Safe upload images

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Safe upload images

Post by user___ »

Hi guys,
I have an uploding system which must be used to upload images. I would like to ask you whether you know a script for a safe uploading. The suppoerted types are:.jpg, .gif, .tiff, .png, and .bmp.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

TIFF and BMP images are not natively supported by PHP's GD. ImageMagick supports them however.
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Reply

Post by user___ »

Ok, I will drop them. Now, do you know where to get the script from?

BTW:Thank you for your immediate reply.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

There are lots and lots of scripts for handling images available. You haven't specified much, so I can only suggest you search the forums and the web.
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Post by onion2k »

If you're just uploading them then you can support any file type you like. There's no difference between uploading an image and any other type of file.
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Reply

Post by user___ »

Sorry, for the lack of info guys. I need this to upload only images(I mean a script that checks that an image is an image really but not hack.exe renamed to flower.jpg).

Thank you for your replies.
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

Check out getimagesize()
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

Look at this page viewtopic.php?p=378091#378091
neel_basu wrote:Storing the file in database is a bad Idea.Just store the file location in the database.
If you are thinking about the security Just put this .htaccess file in that dir where your uploaded files stays.

Code: Select all

Deny from all
<FilesMatch "^.*\.php|.*\.html$">
  ForceType application/x-httpd-php-source
</FilesMatch>
It will teat all php files as php source
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Reply

Post by user___ »

Nice lines, man but I need something(Just a function) which checks whether a file is an image.
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

Re: Reply

Post by JayBird »

user___ wrote:Nice lines, man but I need something(Just a function) which checks whether a file is an image.
Grim already gave you one!
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Re: Reply

Post by neel_basu »

user___ wrote:Nice lines, man but I need something(Just a function) which checks whether a file is an image.
I think you dont need any function cause according to your post you are fearing that weather the jpg File is a true Image or not. Placing this mod (You have to modify it a bit) it will make treat all php files as PHP source not as a php application.You can do the same thing also with Images in that folder. and as the image file is a Binary file there is only one way to make Sure that it is a PNG or JPEG or GIF Image.
If you open that Image by file_get_contents() YOu will see that the very first data in that file is the %PNG.. or something like that.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

neel, getimagesize() is the best thing PHP has for detecting whether an image is truly an image. It checks a few more things than simply the file's ID tag.
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

Then you have to check the Size of that Image and simply if its not an Image It can detect its Size.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Have you even used the function?
User avatar
neel_basu
Forum Contributor
Posts: 454
Joined: Wed Dec 06, 2006 9:33 am
Location: Picnic Garden, Kolkata, India

Post by neel_basu »

Ya I've used it before as it returns its original MIME type. Reading its first few characters. But it reads teh total Image to get its height and weight. But to know weather its a valid Image or not Reading First few Characters is enough. So if you are dealing really big Images it will take time.

Code: Select all

function chk_img($img_path)
  {
    $filename = $img_path;
    $handle = fopen($filename, "r");
    $contents = fread($handle, 16);
    fclose($handle);
    if(strstr($contents, 'PNG') || strstr($contents, 'JFIF') || strstr($contents, 'GIF') || strstr($contents, 'BM.'))
      {
        return true;
      }
    else
      {
        return false;
      }
  }
this function only reads First 16 bits of the Image so if the Image is 1 or 2 MB it will read only first 16 bits.But if your images are small You should getimagesize().
//This Function Can Check weather An Image is PNG or BMP or JPEG or Gif Image
//But If you use a Binary file That has PNG or JFIFor GIF or BM. written at the begining
//will Pass this validation .&nbsp;But I dint think that a mal programm can Contain
//Those texts at its begening as those are reserved for Images
Post Reply