Uploading images through PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Rethul
Forum Newbie
Posts: 1
Joined: Wed Oct 23, 2002 8:59 pm

Uploading images through PHP

Post by Rethul »

Ok, I'm new to this so please don't kill me! Could I create a script that allowed me to upload images onto a webpage using php?

Example: I need to upload an image. I go to the designated upload- webpage and there I can upload an image a designated webpage. Is this possible?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

search this forum
i.e. with
Search for Keywords: image upload
(x) Search for all terms
there are plenty of topics ;)
User avatar
Takuma
Forum Regular
Posts: 931
Joined: Sun Aug 04, 2002 10:24 am
Location: UK
Contact:

Post by Takuma »

You could always download the script from hotscripts.com
User avatar
noguru
Forum Commoner
Posts: 61
Joined: Thu Jun 06, 2002 4:03 am
Location: Just north of the City Of Gold, Land of Milk and Honey

Post by noguru »

Hi

I've just downloaded php-update v1.0 from hotscripts.com, but the readme file says that the directory on the server should have '0777' permissions. Is that necessary? My boss does not really want to have write access set to directories. What exactly is the security risk if some directories on the server have write access? Does it increase the risk to be hacked? I have tried to upload files without giving write access to the directory, but then I get permission denied.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

You need write access to the directory to which you want to upload files otherwise you can't (as you have found) do it.

Mac
User avatar
noguru
Forum Commoner
Posts: 61
Joined: Thu Jun 06, 2002 4:03 am
Location: Just north of the City Of Gold, Land of Milk and Honey

Post by noguru »

Oh allright. So how does this affect security on the server? Will a hacker be able to upload a virus into this directory or get access to the rest of the server via this directory?
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

A hacker can upload a virus but if you're checking the file extensions of the files as they come in and making sure they're what you expect you can get rid of blatant viruses immediately. The thing to think about is how will that hacker execute the file - viruses have to be run to do any harm - simply uploading a file, even if it is a virus will not do anything, if you retrieve that file and execute it then it will. Simple thing to do - don't trust anything sent in by a user and run a virus scan over it before it is used.

As for gaining access to all your other directories, surely you've put good security on them to prevent people from accessing things they shouldn't? Also, how will they anyone know which directory is being used for file uploads?

Mac
Post Reply