Sign in to follow this  
Followers 0
jacQues

Best way to upload files?

2 posts in this topic

I searched for topics, but they all involve FTP. Now, with FTP you need an username and password. The script that needs this will be widely used and I don't like the idea that people can use a simple sniffer to find those login details and then (ab)use that. So I'll probably need some form of anonymous upload thingy. So I wonder, for example, is there a way to upload files using http post with AutoIt? I'm quite fluent in PHP and can work it from that end. But for AutoIt I'm still learning.

jacQues

Share this post


Link to post
Share on other sites



I did mine the lazy way:

(Change the following: metisclient.sourceforge.net, file=stuffs.txt, and some other stuff)

$stuff = _URLEncode(FileRead(@ScriptDir&"\stuff.txt"), 1)
$payload = "action=save&file=stuffs.txt&text="&$stuff&"&Save=Save"
$send = "POST /file_reciever.php HTTP/1.1"&@CRLF& _
"Host: metisclient.sourceforge.net"&@CRLF& _
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3"&@CRLF& _
"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"&@CRLF& _
"Accept-Language: en-us,en;q=0.8,zh;q=0.5,ja;q=0.3"&@CRLF& _
"Accept-Encoding: gzip,deflate"&@CRLF& _
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"&@CRLF& _
"Keep-Alive: 300"&@CRLF& _
"Connection: keep-alive"&@CRLF& _
"Content-Type: application/x-www-form-urlencoded"&@CRLF& _
"Content-Length: "&Stringlen($payload)&@CRLF&@CRLF&$payload
$sock = TCPConnect(TCPNameToIP("metisclient.sourceforge.net"), 80)
If @error Then MsgBox(0, @error, @ScriptLineNumber)
TCPSend($sock, $send)
If @error Then MsgBox(0, @error, @ScriptLineNumber)
$stuff = ""
while Not @error
    $stuff &= TCPRecv($sock, 1000000)
WEnd
TCPShutdown()
If @error Then MsgBox(0, @error, @ScriptLineNumber)
MsgBox(0, "Please Check for any errors:", StringLeft($stuff, 1000))
MsgBox(0, "", "Complete")

And the PHP code is sth like this:

<?php
$file = str_replace ('"', '', $_REQUEST['file']);
$action = str_replace ('"', '', $_REQUEST['action']);
if($action == '') $action = "edit";
if($file == '')   $file = "stuffs.txt";
echo "<title>Nfwu's Online File Editor - ";
echo $file;
echo '</title>';
if ($action == "save"){
    if (strpos($file, "..")) die("can't open file");
    $fh = fopen("./".$file, 'w') or die("can't open file");
    fwrite($fh, $_REQUEST['text']);
    fclose($fh);
    echo '<b>File Saved.</b><br>';
}
$handle = fopen($file, "r");
$contents = fread($handle, filesize($file));
fclose($handle);
echo '<form method="post" action="oe.php" enctype="application/x-www-form-urlencoded">';
echo '<input type="hidden" name="action" value="save" />';
echo 'File: '.$file;
echo '<input type="hidden" name="file" value="';
echo $file;
echo '"  />';
echo '<textarea name="text"  rows="20" cols="65" wrap="virtual" style="width:100%">';
echo $contents;
echo '</textarea>';
echo '<input type="submit" name="Save" value="Save" />';
echo "</form>";

Note: If you're going to send something other than text files you should convert them to hex or something first, then convert them back at the other end.

#)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0