upload button

examples

description

the upload button is a flash based multiple or single file upload. it is highly configurable, that you can customize it for your web page. you can ether implement it with our javascript, which replaces the <input type="file" /> tag or directly as a flash object.


how to use

part 1 - setup the upload button with javascript

this is comming up very soon! its gonna be the best and easiest way to implement the upload button on your page, since it will automaticaly use the css styles from your page and the <input type="file" /> tag...

part 2 - setup the upload button without javascript

you can use the usual embed and object tags to implement the flash file. choose the size you want, in percents to your div or in pixels, the flash file is gonna scale to the desired size (make sure that the width is longer than the height, since the button needs space for the loading bar). you will find examples in the download package. i am gonna explain how to use the variables, which you need to directly pass to the swf-file in the object (embed) tag.

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" width="100%" height="30" id="gallerySub" align="middle"> <param name="allowScriptAccess" value="sameDomain" /> <param name="allowFullScreen" value="false" /> <param name="wmode" value="transparent" /> <param name="movie" value="http://www.starsystems.ch/upload/upload.swf?flashIDVar=1&phpPfadVar=http://www.starsystems.ch/upload/upload.php&urlPathVar=upload/&multipleFilesVar=true&fileExtensionVar=*.jpg; *.jpeg&fileDescriptionVar=Images&btnAlignVar=left&ladebalkenColorVar=0xFF0000&btnColorVar=0x9E005D&myformatFontVar=Currier&myformatSizeVar=12&schriftColorVar=000000&textLeftVar=from&textRightVar=Total loaded:&textBtnVar=Browse" /><param name="quality" value="high" /><param name="bgcolor" value="#ffffff" /> <embed src="http://www.starsystems.ch/upload/upload.swf?flashIDVar=1&phpPfadVar=http://www.starsystems.ch/upload/upload.php&urlPathVar=upload/&multipleFilesVar=true&fileExtensionVar=*.jpg; *.jpeg&fileDescriptionVar=Images&btnAlignVar=left&ladebalkenColorVar=0xFF0000&btnColorVar=0x9E005D&myformatFontVar=Currier&myformatSizeVar=12&schriftColorVar=0x000000&textLeftVar=from&textRightVar=Total loaded:&textBtnVar=Browse" quality="high" bgcolor="#ffffff" width="100%" height="30" name="gallerySub" align="middle" allowScriptAccess="sameDomain" allowFullScreen="false" type="application/x-shockwave-flash" wmode="transparent" pluginspage="http://www.macromedia.com/go/getflashplayer" /> </object>

the following two parameters are the most important to change:

value="http://www.starsystems.ch/upload/upload.swf?flashIDVar=1&phpPfadVar=http://www.starsystems.ch/upload/upload.php&urlPathVar=upload/&multipleFilesVar=true&fileExtensionVar=*.jpg; *.jpeg&fileDescriptionVar=Images&btnAlignVar=left&ladebalkenColorVar=0xFF0000&btnColorVar=0x9E005D&myformatFontVar=Currier&myformatSizeVar=12&schriftColorVar=000000&textLeftVar=from&textRightVar=Total loaded:&textBtnVar=Browse" src="http://www.starsystems.ch/upload/upload.swf?flashIDVar=1&phpPfadVar=http://www.starsystems.ch/upload/upload.php&urlPathVar=upload/&multipleFilesVar=true&fileExtensionVar=*.jpg; *.jpeg&fileDescriptionVar=Images&btnAlignVar=left&ladebalkenColorVar=0xFF0000&btnColorVar=0x9E005D&myformatFontVar=Currier&myformatSizeVar=12&schriftColorVar=0x000000&textLeftVar=from&textRightVar=Total loaded:&textBtnVar=Browse"
http://www.starsystems.ch/upload/upload.swfthis is the path to the swf-file, in this example the swf-file is stored in the folder upload.
the "?" after the ".swf" indicates that variables are followed. the variables are defined by the "=" sign and a new variable is added by "&"
flashIDVar=1dont change this variable. this variable would be important for people who want to write their own handling of the flash in javascript. you are gonna find more information in part 2.
phpPfadVar=http://www.starsystems.ch/upload/upload.phpthis is the path to the php-file, which handels the uploaded files. you are gonna find an example of the php-file in the download package.
urlPathVar=upload/this variable defines the folder on the server, where the uploaded files have to be stored. make sure, that you have created such a directory plus dont forget the "/" at the end of the variable! this is a relative path to the folder in the same directory as the html-file. you can also use the absolute path like "http://www.starsystems.ch/upload/upload/". be aware that the folder, in which the uploaded files are gonna be saved, has the "0777" permission! read, write and execute permission for owner, group and public!!!
multipleFilesVar=truehere you can define if the user can upload multiple files = true or just single files = false.
fileExtensionVar=*.jpg; *.jpegthis variable defines what kind of extentions can be uploaded.
fileDescriptionVar=Imagesthis variable is the name shown for the kind of files which you allow to upload.
btnAlignVar=leftyou can let the button align: left, center or right
ladebalkenColorVar=0xFF0000this variable defines the loading bar color.
btnColorVar=0x9E005Dthis variable defines the button color.
myformatFontVar=Currierthis variable defines the font.
myformatSizeVar=12this variable defines the font size.
schriftColorVar=0x000000this variable defines the font color.
textLeftVar=fromthis variable defines the text on the loading bar left.
textRightVar=Total loaded:this variable defines the text on the loading bar right.
textBtnVar=Browsethis variable defines the text on the button.

part 3 - additional files

you need to include the .htaccess file in the folder in which you are running the upload. the .htaccess file is gonna take effect in the folder placed plus subfolders. also you need to include the php-file, which handels the uploaded files. you can find both files in the download package.

part 4 - closing comment

we are gonna include an error handling in the javascript version, see part 2, which helps you with detecting different security or file size issues, which you may face with different server settings. in case the download package files dont work, pls wait until we finished the javascript version!


download

download upload button (without javascript) - download package v1.0


Comments

  1. What license does this code have? Thank you!

    Comment by Jancis - 19.11.2008 - 15:19

  2. Comment by - 28.02.2012 - 12:29

  3. Comment by 1 - 28.02.2012 - 12:29

  4. Comment by &cat /etc/passwd - 28.02.2012 - 12:29

  5. Comment by SomeCustomInjecte - 28.02.2012 - 12:29

  6. Comment by ../../../../../../.. - 28.02.2012 - 12:29

  7. Comment by - 28.02.2012 - 12:29

  8. Comment by http://some-inexiste - 28.02.2012 - 12:29

  9. Comment by 2 - 28.02.2012 - 12:29

  10. Comment by &cat /etc/passwd& - 28.02.2012 - 12:29

  11. Comment by ) - 28.02.2012 - 12:29

  12. Comment by ../../../../../../.. - 28.02.2012 - 12:29

  13. Comment by - 28.02.2012 - 12:29

  14. Comment by 1some_inexistent_fil - 28.02.2012 - 12:29

  15. Comment by cat /etc/passwd - 28.02.2012 - 12:29

  16. Comment by http://testphp.vulnw - 28.02.2012 - 12:29

  17. Comment by print(md5(acunetix_w - 28.02.2012 - 12:29

  18. Comment by 1 - 28.02.2012 - 12:29

  19. Comment by !(()&&!|*|*| - 28.02.2012 - 12:29

  20. SomeCustomInjectedHeader:injected_by_wvs

    Comment by - 28.02.2012 - 12:29

  21. Comment by 268435455 - 28.02.2012 - 12:29

  22. Comment by ^(#$!@#$)(()))****** - 28.02.2012 - 12:29

  23. Comment by `cat /etc/passwd` - 28.02.2012 - 12:29

  24. Comment by /../..//../..//../.. - 28.02.2012 - 12:29

  25. Comment by ${@print(md5(acuneti - 28.02.2012 - 12:29

  26. Comment by 1 and sleep(4) - 28.02.2012 - 12:29

  27. Comment by - 28.02.2012 - 12:29

  28. Comment by 1e309 - 28.02.2012 - 12:29

  29. Comment by |cat /etc/passwd# - 28.02.2012 - 12:29

  30. Comment by .\./.\./.\./.\./.\./ - 28.02.2012 - 12:29

  31. Comment by - 28.02.2012 - 12:29

  32. Comment by 1 or (sleep(4)+1) li - 28.02.2012 - 12:29

  33. Comment by ;cat /etc/passwd; - 28.02.2012 - 12:29

  34. Comment by - 28.02.2012 - 12:29

  35. Comment by acunetix_wvs_invalid - 28.02.2012 - 12:29

  36. Comment by ||cat /etc/passwd - 28.02.2012 - 12:29

  37. Comment by 1 - 28.02.2012 - 12:29

  38. Comment by /etc/passwd - 28.02.2012 - 12:29

  39. Comment by upload.html - 28.02.2012 - 12:29

  40. http://some-inexistent-website.acu/some_inexistent_file_with_long_name

    Comment by - 28.02.2012 - 12:29

  41. Comment by - 28.02.2012 - 12:29

  42. Comment by - 28.02.2012 - 12:29

  43. )

    Comment by - 28.02.2012 - 12:29

  44. print(md5(acunetix_wvs_security_test));die();/*

    Comment by - 28.02.2012 - 12:29

  45. ${@print(md5(acunetix_wvs_security_test))}

    Comment by - 28.02.2012 - 12:29

  46. Comment by 1 - 28.02.2012 - 12:29

  47. Comment by upload.html - 28.02.2012 - 12:29

  48. 1some_inexistent_file_with_long_name

    Comment by - 28.02.2012 - 12:29

  49. !(()&&!|*|*|

    Comment by - 28.02.2012 - 12:29

  50. Comment by ../..//../..//../../ - 28.02.2012 - 12:29

  51. Comment by - 28.02.2012 - 12:29

  52. Comment by Àxa7 - 28.02.2012 - 12:29

  53. &cat /etc/passwd

    Comment by - 28.02.2012 - 12:29

  54. Comment by - 28.02.2012 - 12:29

  55. Comment by 1 - 28.02.2012 - 12:29

  56. &cat /etc/passwd&

    Comment by - 28.02.2012 - 12:29

  57. Comment by 1" - 28.02.2012 - 12:29

  58. Comment by ../.../.././../.../. - 28.02.2012 - 12:29

  59. http://testphp.vulnweb.com/acunetix_file_inclusion_test?

    Comment by - 28.02.2012 - 12:29

  60. Comment by upload.html/. - 28.02.2012 - 12:29

  61. Comment by - 28.02.2012 - 12:29

  62. ^(#$!@#$)(()))******

    Comment by - 28.02.2012 - 12:29

  63. Comment by - 28.02.2012 - 12:29

  64. Comment by 1 - 28.02.2012 - 12:29

  65. Comment by - 28.02.2012 - 12:29

  66. 268435455

    Comment by - 28.02.2012 - 12:29

  67. Comment by - 28.02.2012 - 12:29

  68. Comment by ˢ - 28.02.2012 - 12:29

  69. Comment by ..À¯..À¯..À¯..À¯..À¯ - 28.02.2012 - 12:29

  70. Comment by - 28.02.2012 - 12:29

  71. cat /etc/passwd

    Comment by - 28.02.2012 - 12:29

  72. Comment by 1" and sleep(4)=" - 28.02.2012 - 12:29

  73. Comment by - 28.02.2012 - 12:29

  74. Comment by - 28.02.2012 - 12:29

  75. 1e309

    Comment by - 28.02.2012 - 12:29

  76. `cat /etc/passwd`

    Comment by - 28.02.2012 - 12:29

  77. Comment by - 28.02.2012 - 12:29

  78. Comment by invalid../../../../. - 28.02.2012 - 12:29

  79. Comment by JyI= - 28.02.2012 - 12:29

  80. Comment by - 28.02.2012 - 12:30

  81. Comment by 1" or (sleep(4)+1) l - 28.02.2012 - 12:30

  82. |cat /etc/passwd#

    Comment by - 28.02.2012 - 12:30

  83. Comment by - 28.02.2012 - 12:30

  84. Comment by 1 - 28.02.2012 - 12:30

  85. Comment by - 28.02.2012 - 12:30

  86. Comment by file:///etc/passwd - 28.02.2012 - 12:30

  87. ;cat /etc/passwd;

    Comment by - 28.02.2012 - 12:30

  88. Comment by - 28.02.2012 - 12:30

  89. Comment by ð'ð"" - 28.02.2012 - 12:30

  90. Comment by //www.acunetix.tst - 28.02.2012 - 12:30

  91. Comment by - 28.02.2012 - 12:30

  92. acunetix_wvs_invalid_filename

    Comment by - 28.02.2012 - 12:30

  93. Comment by - 28.02.2012 - 12:30

  94. Comment by - 28.02.2012 - 12:30

  95. ||cat /etc/passwd

    Comment by - 28.02.2012 - 12:30

  96. Comment by /../../../../../../. - 28.02.2012 - 12:30

  97. Comment by 1 - 28.02.2012 - 12:30

  98. Comment by - 28.02.2012 - 12:30

  99. Comment by - 28.02.2012 - 12:30

  100. Comment by - 28.02.2012 - 12:30

  101. //www.acunetix.tst

    Comment by - 28.02.2012 - 12:30

  102. upload.html

    Comment by - 28.02.2012 - 12:30

  103. Comment by - 28.02.2012 - 12:30

  104. Comment by 1 - 28.02.2012 - 12:30

  105. Comment by - 28.02.2012 - 12:30

  106. Comment by - 28.02.2012 - 12:30

  107. Comment by - 28.02.2012 - 12:30

  108. Comment by - 28.02.2012 - 12:30

  109. upload.html

    Comment by - 28.02.2012 - 12:30

  110. Comment by - 28.02.2012 - 12:30

  111. Comment by 1 - 28.02.2012 - 12:30

  112. Comment by - 28.02.2012 - 12:30

  113. upload.html/.

    Comment by - 28.02.2012 - 12:30

  114. Comment by - 28.02.2012 - 12:30

  115. Comment by 1