Securing this script [solved]
Posted: Thu Mar 30, 2006 12:33 am
This script is meant for my visitors to be able to upload images (gif/jpeg/png/whatever) to my server. My visitors are cookied before they get to this script, and if they have the cookie it asigns them a folder to upload to. This script works perfectly, just how I want it... except its not specific to images. Users can upload any file they want, even harmfull files. What is the most secure way to limit the types of files that can be uploaded? If anyone has time to help me out I would appreciate it! If its a pain I might could paypal you something for your trouble.. just let me know!
Again, this script works fine! I just don't think letting people upload any filetype is very secure!
Thanks for your time!! Here's my code:
Again, this script works fine! I just don't think letting people upload any filetype is very secure!
Thanks for your time!! Here's my code:
Code: Select all
<?php
require_once('control.php'); // just for cookie creation
if ( isset($_COOKIE['affiliate']) )
{
$mysql_access = mysql_connect("localhost","user","pass");
$db = 'database'; // mySQL database name
mysql_select_db("$db");
$query = "SELECT id FROM thumbs WHERE aff='".$_COOKIE['affiliate']."' ";
$result = mysql_query($query, $mysql_access);
if(mysql_num_rows($result)) {
// it is true
while($row = mysql_fetch_row($result))
{
// get my number
echo "<center><font face='Arial' size='2'><a target='_blank' href='/files/" . $row[0] . "'>Click here to access your uploaded files (opens in new window)</a></center><p>";
$pathz = $row[0];
}
} else {
// false, so it doesn't exist
}
if($nid) {
if($pathz) {
} else {
// false, so it doesn't exist
$tablename = "thumbs";
$next_increment = 0;
$qShowStatus = "SHOW TABLE STATUS LIKE '$tablename'";
$qShowStatusResult = mysql_query($qShowStatus) or die ( "Query failed: " . mysql_error() . "<br/>" . $qShowStatus );
$row = mysql_fetch_assoc($qShowStatusResult);
$next_increment = $row['Auto_increment'];
$aidd = $_COOKIE['affiliate'];
$sql4 = "INSERT INTO `thumbs` (`id`, `aff`) VALUES (" . $next_increment . ", " . $aidd . ")";
mysql_query($sql4, $mysql_access) or die ( "Query failed: " . mysql_error() );
$pathz = $next_increment;
}
$save_path = "/home/southern/public_html/files/" . $pathz . "/";
$file = $_FILES['userfile'];
$k = count($file['name']);
?>
<center>
<table border="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="500">
<tr>
<td width="100%"><br><font face='Arial' size='2'><center>Files successfully uploaded!</center><p><b>Uploaded File URL's</b>:<br>
<?
for($i=0 ; $i < $k ; $i++)
{
if($i %2)
{
echo '';
}
else
{
echo '';
}
echo "<a target='_blank' href='http://www.mysite.com/files/" . $pathz . "/" . $file['name'][$i] . "'>http://www.mysite.com/files/" . $pathz . "/" . $file['name'][$i] . "</a><br>";
if(isset($save_path) && $save_path!="")
{
$name = split('/',$file['name'][$i]);
move_uploaded_file($file['tmp_name'][$i], $save_path . $name[count($name)-1]);
}
}
echo "</td></tr></table><p>";
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<table border="0" cellpadding="10" align="center" width="639" align="center">
<tr><td width="615">
<p align="center"><b><font face="Verdana" color="#FF0000">Upload Images</font></b></td>
</tr>
<tr>
<td valign="top" align="center" width="615">
<table border=0 align="center" cellpadding=3>
<tr><td><input type="file" name="userfile[0]" size="20"></td></tr>
<tr><td><input type="file" name="userfile[1]" size="20"></td></tr>
<tr><td><input type="file" name="userfile[2]" size="20"></td></tr>
<tr><td colspan=2 align="center">
<input type="hidden" name="nid" value="1">
<input type="hidden" name="sessionid" value="<?= $sid ?>">
<input type="submit" value="Upload Files">
</td></tr></table>
</td>
</tr>
<tr><td width="615">
<p align="center"><font face="Arial" size="2">Select one or more image files from your
computer and click Upload Files.</font></table>
</form>
<?
} else {
?>
<form enctype="multipart/form-data" action="upload.php" method="post">
<table border="0" cellpadding="10" align="center" width="639" align="center">
<tr><td width="615">
<p align="center"><b><font face="Verdana" color="#FF0000">Upload Images</font></b></td>
</tr>
<tr>
<td valign="top" align="center" width="615">
<table border=0 align="center" cellpadding=3>
<tr><td><input type="file" name="userfile[0]" size="20"></td></tr>
<tr><td><input type="file" name="userfile[1]" size="20"></td></tr>
<tr><td><input type="file" name="userfile[2]" size="20"></td></tr>
<tr><td colspan=2 align="center">
<input type="hidden" name="nid" value="1">
<input type="hidden" name="sessionid" value="<?= $sid ?>">
<input type="submit" value="Upload Files">
</td></tr></table>
</td>
</tr>
<tr><td width="615">
<p align="center"><font face="Arial" size="2">Select one or more files from your
computer and click Upload Files.</font></table>
</form>
<?
}
}
else
{
echo "Log in to upload files!";
}
?>