-3

bellow u can see code, that i dont understand), how do that it work, i do across wampserver.https://i.stack.imgur.com/PVO9j.png

<?php


  $target_dir = "lab/";
  $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
  $uploadOk = 1;
  $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);



  if (file_exists($target_file)) {
    echo "File already exists.";
    $uploadOk = 0;
  }



  if ($uploadOk == 0) {
    echo "Error - file was not uploaded.";
  } else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
      echo "File". basename( $_FILES["fileToUpload"]["name"]). " was uploaded successfully.";



      $to = "root@localhost";
      $url = $_POST['current_url'];
      $subject = "New image was uploaded";
      $message = "URL:" . $url ;
      $headers = "lab\r\n" . 'Content-Type: text/plain; charset=UTF-8';
      mail($to,$subject,$message,$headers);
    }
  }
?>

https://i.stack.imgur.com/PVO9j.png

okijhhyu
  • 1
  • 4
    Does this answer your question? ["Notice: Undefined variable", "Notice: Undefined index", and "Notice: Undefined offset" using PHP](https://stackoverflow.com/questions/4261133/notice-undefined-variable-notice-undefined-index-and-notice-undefined) – El_Vanja Dec 16 '20 at 12:34
  • Please go read [ask]. Among other things, it explains what a good question title should look like. – CBroe Dec 16 '20 at 12:35
  • 1
    Show the form as well. We have no idea if the index `fileToUpload` should exist or not. As far as we know, you might not actually sending anything at all. – M. Eriksson Dec 16 '20 at 12:35
  • Did you solve the issue or are you ignoring comments/questions and only reply to answers? – M. Eriksson Dec 16 '20 at 13:00
  • Oh-Oh! the variable ` $target_file` can be manipulated from the http request. Potentially any file on the disk could be changed. Please also read https://cheatsheetseries.owasp.org/cheatsheets/File_Upload_Cheat_Sheet.html – Synox Dec 16 '20 at 16:01

1 Answers1

0

Forgive me if im blunt here, do you have any experience or attempt to understand the language ?

all the part does what you show us is to see if a file was uploaded to a fixed directory, if not move the file to lab/whateverthenameis.extention and send a email to root@localhost with the url in there.

Looking at the screenshot you have not send the postvar fileToUpload.

All in all, that script is a mess. set some checks in place, would recommend upload limits and timeouts.

Xynosural
  • 11
  • 2