PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I've been struggling with trying to code a upload script that hashes the file name after it gets uploaded and allow certain files to be uploaded and gives the link to the file after it's uploaded.
those 3 factors are VERY important, I can't find any script online that meets my requirements. I've tried coding one myself by following youtube tutorials and asking help from other forums but I had no luck whatsoever
I know this might be easy to code but I'm a biginner in PHP programming so please no hateful replies.
If anyone could provide me with a script I'd really appreciate it.
requinix wrote:The final script is secure. What do you think is wrong with it?
Sadly, it's not secure. I've tested it on my localhost and managed to upload a PHP file even though that extension is prohibted. I've used the "Tamper Data" firefox addon which is common between hackers.
I've looked everywhere for a secure version that checks the last extension but no luck so far
CatherinePHP wrote:Sadly, it's not secure. I've tested it on my localhost and managed to upload a PHP file even though that extension is prohibted. I've used the "Tamper Data" firefox addon which is common between hackers.
I've looked everywhere for a secure version that checks the last extension but no luck so far
So you are a beginning programmer and want an upload script that meets these criteria:
1. a script that hashes the file name after it gets uploaded
2. allow certain files to be uploaded
3. gives the link to the file after it's uploaded.
4. there is something specific that you are doing with Tamper Data (which you did not reveal) that you also need dealt with
The script referenced was written by a member like you and improved to meet the member's needs. It is pretty basic and could certainly be improved. If you have further requirements, we can certainly try to implement them here by improving that script (or code that you have). Just give us some specifics on how that script does not deal with your requirements above.
requinix wrote:Did you uncomment that line? It needs to be uncommented. The code also has other edits to it to assist with debugging upload problems, like
that you wouldn't want to keep once the code is ready to go live.
I actually recommended that he do something like the below. Then the script can identify the exact error to generate a reasonable error message for the user.
CatherinePHP wrote:That's the script that i'm using, it doesn't limit the file extensions. Anybody could upload .php extension through it.
I've still didn't delete the unnecessary lines, i'll do it as soon as i get back home.
The script above should limit by file extension and MIME type, and limit the file size. But that does not deal with #1 and #4 of your requirements I listed above.