History: -------- 1.0 Beta ======== * Was the First release of this script and my first script that I release for public :) 1.0 Beta 2: =========== * Removed a useless ELSE statmnet. * used code blocks for foreach lines just to make sure everything goes ok .. * no more harcoded text! now english and arabic language files are in! all you need is to configure which one to use or you can override the value with a $_GET['language'] var ! * in previus release, when the uploaded file doesn't match conditions, the script dies without specifying the files which were uploaded (if any), now everything is "logged" and reported at the end of script execution, which means if one of the files being uploaded has an un-allowed extension ,for example, the script will reject the file but will continue if there is any files in the queue after it.. * secured a possible security hole. * some Typos correction. * Added that this script is copy righted for me in all files, just in case of abuse! 1.0 Beta 3: =========== * Add a new attribute which is "package" which will allow you to upload pakcage files like zip, exe, msi ... etc. * Yet more improvments in errors logging. 1.0 Beta 4: =========== * added change mode ability of the uploaded file. * the script can be formatted now with HTML and CSS, all you need is to open SFUConfig.php and look for the two functions html_header() and html_footer() and customize them as you like. 1.0 Beta 4+: ============ * fixed a nasty bug. * the script includes some colors, and a simple listing function that will list all files in directory! currently it's not finished.. but if you want to use it you need to include_once('SFUConfig.php'); and call downloads(); 1.0 RC1: ======== * the whole script was reorginzed and a new file was introduced "functions.php" which contains all functions that the script uses! currently, most of the script uses functions to deal with files! now, upload.php looks much cleaner .. * $dist variable was renamed to $realpath to make sure that users don't confuses it with URL. * new features :) now you can choose whether you want to show the list of uploaded files or not same goes for errors if any happened. however, it's not recommended to disable showing errors! and no worry about that because the errors do NOT show vital information that might put you in danger. also you can choose whether you want to show the form after you upload files or not! * now you can list the files in any dir you want to by running the file download.php inside it. 1.0 RC2: ======== * charset support for standalone usage, also align and HTML direction can be changed in langauge files. * upload form is now in a table. * option to show upload limitions above "Upload" bottun before uploading. * 2 variables where changed and became constants for security reason. the $realpath and $max_size variables are the 2. before, the max_size could've been changed via URL if register.globals were On! * removed the hidden field maxsize from the form which controled the file size!! no no, it doesn't mean that you can't control the size of the uploads :P instead, direct access to the new SFU_MAXSIZE constant was made to reduce the bit of Bandwidth used before ;D * some changes in the HTML form to tidy up the HTML tree. * not allways you want to allow visitors to change the number of uploaded files or the language file with URL query method, right ? so, new constants SFU_CHANGE_NUM & SFU_CHANGE_LNG shall protect you from this if you wish :) (more in SFUConfig.php) * few changes in language files because the text used to go crazy when arabic language is used with english file names. * now if language was changed ,if enabled of course, via URL query, the language file is checked for existence first before it's included! * text attribute was fixed so it doesn't read contents unless $show_uploaded was set to TRUE. 1.0 Stable: =========== * Download function now can filterize the files to the allowed extensions only. * put an isset() when checking the file extension to avoid possible notices. * reading more about file upload, I knew that using MAX_FILE_SIZE prevents huge files from being uploaded completly then refused and deleted .. with MAX_FILE_SIZE, once the file excedes the limit, the upload stops. * meta tags were added for search bots in case you enabled HTML mode. 1.1: ==== * in functions.php file, an isset() was added to avoid a possible notice. * ability to disable files overwriting and introduction of a new constant SFU_OVERWRITE which instructs the script to enable/disable files overwriting. * this file (ReadMe.txt) had some additions and some typos corrections. * 2 more new language variables for overwriting option. 1.2 RC 1: ========= * ability to protect your form with a universal password. * you can set the script to notify you with emails once someone tries to upload file(s). * upload logs are now avilable. text files are created with IP addresses of uploaders along with the files they attempted to upload. * exec attribute had a flaw of file overwriting. before, exec files were overwritten regardless if you allowed overwriting or not. now everything should be ok. * this file was introduced. 1.2 RC 2: ========= it's all about fixes in this release :) and now before mentioning the bug/fix/addition a word will tell which section we are talking about .. * [ATTRIBUTE] any new attribute, which is not an image, text, exec or package, will stop the script from functioning until you change it to either one of the 4 attribute! this is for your own safety! ;D * [OVERWRITE] when the safe text files of the exec files were found, the error logger issued the same message of a normal file being found.. now we have a different message for that. * [DOWNLOAD] download.php didn't list files which has been converted from exec attribute (txt or html) $onlyallowed was set true and these 2 extensions weren't allowed! now it's fixed! * [FILESIZE] another fix in downloads! not really a bug but before, file sizes were displayed in KB regardless of the size. now if the filesize is > 1024 KB, it's converted to MB. * [HTML] yet another downloads tweak, the HTML tree of the files list was orgenized. * [LANGUAGE] arabic.lng had a syntax error! fixed. 1.2: ==== instead of section names, I will be using the file name. also, I went all over the script to check for any redundency or useless parts to remove and the results are: * [UPLOAD] casting the number of files passed in URL to (int) * [FUNCTIONS] changed an isset() to empty() because the variable was allways set which made the condition useless. * [FUNCTIONS] the function showlimitions() was renamed to showlimits() * [FUNCTIONS] some comments rephrasings and new lines to seperate some functions to make it more readable. * [FUNCTIONS] the download() function will not list either of SFUConfig.php nor functions.php it's just a precaution. 1.3: ==== * [UPLOAD] the "for" loop now takes the number of loops required from the variable within instead of counting the number of elements in $_FILES. * [UPLOAD] replaced an empty() with isset() to avoid a notice. * [FUNCTION] replaced an isset() with an empty() to avoid a null if statment. * [FUNCTION] the form now does not allow user to use it if the destination directory is not writable and/or does not exist. A message is displayed until the directory is created/writable. * [FUNCTION] some optimizations to the code and the HTML tree. * [SFUCONFIG] finally, I'd decided to put dirname(__FILE__).'/' as a default real path since most of the time this script was called in its directory. * [LANGUAGE] two new language variables introduced. 1.3.1: ====== * [DOWNLOAD] security hole in file inclusion secured. 1.3.2: ====== * Two new files introduced: 1) realpath.php to find the new path and 2) FAQ.txt, make sure you read it. * [SFUCONFIG] the automatic detiction of realpath was removed since it was causing more confusion. * [SFUCONFIG] for some strange reason, the file size limit was put to 5000 KB! back to 2 MB. * [SFUCONFIG] javascript pre-validation function was removed since it wasn't active and not complete yet.