...or if you wanna take the cheap-n-easy dan way out....
dump this into a file and name it
upload.html:
PHP Code:
<html><head><title>PHP's FileUPLOAD</title></head><body>
<form enctype="multipart/form-data" action="upload.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="500000">
Username: <input type="text" name="user" size="10"> <br>
Password: <input type="password" name="pw" size="10"><br>
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>
</body>
</html>
and name this
upload.php
PHP Code:
<?php
if ($user != "ian" || $pw != "is_hot")
exit();
// In PHP earlier then 4.1.0, $HTTP_POST_FILES should be used instead of $_FILES.
if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
copy($_FILES['userfile']['tmp_name'], "uploads/".$_FILES['userfile']['name']);
echo "upload success!";
} else {
echo "Possible file upload attack. Filename: " . $_FILES['userfile']['name']
."<br>(<a href=\"http://www.php.net/manual/en/features.file-upload.errors.php\">error code</a> ". $_FILES['userfile']['error'] .")";
}
?>
That basically uploads the file to a directory called "uploads" in the php script directory (you have to make it) when the username is "ian" and the pw is "is_hot". This is quick, dirty, but it should work (if you have the newer php version and didn't set a crazy anti-global directive thing in the php config file, you need to change the first php line to:
if ($_POST['user'] != "ian" || $_POST['pw'] != "smells")
for more info, go
here and
here