Help with image uploader
Posted: Sat Jul 11, 2009 11:55 pm
alright, i'm almost done with my image hosting script, i just wanted some help securing it.
Here is my source:
Upload form
Actual uploading script:
Here is my source:
Upload form
Code: Select all
<html>
<head>
<style type="text/css">
body
{
background-image:url('http://treatspin.com/imageuploader/upload/33.gif');
background-repeat:repeat;
background-attachment:fixed;
background-position:center;
}
</style>
</head>
<body>
<form enctype="multipart/form-data" action="upload.php" method="POST">
<input name="uploaded" style="padding:10px; width:200px; font-size:20px; font-weight:bold;" type="file" style= /><br />
<input type="submit" value="Upload" />
</form>
</body>
</html>Code: Select all
<html>
<head>
<style type="text/css">
body
{
background-image:url('http://treatspin.com/imageuploader/upload/33.gif');
background-repeat:repeat;
background-attachment:fixed;
background-position:center;
}
</style>
</head>
<body>
<?php
//Find Extension of File
function findexts ($filename)
{
$filename = strtolower($filename) ;
$exts = split("[/\\.]", $filename) ;
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}
$Query = TRUE;
$MySQLServer = "sup";
$MySQLUsername = "wut";
$MySQLPassword = "yah";
$MySQLQuery = mysql_connect($MySQLServer,$MySQLUsername,$MySQLPassword);
if (!$MySQLQuery)
{
echo "ERROR: Could not connect to Database";
die;
}
$result = mysql_query("INSERT INTO teh1337_imageuploads.uploads (`id`) VALUES (NULL);");
if (!$result)
{
echo "Database error -- Couldn't get insertion ID";
}
$ran = mysql_insert_id($MySQLQuery);
mysql_close($MySQLQuery);
define("ALL_LOWERCASE", true);
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;
$max_filesize = 6000000;
$ext = findexts ($_FILES['uploaded']['name']) ;
$ran2 = $ran.".";
$target = "upload/";
$target = $target . $ran2.$ext;
//Perform initial Checks, and return error where needed.
if (($_FILES["uploaded"]["type"] == "image/gif") or ($_FILES["uploaded"]["type"] == "image/jpeg") or ($_FILES["uploaded"]["type"] == "image/png") or ($_FILES["uploaded"]["type"] == "image/pjpeg"))
{
if(filesize($_FILES['uploaded']['tmp_name']) > $max_filesize)
{
//Size Error
echo "Sorry, there is an image size limit of 5.5 MB. Please resize your image and try again.";
}
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file has been uploaded ".$ran2.$ext . "<br /><br />
<img src='upload/" . $ran2 . $ext . "' />
<br /><br />
<table width='50%'>
<tr>
<td>BBCode:</td>
<td><input type='text' value='[img]http://treatspin.com/imageuploader/upload/"%20.%20$ran2%20.%20$ext%20.%20"[/img]' /></td>
</tr>
<tr>
<td>HTML:</td>
<td><input type='text' value='<img src="http://treatspin.com/imageuploader/upload/" . $ran2 . $ext . "" />' /></td>
</tr>
<tr>
<td>Direct Link:</td>
<td><input type='text' value='http://treatspin.com/imageuploader/upload/" . $ran2 . $ext . "' /></td>
</tr>
</table>";
}
else
{
echo "Sorry, there was an unknown error that occured while uploading your file. Please try again.";
}
}
}
else
{
//MIME Error
echo "Sorry, Treatspin cannot accept the file you're trying to upload. Supported Images are GIF, JPEG, and PNG.<br />Please note that IE has a technical issue that prevents uploads of PNG files.";
}
?>
</body>
</html>