" ENCTYPE="multipart/form-data" method="post">
     Upload File <input type="file" id="userfile" name="userfile">
     <input type="submit" name="upload" value="Upload">
   </form>
   
   <br><b><u>Uploaded files:</b></u><br><br>

   <?=$filelist?><br>Developed By 
   <a style="text-decoration:none" href="http://savasplace.com">Sava's Place.com</a>
   </sup></small>
</center>

Het gaat mij hier voornamelijk om de "Uploaded files" functie, echter loop ik hier vast.
Het script verwijst naar de uploadmap "files"

$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message ="";

Alleen wil ik niet dat het de map "files" uitleest maar dezelfde dir waar de script zich bevind.
Als ik alleen een / neerzet worden er bestanden gelezen die niet eens te vinden zijn via ftp. En als ik ./ neerzet kan zie ik de files wel maar kan ik ze niet verwijderen omdat de punt die ik heb neergezet de "delete functie" onbruikbaar maak, de punt word meegenomen in het url:

http://blabla.nl/upload.php?del=files./filenaam.jpg

De link moet zo zijn om het een file te laten deleten:


http://blabla.nl/upload.php?del=files/filenaam.jpg

Hopelijk kan iemand me helpen hiermee.
Erik

 

[Tijdelijk123]

Niemand?

 

[kogi]

gebruik de functie substr(). $file_name=substr($file_name, 2)