help plez with file upload

[welard]

i ceep on getting this

Internal [URL="http://forums.x10hosting.com/#"]Server[/URL] Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator,  and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

here is the sorcecode

<?php
/*-----------------------------------------------------
-- Isomerizer 
-- Copyright held 2007-2008 Isomerizer
-- uploadpic.php
-- converted to V2 by Jesse60905
-----------------------------------------------------*/
include "globals.php";

if($_FILES['imagefile']=="")
{

echo "<br />Upload an Profile Image:<br />
<form name='imageuploader' method='post' action='uploadpic.php' enctype='multipart/form-data'>
<i>Path of Image:</i> <input type='file' name='imagefile'>
<br>
<input type='submit' name='Submit' value='Upload Image'> 
</form>
<br />(Max 10000 file bytes , Must be file extention gif, jpg, jpeg, png, bmp....)<br />
(Images are resized to 150 x 150)<br />";
}
else
{
//Edit below for max bytes size of the pic
$maxsize=50000000;

if ($_FILES['imagefile']['size'] > $maxsize) { echo "Image to large<br /><a href=uploadpic.php>Back</a>"; exit; }

if ($_FILES['imagefile']['type'] == "image/gif" || "image/jpeg" || "http://forums.x10hosting.com/images/jpeg" || "http://forums.x10hosting.com/images/png" || "http://forums.x10hosting.com/images/bmp"){ 
    copy ($_FILES['imagefile']['tmp_name'], "profilepics/".$_FILES['imagefile']['name']) 
    or die ("Could not copy, Make sure you have profilepics on your FTP"); 

$path='profilepics/';
$pic=$_FILES['imagefile']['name'];
$picture=$path.$pic;
$oldpic=$ir['display_pic'];
$newpic=$picture;

if ($newpic==$oldpic) { echo "<br />Image already uploaded!"; exit; }

$delete=@unlink($oldpic);
if ($delete) { echo "Previous image deleted from system...<br /><br />"; }
if (!$delete) { echo "No Previous image to be deleted...<br /><br />"; }

$dataa=$_FILES['imagefile']['size'];
$datab=$_FILES['imagefile']['type'];
$datad=$_FILES['imagefile']['name'];
echo "Old Image Location: $oldpic<br />";
echo "New Image Location: $newpic<br />";
echo "Image Uploaded";
echo "<br /><br /><u>Info:</u><br /> Image Name: $datad<br />Image Size: $dataa bytes<br />Type: $datab";
echo "<br /><br /><a href=uploadpic.php>Back</a>";

$fileplace=$_FILES['imagefile']['name'];
$db->query("UPDATE users SET display_pic='profilepics/$fileplace' WHERE userid=$userid",$c);
}
        else {
            echo "<br><br>";
            echo "Could Not Copy, Wrong Filetype (".$_FILES['imagefile']['name'].")<br>";
            echo "Must be an image file extention gif, jpg, jpeg, png, bmp....";
            echo "<br /><a href=uploadpic.php>Back</a>";
        } 
}
$h->endpage();

?>

the file permisions are 0755

 

[Jesse60905]

I may be able to give you just a tad bit of help with that...

2 things. First of all. That version is outdated. It has a very large exploit which could possibly give a hacker the ability to upload a shell into your site. 2nd of all. That version was modified. The script would need alot of work to fix.