Need help Options

[qwardak]

ok i am trying to make it so the visitors to my site can upload theirfiles to my directory of my site (named files) i have created a .php file that looks like this

<!--p
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
// You may change maxsize, and allowable upload file types.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
//Mmaximum file size. You may increase or decrease.
$MAX_SIZE = 2000000;
//Allowable file ext. names. you may add more extension names.
$FILE_EXTS = array('.zip','.jpg','.png','.gif','.doc');
//Allow file delete? no, if only allow upload only
$DELETABLE = true;
//vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
// Do not touch the below if you are not confident.
//^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/************************************************************
* Setup variables
************************************************************/
$site_name = $_SERVER['HTTP_HOST'];
$url_dir = "http://qwardak.my10gb.com/files".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
$url_this = "http://qwardak.my10gb.com/index.html".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF'];
$upload_dir = "files/";
$upload_url = $url_dir."/files/";
$message =" thank you for uploading your image";
/************************************************************
* Create Upload Directory
************************************************************/
if (!is_dir("files")) {
if (!mkdir($upload_dir))
die ("upload_files directory doesn't exist and creation failed");
if (!chmod($upload_dir,0755))
die ("change permission to 755 failed.");
}
/************************************************************
* Process User's Request
************************************************************/
if ($_REQUEST[del] && $DELETABLE) {
$resource = fopen("log.txt","a");
fwrite($resource,date("Ymd h:i:s")."DELETE - $_SERVER[REMOTE_ADDR]"."$_REQUEST[del]n");
fclose($resource);
if (strpos($_REQUEST[del],"/.-->0); //possible hacking else if (strpos($_REQUEST[del],$upload_dir) === false); //possible hacking else if (substr($_REQUEST[del],0,6)==$upload_dir) { unlink($_REQUEST[del]); print "<script>window.location.href='$url_this?message=deleted successfully'</script>"; } } else if ($_FILES['userfile']) { $resource = fopen("log.txt","a"); fwrite($resource,date("Ymd h:i:s")."UPLOAD - $_SERVER[REMOTE_ADDR]" .$_FILES['userfile']['name']." " .$_FILES['userfile']['type']."n"); fclose($resource); $file_type = $_FILES['userfile']['type']; $file_name = $_FILES['userfile']['name']; $file_ext = strtolower(substr($file_name,strrpos($file_name,"."))); //File Size Check if ( $_FILES['userfile']['size'] > $MAX_SIZE) $message = "The file size is over 2MB."; //File Extension Check else if (!in_array($file_ext, $FILE_EXTS)) $message = "Sorry, $file_name($file_type) is not allowed to be uploaded."; else $message = do_upload($upload_dir, $upload_url); print "<script>window.location.href='$url_this?message=$message'</script>"; } else if (!$_FILES['userfile']); else $message = "Invalid File Specified."; /************************************************************ * List Files ************************************************************/ $handle=opendir($upload_dir); $filelist = ""; while ($file = readdir($handle)) { if(!is_dir($file) && !is_link($file)) { $filelist .= "<a href="$upload_dir$file">".$file."</a> - URL: <strong>$upload_url$file</strong>"; if ($DELETABLE) $filelist .= " Added at ".date("d-m H:i", filemtime($upload_dir.$file)) .""; $filelist .= " <a title="delete" style="FONT-WEIGHT: bold; TEXT-DECORATION: none" href="?del=$upload_dir".urlencode($file)."">x</a>"; $filelist .="<br />
"; } } function do_upload($upload_dir, $upload_url) { $temp_name = $_FILES['userfile']['tmp_name']; $file_name = $_FILES['userfile']['name']; $file_name = str_replace("","",$file_name); $file_name = str_replace("'","",$file_name); $file_path = $upload_dir.$file_name; //File Name Check if ( $file_name =="") { $message = "Invalid File Name Specified"; return $message; } $result = move_uploaded_file($temp_name, $file_path); if (!chmod($file_path,0777)) $message = "change permission to 777 failed."; else $message = ($result)?"$file_name was uploaded successfully." : "Something is wrong with uploading the file."; return $message; } ?>


i bit messy but anyway my .html file looks like this....


<link href="style.css" rel="stylesheet" /><br />
<br />
<center><font color="#ff0000"><!--_REQUEST[message--></font><br />
<form id="upload" action="http://qwardak.my10gb.com/upload.php" method="post" enctype="multipart/form-data" name="upload">
Upload File <input id="userfile" type="file" name="userfile" /> <input type="submit" name="upload" value="Upload" />
</form>
<br />
<strong><u>Uploaded files:</u><br />
<br />
<!--filelis--><br />
</strong></center>

i dont know what i am doing wrong when i remove the " action="http://qwardak.my10gb.com/upload.php" it process like it were uploading but it doesnt show in my directory afterwards and when i add that it does not work at all.

it would please me greatly if som1 could fix my code up for me, btw i know that u have to change permissions in the folder which i have no idea how to do, and i use my10gb.com as my provider so if u can tell me how to do so it would be greatly appreciated, thank you in advance qwardak