<?php
session_start();

/* Define settings */

$siteTITLE="File Upload"; // title of site
$siteHEADER="File Upload"; // header text
$siteFOOTER="Created by Techno"; // footer text
$allowed_extensions=array("zip","rar","png"); // allowed extensions
$upload_destination="files"; // path to directory where files would be saved
$protected=1; // 0 or 1 [ If protected is set to 1, then define $key as your secret key. ]
$key="admin"; // secret key to access uploader in case protected is set to 1

/* DO NOT EDIT BELOW */

$file=basename(__FILE__);
$max_size_allowed=2*(1024*1024); // 2 MB
$allowed=join(",",$allowed_extensions);
$max=size($max_size_allowed);
if($protected)$logout="<div align='right'><a href='$file?logout=true'>Logout</a></div>";else$logout="";

/* Authentication begins */

if($protected==1){
    if(isset($_GET['logout'])){
        unset($_SESSION['uploader_allowed']);
        header("Location: $file");
        exit;
    }
    if(!isset($_SESSION['uploader_allowed'])){
        if(isset($_POST['submit'])){
            if($_POST['key']==$key){
                $_SESSION['uploader_allowed']=1;
                header("Location: $file");
                exit;
            }
            else{header("Location: $file");}
        }
        else{
            echo"<form method='post' action='$file'>SecretKey : <input type='text' name='key' value='' /> <input type='submit' name='submit' value='Go' /></form>";
        }
        exit;
    }
}

/* Authentication ends */

function size($size,$round=1){
    $sizes = array(' Byts', ' Kb', ' Mb', ' Gb',' TB');
    $total = count($sizes)-1;
    for ($i=0; $size > 1024 && $i < $total; $i++)
        $size /= 1024;
    return round($size,$round).$sizes[$i];
}

/* Iframe begins */

if(isset($_GET['frame']) && $_GET['frame']==true){
echo"
<html>
<head>
<title></title>
<style type='text/css'>
body{color:black;font:11px verdana;}
a:link,a:active,a:visited{color:inherit;text-decoration:none}
a:hover{text-decoration:underline;}
</style>
</title>
</head>
<body>
";

if(isset($_POST['submit']) && $_POST['submit']=="Upload"){
    $file=$_FILES['file'];
    if(!empty($file) && $file['error']==0 && $file[size]>0){
        if($file['size']<=$max_size_allowed){
        $ext=strtolower(end(explode(".",$file['name'])));
        $name=str_replace('.','-',substr($file['name'],0,strrpos($file['name'],'.')));
            if(in_array($ext,$allowed_extensions,true)){
                if(is_dir($upload_destination)){
                $new="$upload_destination/$name.$ext";
                    if(move_uploaded_file($file['tmp_name'],$new)){
                        $size=size($file[size]);
                        $new = htmlspecialchars($new);
                        $newname=htmlspecialchars(basename($new));
                        echo"<a href='$new'>$newname</a> ( $size )";
                    }else{echo"File upload error. Unable to move to destination folder.";}
                }else{echo"Destination directory is not a valid directory.";}
            }else{echo"This file extension is not allowed.";}
        }else{echo"File size exceeds maximum upload limit.";}
    }else{echo"There was error while uploading.";}
    sleep(1); // Timelock: just for anim !
}
else{
echo"
<script type='text/javascript'>
function dosubmit()
{
document.getElementsByTagName(\"form\")[0].style.visibility=\"hidden\";
document.getElementsByTagName(\"input\")[1].click();
document.getElementsByTagName(\"img\")[0].style.visibility=\"visible\";
}
</script>

<form method='post' action='$file?frame=true' enctype='multipart/form-data'>
<img src='anim.gif' id='anim' style='z-index:1;position:absolute;visibility:hidden;' />
<input type='file' name='file' onchange='dosubmit();' />
<input type='submit' name='submit' value='Upload' />
</form>
";
}

exit("</body></html>");
}

$var=<<<UNCOMPLICATED
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv='Content-Type' content='text/html; charset=ISO-8859-1;charset=windows-1252' />
<style type="text/css">
body{margin:auto;width:700px;font:11px verdana;line-height:2;}
iframe{border:0px;height:50px;width:700px;}
.header{text-align:center;font:bold 40px cursive;color:rgb(155,155,155);padding:5px;text-shadow:1px 1px 1px rgb(0,0,0);}
.footer{text-align:right;padding:10px;font:10px verdana;}
.info{padding:10px;text-shadow:1px 1px 0.4px rgb(240,240,240);}
.func{text-align:right;padding:10px;}
</style>
<script type='text/javascript'>
function addFrame()
{
var frame = document.createElement('iframe');
frame.setAttribute('src','$file?frame=true');
frame.setAttribute('scrolling','no');
document.getElementById('uploader').appendChild(frame);
}
function clear()
{
document.getElementById('main').innerHTML="<div id='uploader'><iframe src='$file?frame=true' scrolling='no'></iframe></div>";
}
</script>
<title>$siteTITLE</title>
</head>
<body>
<div class='header'><a href='$file'>$siteHEADER</a></div>
$logout
<div class='info'>
&raquo; Maximum upload limit : $max
<br />&raquo; Allowed Extensions : $allowed
</div>
<div id='main'>
<div id='uploader'>
<iframe src='$file?frame=true' scrolling='no'></iframe>
</div>
</div>
<div class='func'><a href='javascript:addFrame();' >Add new</a> <a href='javascript:clear();'>Clear</a></div>
<div class='footer'>$siteFOOTER</div>
UNCOMPLICATED;

echo $var;

?>
</body>
</html>