用PHP文件上传的具体思路及实现_PHP

$MAX_SIZE = 2000000;
$FILE_MIMES = array('image/jpeg','image/jpg','image/gif'
,'image/png','application/msword');

$FILE_EXTS = array('.zip','.jpg','.png','.gif');

$DELETABLE = true;

$site_name = $_SERVER['HTTP_HOST'];
$url_dir = http://.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this = http://.$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];

$upload_dir = files/;
$upload_url = $url_dir./files/;
$message =;

if (!is_dir(files)) {
　if (!mkdir($upload_dir))
　　die (upload_files directory doesn't exist and creation failed);
　if (!chmod($upload_dir,0755))
　　die (change permission to 755 failed.);
}

if ($_REQUEST[del] && $DELETABLE) {
　$resource = fopen(log.txt,a);
　fwrite($resource,date(Ymd h:i:s).DELETE - $_SERVER[REMOTE_ADDR].$_REQUEST[del]\n);
　fclose($resource);

　if (strpos($_REQUEST[del],/.)＞0); //possible hacking
　else if (strpos($_REQUEST[del],files/) === false); //possible hacking
　else if (substr($_REQUEST[del],0,6)==files/) {
　　unlink($_REQUEST[del]);
　　print ＜script＞window.location.href='$url_this?message=deleted successfully'＜/script＞;
　}
}
else if ($_FILES['userfile']) {
　$resource = fopen(log.txt,a);
　fwrite($resource,date(Ymd h:i:s).UPLOAD - $_SERVER[REMOTE_ADDR]
　.$_FILES['userfile']['name'].
　.$_FILES['userfile']['type'].\n);
　fclose($resource);

　$file_type = $_FILES['userfile']['type'];
　$file_name = $_FILES['userfile']['name'];
　$file_ext = strtolower(substr($file_name,strrpos($file_name,.)));

　//文件大小的检查：

　if ( $_FILES['userfile']['size'] ＞ $MAX_SIZE)
　　$message = The file size is over 2MB.;
　　//File Type/Extension Check
　else if (!in_array($file_type, $FILE_MIMES)
&& !in_array($file_ext, $FILE_EXTS) )
　　$message = Sorry, $file_name($file_type) is not allowed to be uploaded.;
　else
　　$message = do_upload($upload_dir, $upload_url);

　print ＜script＞window.location.href='$url_this?message=$message'＜/script＞;
}
else if (!$_FILES['userfile']);
else
$message = Invalid File Specified.;

　　列出我们上传的文件：

$handle=opendir($upload_dir);
$filelist = ;
while ($file = readdir($handle)) {
　if(!is_dir($file) && !is_link($file)) {
　　$filelist .= ＜a href='$upload_dir$file'＞.$file.＜/a＞;
　if ($DELETABLE)
　　$filelist .= ＜a href='?del=$upload_dir$file' title='delete'＞x＜/a＞;
　　$filelist .= ＜sub＞＜small＞＜small＞＜font color=grey＞ .date(d-m H:i, filemtime($upload_dir.$file))
.＜/font＞＜/small＞＜/small＞＜/sub＞;
　　$filelist .=＜br＞;
　}
}

function do_upload($upload_dir, $upload_url) {

　$temp_name = $_FILES['userfile']['tmp_name'];
　$file_name = $_FILES['userfile']['name'];
　$file_name = str_replace(\\,,$file_name);
　$file_name = str_replace(',,$file_name);
　$file_path = $upload_dir.$file_name;

　//File Name Check
　if ( $file_name ==) {
　　$message = Invalid File Name Specified;
　　return $message;
　}

　$result = move_uploaded_file($temp_name, $file_path);
　if (!chmod($file_path,0777))
　　$message = change permission to 777 failed.;
　else
　　$message = ($result)?$file_name uploaded successfully. :
　Somthing is wrong with uploading a file.;
　return $message;
}

?＞

＜center＞
＜font color=red＞＜?=$_REQUEST[message]?＞＜/font＞
＜br＞
＜form name=upload id=upload ENCTYPE=multipart/form-data method=post＞
Upload File ＜input type=file id=userfile name=userfile＞
＜input type=submit name=upload value=Upload＞
＜/form＞

＜br＞＜b＞My Files＜/b＞
＜hr width=70%＞
＜?=$filelist?＞
＜hr width=70%＞
＜small＞＜sup＞Developed By
＜a style=text-decoration:none href=http://tech.citypost.ca＞CityPost.ca＜/a＞
＜/sup＞＜/small＞
＜/center＞