Safe upload images
Moderator: General Moderators
Safe upload images
Hi guys,
I have an uploding system which must be used to upload images. I would like to ask you whether you know a script for a safe uploading. The suppoerted types are:.jpg, .gif, .tiff, .png, and .bmp.
I have an uploding system which must be used to upload images. I would like to ask you whether you know a script for a safe uploading. The suppoerted types are:.jpg, .gif, .tiff, .png, and .bmp.
Check out getimagesize()
- neel_basu
- Forum Contributor
- Posts: 454
- Joined: Wed Dec 06, 2006 9:33 am
- Location: Picnic Garden, Kolkata, India
Look at this page viewtopic.php?p=378091#378091
It will teat all php files as php sourceneel_basu wrote:Storing the file in database is a bad Idea.Just store the file location in the database.
If you are thinking about the security Just put this .htaccess file in that dir where your uploaded files stays.Code: Select all
Deny from all <FilesMatch "^.*\.php|.*\.html$"> ForceType application/x-httpd-php-source </FilesMatch>
Re: Reply
Grim already gave you one!user___ wrote:Nice lines, man but I need something(Just a function) which checks whether a file is an image.
- neel_basu
- Forum Contributor
- Posts: 454
- Joined: Wed Dec 06, 2006 9:33 am
- Location: Picnic Garden, Kolkata, India
Re: Reply
I think you dont need any function cause according to your post you are fearing that weather the jpg File is a true Image or not. Placing this mod (You have to modify it a bit) it will make treat all php files as PHP source not as a php application.You can do the same thing also with Images in that folder. and as the image file is a Binary file there is only one way to make Sure that it is a PNG or JPEG or GIF Image.user___ wrote:Nice lines, man but I need something(Just a function) which checks whether a file is an image.
If you open that Image by file_get_contents() YOu will see that the very first data in that file is the %PNG.. or something like that.
- neel_basu
- Forum Contributor
- Posts: 454
- Joined: Wed Dec 06, 2006 9:33 am
- Location: Picnic Garden, Kolkata, India
Ya I've used it before as it returns its original MIME type. Reading its first few characters. But it reads teh total Image to get its height and weight. But to know weather its a valid Image or not Reading First few Characters is enough. So if you are dealing really big Images it will take time.
this function only reads First 16 bits of the Image so if the Image is 1 or 2 MB it will read only first 16 bits.But if your images are small You should getimagesize().
//This Function Can Check weather An Image is PNG or BMP or JPEG or Gif Image
//But If you use a Binary file That has PNG or JFIFor GIF or BM. written at the begining
//will Pass this validation . But I dint think that a mal programm can Contain
//Those texts at its begening as those are reserved for Images
Code: Select all
function chk_img($img_path)
{
$filename = $img_path;
$handle = fopen($filename, "r");
$contents = fread($handle, 16);
fclose($handle);
if(strstr($contents, 'PNG') || strstr($contents, 'JFIF') || strstr($contents, 'GIF') || strstr($contents, 'BM.'))
{
return true;
}
else
{
return false;
}
}//This Function Can Check weather An Image is PNG or BMP or JPEG or Gif Image
//But If you use a Binary file That has PNG or JFIFor GIF or BM. written at the begining
//will Pass this validation . But I dint think that a mal programm can Contain
//Those texts at its begening as those are reserved for Images