OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
3-31-025chanakya
/
interface
Server IP: 139.59.38.164
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
03/31/2025 06:36:42 AM
rwxr-xr-x
📄
back_upload.php
5.13 KB
03/26/2025 03:48:05 AM
rw-r--r--
📄
index.html
2.29 KB
03/26/2025 03:48:05 AM
rw-r--r--
📄
index.php
1.47 KB
03/26/2025 03:48:05 AM
rw-r--r--
📄
upload.php
9.28 KB
03/26/2025 03:48:05 AM
rw-r--r--
Editing: upload.php
Close
<?php session_start(); // Start the session to store messages across requests // Ensure the directory where files will be uploaded exists $base_dir = '../Xpress/NLEditor/newsletter/'; // Base folder to hold all user folders // Initialize messages $upload_message = ''; // Create the folder if it doesn't exist if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (isset($_POST['create_folder'])) { $folder_name = basename($_POST['folder_name']); // Clean the folder name to avoid directory traversal $current_folder = $_POST['current_folder'] ?? ''; // Get the current folder where subfolder should be created // Validate folder name (only alphanumeric, dashes, and underscores) if (!preg_match('/^[a-zA-Z0-9_-]+$/', $folder_name)) { $upload_message = "Invalid folder name. Only letters, numbers, hyphens, and underscores are allowed."; } else { // Check if the subfolder should be created under the current folder if ($current_folder) { $upload_dir = $base_dir . $current_folder . '/' . $folder_name; } else { $upload_dir = $base_dir . $folder_name; } // Check if the folder already exists if (is_dir($upload_dir)) { $upload_message = "Folder already exists."; } else { // Create the folder with 0777 permissions (public access for demonstration) if (mkdir($upload_dir, 0777, true)) { $upload_message = "Folder '$folder_name' created successfully!"; } else { $upload_message = "Failed to create folder. Please check permissions."; } } } } if (isset($_FILES['file_upload']) && isset($_POST['folder_name'])) { $file = $_FILES['file_upload']; $file_name = basename($file['name']); $file_temp = $file['tmp_name']; $file_size = $file['size']; $file_ext = strtolower(pathinfo($file_name, PATHINFO_EXTENSION)); $folder_name = $_POST['folder_name']; // Folder path to upload the file $upload_dir = $base_dir . $folder_name . '/'; // Add folder name to path // Validate file size (max size = 10MB) if ($file_size > 10 * 1024 * 1024) { // 10MB limit $upload_message = "File size exceeds 10MB limit."; } else { // Check if the folder exists, create it if not if (!is_dir($upload_dir)) { mkdir($upload_dir, 0777, true); // Create the folder if it doesn't exist } // Generate a unique file name to avoid conflicts $new_file_name = uniqid() . '-' . $file_name; $target_file = $upload_dir . $new_file_name; // Move the uploaded file to the folder if (move_uploaded_file($file_temp, $target_file)) { $upload_message = "File uploaded successfully!"; } else { $upload_message = "File upload failed."; } } } // Store the message in a session variable to preserve it after the page reload $_SESSION['upload_message'] = $upload_message; // Redirect back to the same page after processing the form header("Location: " . $_SERVER['PHP_SELF']); exit(); // Always call exit after header redirection to stop further script execution } // Get list of existing folders in the uploads directory function get_folders($dir) { $folders = []; $iterator = new DirectoryIterator($dir); foreach ($iterator as $fileinfo) { if ($fileinfo->isDir() && !$fileinfo->isDot()) { $folders[] = $fileinfo->getFilename(); } } return $folders; } // Get current folder path from the URL $opened_folder = $_GET['folder'] ?? ''; // Folder selected by the user ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>File Upload with Folder Creation</title> <link rel="stylesheet" href="../assets/css/bootstrap.min.css"> <style> .add_links { color: #fafafa; background-color: #db5919; border-radius: 5px; border-color: #db5919; margin-top: 11px; padding: 5px; } .add_links:hover{ background-color:rgb(194, 65, 1); } </style> </head> <body> <div class="container mt-4"> <!-- Display upload status message --> <?php if (isset($_SESSION['upload_message'])): ?> <div class="alert alert-info"><?= htmlspecialchars($_SESSION['upload_message']) ?></div> <?php unset($_SESSION['upload_message']); // Clear the message after displaying it ?> <?php endif; ?> <!-- Folder Creation Form --> <?php if ($opened_folder): ?> <div class="card mt-4"> <div class="card-body"> <h2 class="card-title">Create Subfolder in <?= htmlspecialchars($opened_folder) ?></h2> <form action="upload.php" method="post"> <input type="hidden" name="current_folder" value="<?= htmlspecialchars($opened_folder) ?>"> <div class="mb-3"> <label for="folder_name" class="form-label">Subfolder Name:</label> <input type="text" name="folder_name" id="folder_name" class="form-control" required placeholder="Enter subfolder name"> </div> <button type="submit" name="create_folder" class="btn btn-success">Create Subfolder</button> </form> </div> </div> <?php else: ?> <!-- Folder Creation Form --> <div class="card mt-4"> <div class="card-body"> <h2 class="card-title">Create Folder</h2> <form action="upload.php" method="post"> <div class="mb-3"> <label for="folder_name" class="form-label">Folder Name:</label> <input type="text" name="folder_name" id="folder_name" class="form-control" required placeholder="Enter folder name"> </div> <button type="submit" name="create_folder" class="btn btn-success">Create Folder</button> </form> </div> </div> <?php endif; ?> <!-- File Upload Form --> <?php if ($opened_folder): ?> <div class="card mt-4"> <div class="card-body"> <h2 class="card-title">Upload File to <?= htmlspecialchars($opened_folder) ?></h2> <form action="upload.php" method="post" enctype="multipart/form-data"> <input type="hidden" name="folder_name" value="<?= htmlspecialchars($opened_folder) ?>"> <div class="mb-3"> <label for="file_upload" class="form-label">Select File to Upload:</label> <input type="file" name="file_upload" id="file_upload" class="form-control" required> </div> <button type="submit" class="btn btn-primary">Upload File</button> <button class="add_links" onclick="window.location.href='index.html';">add links</button> </form> </div> </div> <?php endif; ?> <!-- List of existing folders --> <div class="card mt-4"> <div class="card-body"> <h3 class="card-title">Existing Folders</h3> <ul class="list-group"> <?php if (empty(get_folders($base_dir))): ?> <li class="list-group-item">No folders created yet.</li> <?php else: ?> <?php foreach (get_folders($base_dir) as $folder): ?> <li class="list-group-item"> <a href="?folder=<?= htmlspecialchars($folder) ?>"><?= htmlspecialchars($folder) ?></a> <!-- List subfolders if this is the folder being opened --> <?php if ($opened_folder == $folder): ?> <ul> <?php foreach (get_folders($base_dir . $folder) as $subfolder): ?> <li> <a href="?folder=<?= htmlspecialchars($folder . '/' . $subfolder) ?>"><?= htmlspecialchars($subfolder) ?></a> </li> <?php endforeach; ?> </ul> <?php endif; ?> </li> <?php endforeach; ?> <?php endif; ?> </ul> </div> </div> </div> <script src="../assets/js/bootstrap.bundle.min.js"></script> </body> </html>