Sitemde yönetim panelinden ürünlere resim eklemek istediğim zaman açılan yeni pencerede google açılıyor. izinleri verdim normal çalışıyordu. ama bir sabah girdim bu şekilde neden olabilir acaba.
upload/index.php kodu
Forbidden
You do not have permission to access this document.
Web Server at beysangeridonusum.com
upload.php kodu
/*
//================================================================================
* phphq.Net Custom PHP Scripts *
//================================================================================
:- Script Name: phUploader
:- Version: 1.3
:- Release Date: June 23rd 2004
:- Last Updated: Jan 23 2010
:- Author: Scott Lucht
:- Copyright (c) 2010 All Rights Reserved
:-
:- This script is free software; you can redistribute it and/or modify
:- it under the terms of the GNU General Public License as published by
:- the Free Software Foundation; either version 2 of the License, or
:- (at your option) any later version.
:-
:- This script is distributed in the hope that it will be useful,
:- but WITHOUT ANY WARRANTY; without even the implied warranty of
:- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
:- GNU General Public License for more details.
:- http://www.gnu.org/licenses/gpl.txt
:-
//================================================================================
* Description
//================================================================================
:- phUploader is a script for uploading single or multiple images or files to your website. You can specify your
:- own file extensions that are accepted, the file size and naming options. This script was built and tested on
:- IIS6/7 and Apache 2+. It's recommended to use php 5.1+ This script is very useful for temporary file
:- storage or simple sig and avatar hosting.
//================================================================================
* Setup
//================================================================================
:- To setup this script, upload phUploader.php to a folder on your server. Create a new folder named uploads
:- and chmod it to 777. Edit the variables below to change how the script acts. Please read the notes if you
:- don't understand something.
//================================================================================
* Change log
//================================================================================
:- Version 1.0
:- 1) Initial Release
:- Version 1.1
:- 1) Minor bug fixes
:- 2) Enabled multiple file uploads
:- Version 1.2
:- 1) Added CSS styling
:- 2) Removed automatic creation of file upload folder.
:- 3) Improved cookie security by hashing password and storing it within the cookie for authentication.
:- 4) Minor bug fixes
:- Version 1.3
:- 1) Re-write of many core functions to increase security.
:- 2) Patched a vulnerability that allowed a remote attacker to upload a file with two extensions and then
:- remotely execute the script on a vulnerable web server.
:- 3) New feature allows files that pass validation to be uploaded while files that fail validation are not
:- uploaded without rejecting to whole group of files.
:- 4) Fixed a flaw that allowed files with blank names or un-sanitized names to be uploaded which may
:- cause issues for some users.
:- 5) Minor bug fixes
//================================================================================
* Frequently Asked Questions
//================================================================================
:- Q1: I always get an error that the files were not uploaded. IE: GENERAL ERROR
:- 1) Make sure you have CHMOD your "uploads" folder to 777 using your FTP client or similar. If you do
:- not know how to do this ask your hosting provider.
:- 2) Make sure the uploads folder actually exists. This is the second most common mistake aside from
:- improper permissions.
:- 3) If you are having problems uploading after you have chmod the uploads folder 777, try using the
:- full server path in $fullpath below. If you do not know this ask your host.
:- 4) Make sure "file_uploads" is set to ON in php.ini
:-
:- Q2: The page takes long to load and then gives me a page cannot be displayed or a blank page.
:- 1) This is usually due to a low value in php.ini for "max_execution_time".
:- 2) A newer ini setting "max_file_uploads" in php 5.2.12 was added which may be limiting the number
of simultaneous uploads.
:- 3) Your "upload_max_filesize" and "post_max_size" in php.ini might be set to low.
:-
:- Q3: How do I edit the colors of the form?
:- 1) You will need to edit the CSS near the bottom of the script to change the looks and colors of the form.
:- Check http://www.w3schools.com/css/default.asp for more information on CSS.
:-
:- Q4: Can I remove your copyright link?
:- 1) I can't physically stop you. However, I really appreciate it when people leave it intact.
:- Some people donate $5, $10, $20 to take it off.
:-
:- Q5: You never respond to my emails or to my questions in your forums!
:- 1) I'm a very busy guy. I'm out of town a lot, and at any given time I have several projects going on.
:- I get a lot of emails about this script, not to mention my other ones.
:- 2) I only understand English. If your English is very bad please write in your native language and then
:- translate it to English using
:- 3) If you are going to contact me, describe the issue you are having as completly as possible.
:- "dude me form don't work see it at blah.com what's wrong??!?!" will get no response, ever. Write
:- in detail what the problem is. Spend a minute on it, and maybe I'll take some of my time to reply.
:-
/*
//================================================================================
* ! ATTENTION !
//================================================================================
:- Please read the above FAQ before giving up or emailing me. It may sort out your problems!
*/
// Max size PER file in KB
$max_file_size="512";
// Max size for all files COMBINED in KB
$max_combined_size="2048";
//Maximum file uploades at one time
$file_uploads="1";
//The name of your website
$websitename="ogznet";
// Full browser accessable URL to where files are accessed. With trailing slash.
$full_url="/upload/resimler/";
// Path to store files on your server If this fails use $fullpath below. With trailing slash.
$folder="./resimler/";
// Use random file names? true=yes (recommended), false=use original file name.
// Random names will help prevent files being denied because a file with that name already exists.
$random_name=true;
// Types of files that are acceptiable for uploading. Keep the array structure.
$allow_types=array("jpg","gif","png","zip","rar","txt","doc");
// Only use this variable if you wish to use full server paths. Otherwise leave this empty. With trailing slash.
$fullpath="";
//Use this only if you want to password protect your upload form.
$password="";
/*
//================================================================================
* ! ATTENTION !
//================================================================================
: Don't edit below this line.
*/
// Initialize variables
$password_hash=md5($password);
$error="";
$success="";
$display_message="";
$file_ext=array();
$password_form="";
// Function to get the extension a file.
function get_ext($key) {
$key=strtolower(substr(strrchr($key, "."), 1));
$key=str_replace("jpeg","jpg",$key);
return $key;
}
// Filename security cleaning. Do not modify.
function cln_file_name($string) {
$cln_filename_find=array("/\.[^\.]+$/", "/[^\d\w\s-]/", "/\s\s+/", "/[-]+/", "/[_]+/");
$cln_filename_repl=array("", ""," ", "-", "_");
$string=preg_replace($cln_filename_find, $cln_filename_repl, $string);
return trim($string);
}
// If a password is set, they must login to upload files.
If($password) {
//Verify the credentials.
If($_POST['verify_password']==true) {
If(md5($_POST['check_password'])==$password_hash) {
setcookie("phUploader",$password_hash);
sleep(1); //seems to help some people.
header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
exit;
}
}
//Show the authentication form
If($_COOKIE['phUploader']!=$password_hash) {
$password_form="\n";
}
} // If Password
// Dont allow submit if $password_form has been populated
If((@$_POST['submit']==true) AND ($password_form=="")) {
//Tally the size of all the files uploaded, check if it's over the ammount.
If(array_sum($_FILES['file']['size']) > $max_combined_size*1024) {
$error.="FAILED: All Files REASON: Combined file size is to large.
";
// Loop though, verify and upload files.
} Else {
// Loop through all the files.
For($i=0; $i <= $file_uploads-1; $i++) {
// If a file actually exists in this key
If($_FILES['file']['name'][$i]) {
//Get the file extension
$file_ext[$i]=get_ext($_FILES['file']['name'][$i]);
// Randomize file names
If($random_name){
$file_name[$i]=time()+rand(0,100000);
} Else {
$file_name[$i]=cln_file_name($_FILES['file']['name'][$i]);
}
// Check for blank file name
If(str_replace(" ", "", $file_name[$i])=="") {
$error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: Blank file name detected.
";
//Check if the file type uploaded is a valid file type.
} ElseIf(!in_array($file_ext[$i], $allow_types)) {
$error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: Invalide file type.
";
//Check the size of each file
} Elseif($_FILES['file']['size'][$i] > ($max_file_size*1024)) {
$error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: File to large.
";
// Check if the file already exists on the server..
} Elseif(file_exists($folder.$file_name[$i].".".$file_ext[$i])) {
$error.= "FAILED: ".$_FILES['file']['name'][$i]." REASON: File already exists.
";
} Else {
If(move_uploaded_file($_FILES['file']['tmp_name'][$i],$folder.$file_name[$i].".".$file_ext[$i])) {
$success.="SUCCESS: ".$_FILES['file']['name'][$i]."
";
$success.="URL: ".$full_url.$file_name[$i].".".$file_ext[$i]."
";
$success.="<script>";
$success.="opener.document.rg.$yazdir.value='".$full_url.$file_name[$i].".".$file_ext[$i]."';";
$success.="window.close();";
$success.="</script>";
} Else {
$error.="FAILED: ".$_FILES['file']['name'][$i]." REASON: General upload failure.
";
}
}
} // If Files
} // For
} // Else Total Size
If(($error=="") AND ($success=="")) {
$error.="FAILED: No files selected
";
}
$display_message=$success.$error;
} // $_POST AND !$password_form
/*
//================================================================================
* Start the form layout
//================================================================================
:- Please know what your doing before editing below. Sorry for the stop and start php.. people requested that I use only html for the form..
*/
?>
If($password_form) {
Echo $password_form;
} Else {
?>
'; } ?>
