ravand
یک شنبه 09 آبان 1389, 00:35 صبح
سلام من يه سري كد نوشتم كه عكس رو توي پوشه آپلود مي كنه.
ولي اين يه جورايي امنيت لازم رو نداره و كافيه آدرس عكس رو كه توي پوشه هست رو توي مرورگر وارد كني به راحتي مياد . من مي خوام روش پسورد بذارم كه با وارد كردن آدرس عكس داخل پوشه كسي نتونه عكس رو ببينه. بايد چيكار كنم؟:متفکر:
<?php
session_start();
$conn = mysql_connect("localhost","root","");
$db = mysql_select_db("tesavir");
$target_path = "";
$dbresult = mysql_query("SELECT * FROM 'uploads'");
$text = $_REQUEST['text'];
//C?? ?I E?C? EEE ?E? I? ???E E??E
if($text=="")
die('EEE ?OI');
if(!empty($_FILES)){
// Add the original filename to our target path.
// Result is "uploads/filename.extension"
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$max_filesize = 200; // Maximum filesize in BYTES (currently 0.5MB).
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
$hast=true;
while($hast)
{
if(file_exists($target_path))
$target_path="1".$target_path;
else
$hast=false;
}
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
mysql_query("INSERT INTO uploads(text,ID, URL) VALUES ('$text' , '$client_ID', '$target_path')");
print ("<script type='text/javascript'>alert('send')</script>");
} else{
print ("<script type='text/javascript'>alert('not send')</script>");
}
}
?>
ولي اين يه جورايي امنيت لازم رو نداره و كافيه آدرس عكس رو كه توي پوشه هست رو توي مرورگر وارد كني به راحتي مياد . من مي خوام روش پسورد بذارم كه با وارد كردن آدرس عكس داخل پوشه كسي نتونه عكس رو ببينه. بايد چيكار كنم؟:متفکر:
<?php
session_start();
$conn = mysql_connect("localhost","root","");
$db = mysql_select_db("tesavir");
$target_path = "";
$dbresult = mysql_query("SELECT * FROM 'uploads'");
$text = $_REQUEST['text'];
//C?? ?I E?C? EEE ?E? I? ???E E??E
if($text=="")
die('EEE ?OI');
if(!empty($_FILES)){
// Add the original filename to our target path.
// Result is "uploads/filename.extension"
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$max_filesize = 200; // Maximum filesize in BYTES (currently 0.5MB).
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['userfile']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
$hast=true;
while($hast)
{
if(file_exists($target_path))
$target_path="1".$target_path;
else
$hast=false;
}
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
mysql_query("INSERT INTO uploads(text,ID, URL) VALUES ('$text' , '$client_ID', '$target_path')");
print ("<script type='text/javascript'>alert('send')</script>");
} else{
print ("<script type='text/javascript'>alert('not send')</script>");
}
}
?>