Over the weekend I was hacked and my site was used to upload a php file through an image upload area, and subsequently thousands of spam emails where sent out.
I can recognise the script that I'm supposed to be workign with, but I'm not 100% with it.
What my hosting company wants me to do is change it so only image files can be uploaded.
The code below is the upload button, and there are 4 of them.
I think the code that deals with the image upload is below.
If you think its not the lot, I will try and find the rest.
So just to re-cap, what I need to fix is that only images can be uploaded, and not any type of file.
Be great too, if we can work with this code, as I've inherited this website, and I'm not a solid code developer.
Thanks guys
I can recognise the script that I'm supposed to be workign with, but I'm not 100% with it.
What my hosting company wants me to do is change it so only image files can be uploaded.
The code below is the upload button, and there are 4 of them.
Code:
<input type="file" name="file1" size="8" >
<? if($i1!=""){
if (file_exists("../admin1212".$i1)) {
if(is_file("../admin1212".$i1))
{
?>
<A onClick="MM_openBrWindow('<? echo "../admin1212".$i1; ?>');" class="hand"><b><u>View</u></b></A><? }}} ?>
I think the code that deals with the image upload is below.
If you think its not the lot, I will try and find the rest.
Code:
$src1=$_FILES['file1']['tmp_name'];
$fname1=rand(0,9999).$_FILES['file1']['name'];
$src2=$_FILES['file2']['tmp_name'];
$fname2=rand(0,9999).$_FILES['file2']['name'];
$src3=$_FILES['file3']['tmp_name'];
$fname3=rand(0,9999).$_FILES['file3']['name'];
$src4=$_FILES['file4']['tmp_name'];
$fname4=rand(0,9999).$_FILES['file4']['name'];
copy("$src1","imgdata/hotel/$fname1");
copy("$src2","imgdata/hotel/$fname2");
copy("$src3","imgdata/hotel/$fname3");
copy("$src4","imgdata/hotel/$fname4");
$Rate=$_POST['txtrtd'];
$len=strlen($Rate);
$ratenum=$_POST['txtrtd'];
if(strlen($fname1)<5)
{
$f1=$_POST['f1'];
}
else
{
$f1="/imgdata/hotel/$fname1";
}
if(strlen($fname2)<5)
{
$f2=$_POST['f2'];
}
else
{
$f2="/imgdata/hotel/$fname2";
}
if(strlen($fname3)<5)
{
$f3=$_POST['f3'];
}
else
{
$f3="/imgdata/hotel/$fname3";
}
if(strlen($fname4)<5)
{
$f4=$_POST['f4'];
}
else
{
$f4="/imgdata/hotel/$fname4";
}
So just to re-cap, what I need to fix is that only images can be uploaded, and not any type of file.
Be great too, if we can work with this code, as I've inherited this website, and I'm not a solid code developer.
Thanks guys