also id be grateful if someone checked through my code and gave me pointers how i can make more secure or point out any faults.
Im using following code
Code: Select all
<?php
include 'Connect.php';
//This function separates the extension from the rest of the file name and returns it
function findexts ($filename)
{
$filename = strtolower($filename) ;
$exts = split("[/\\.]", $filename) ;
$n = count($exts)-1;
$exts = $exts[$n];
return $exts;
}
$ext = findexts ($_FILES['photo']['name']) ; //This applies the function to our file
$ran = rand () ;//This line assigns a random number to a variable.
$ran2 = $ran."."; //adds a . on the end of $ran
$target = "userimages/"; //This is the directory where images will be saved
$pic = $ran2.$ext;//This gets information from the form that has since been randomised and checked
$target = $target . $ran2.$ext;//This combines the directory, the random file name, and the extension
$ok=1;
//This is our size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}
//This is our limit file type condition
if ($uploaded_type =="text/php")
{
echo "No PHP files<br>";
$ok=0;
}
//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}
//If everything is ok we try to upload it
else
{
//Writes the information to the database
mysql_query("UPDATE members SET photo = '$pic' WHERE username = '$username'") ;
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>