<?php

// ------------------------------------------------------------------------------------------------
// --- START CONFIGURATION ------------------------------------------------------------------------
// ------------------------------------------------------------------------------------------------

// To be checked against the post-variable named 'password'
// Use an empty value to disable password check
$password "d41d8cd98f00b204e9800998ecf8427e";  // <--- Change me!    

// The target folder of the uploaded files
$targetFolder "upload";

// Specify banned filetypes, use lower case only
$bannedFiletypes = array("php");

// Whether or not you want the script to generate unique filenames
$generateFilenames true;

// Whether or not you want the script to overwrite existing uploads
// If you've enabled unique filename generation, this option will have no effect
$overwriteFiles false;

// ------------------------------------------------------------------------------------------------
// --- END CONFIGURATION --------------------------------------------------------------------------
// ------------------------------------------------------------------------------------------------


// Check for the correct password
if($_POST['password'] == $password || $password == null) {
    // Check to see if there are any files in the request
    if(isset($_FILES['uploaded_file']['name'])) {
        $filenameParts explode("."basename($_FILES['uploaded_file']['name']));
        $filetype end($filenameParts);
        
        if(!in_array(strtolower($filetype), $bannedFiletypes)) {
            if($generateFilenames) {
                srand((double) microtime() * 1000000);
                $filename uniqueFilename($filetype) . "." $filetype;
            } else {
                $filename basename($_FILES['uploaded_file']['name']);
            }

            $target $targetFolder "/" $filename;

            if(file_exists($target) == false || $overwriteFiles == true) {
                if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $target)) {
                    echo "http://" $_SERVER['SERVER_NAME'] . "/" $target;
                } else {
                    echo "Error when copying the uploaded file";
                }
            }
        } else {
            echo "Banned filetype";
        }
    } else {
        echo "POST-variable 'uploaded_file' was not supplied";
    }
} else {
    echo "Wrong password";
}

function uniqueFilename($fileEnding)
{
    $returnString "";
    
    // Default length of generated filename is 4, to change it, modify the number on the next row 
    while(strlen($returnString) < 4) {
        $validCharacters "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
        $returnString .= substr($validCharactersrand(0strlen($validCharacters) - 1), 1);
    }
    
    if(file_exists("$targetFolder/$returnString.$fileEnding")) {
        $returnString uniqueFilename($fileEnding);
    }
    
    return $returnString;
}

?>