diff --git a/docs/www/fileupload.php b/docs/www/fileupload.php
new file mode 100644
index 0000000..09a09c7
--- /dev/null
+++ b/docs/www/fileupload.php
@@ -0,0 +1,50 @@
+<?php
+$COMMONS = $_SERVER['DOCUMENT_ROOT'] . "/../common";
+
+include_once($COMMONS."/header.php");
+
+// If the user does not have the 1000 0000 permission,
+// throw a 403: Forbidden error.
+if(!(bool)($_SESSION["current_user"]->permissions & 128)) {
+	header($_SERVER["SERVER_PROTOCOL"]." 403 Forbidden", true, 403);
+	include($_SERVER["DOCUMENT_ROOT"]."/errors/403.php");
+	die();
+}
+
+display_header("Upload a file.");
+
+if(isset($_POST["submit"])) {
+	$uploadDir = '/srv/http/assets/upload/';
+	$firstDir = bin2hex(random_bytes(16));
+	$secondDir = bin2hex(random_bytes(16));
+	$filename = bin2hex(random_bytes(16));
+	$combinedPath = $firstDir."/".$secondDir."/".$filename;
+
+	mkdir($uploadDir.$firstDir, 0774);
+	mkdir($uploadDir.$firstDir."/".$secondDir, 0774);
+
+	echo "<pre>";
+	if (move_uploaded_file($_FILES['userfile']['tmp_name'],
+		$uploadDir.$combinedPath)) {
+		echo "File is valid, and was successfully uploaded.\n";
+		printf("location: assets.zdenekborovec.cz/upload/%s", $combinedPath);
+	} else {
+		echo "File upload failed.\n";
+	}
+	echo "</pre>";
+}
+
+?>
+
+<!-- The data encoding type, enctype, MUST be specified as below -->
+<form method="post" enctype="multipart/form-data" action="<?php
+	htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
+    <!-- Name of input element determines name in $_FILES array -->
+	<label for="userfile">Send this file:</label>
+	<input name="userfile" type="file">
+    <input name="submit" type="submit" value="Send File">
+</form>
+
+<?php
+include_once($COMMONS."/footer.php");
+?>