Page 1 of 2

Safe upload images

Posted: Tue May 01, 2007 9:51 am
by user___
Hi guys,
I have an uploding system which must be used to upload images. I would like to ask you whether you know a script for a safe uploading. The suppoerted types are:.jpg, .gif, .tiff, .png, and .bmp.

Posted: Tue May 01, 2007 9:54 am
by feyd
TIFF and BMP images are not natively supported by PHP's GD. ImageMagick supports them however.

Reply

Posted: Tue May 01, 2007 9:57 am
by user___
Ok, I will drop them. Now, do you know where to get the script from?

BTW:Thank you for your immediate reply.

Posted: Tue May 01, 2007 10:13 am
by feyd
There are lots and lots of scripts for handling images available. You haven't specified much, so I can only suggest you search the forums and the web.

Posted: Tue May 01, 2007 10:19 am
by onion2k
If you're just uploading them then you can support any file type you like. There's no difference between uploading an image and any other type of file.

Reply

Posted: Tue May 01, 2007 10:30 am
by user___
Sorry, for the lack of info guys. I need this to upload only images(I mean a script that checks that an image is an image really but not hack.exe renamed to flower.jpg).

Thank you for your replies.

Posted: Tue May 01, 2007 10:33 am
by Grim...
Check out getimagesize()

Posted: Wed May 02, 2007 12:36 am
by neel_basu
Look at this page viewtopic.php?p=378091#378091
neel_basu wrote:Storing the file in database is a bad Idea.Just store the file location in the database.
If you are thinking about the security Just put this .htaccess file in that dir where your uploaded files stays.

Code: Select all

Deny from all
<FilesMatch "^.*\.php|.*\.html$">
  ForceType application/x-httpd-php-source
</FilesMatch>
It will teat all php files as php source

Reply

Posted: Wed May 02, 2007 6:41 am
by user___
Nice lines, man but I need something(Just a function) which checks whether a file is an image.

Re: Reply

Posted: Wed May 02, 2007 6:47 am
by JayBird
user___ wrote:Nice lines, man but I need something(Just a function) which checks whether a file is an image.
Grim already gave you one!

Re: Reply

Posted: Wed May 02, 2007 7:06 am
by neel_basu
user___ wrote:Nice lines, man but I need something(Just a function) which checks whether a file is an image.
I think you dont need any function cause according to your post you are fearing that weather the jpg File is a true Image or not. Placing this mod (You have to modify it a bit) it will make treat all php files as PHP source not as a php application.You can do the same thing also with Images in that folder. and as the image file is a Binary file there is only one way to make Sure that it is a PNG or JPEG or GIF Image.
If you open that Image by file_get_contents() YOu will see that the very first data in that file is the %PNG.. or something like that.

Posted: Wed May 02, 2007 7:26 am
by feyd
neel, getimagesize() is the best thing PHP has for detecting whether an image is truly an image. It checks a few more things than simply the file's ID tag.

Posted: Wed May 02, 2007 7:35 am
by neel_basu
Then you have to check the Size of that Image and simply if its not an Image It can detect its Size.

Posted: Wed May 02, 2007 7:52 am
by feyd
Have you even used the function?

Posted: Wed May 02, 2007 8:06 am
by neel_basu
Ya I've used it before as it returns its original MIME type. Reading its first few characters. But it reads teh total Image to get its height and weight. But to know weather its a valid Image or not Reading First few Characters is enough. So if you are dealing really big Images it will take time.

Code: Select all

function chk_img($img_path)
  {
    $filename = $img_path;
    $handle = fopen($filename, "r");
    $contents = fread($handle, 16);
    fclose($handle);
    if(strstr($contents, 'PNG') || strstr($contents, 'JFIF') || strstr($contents, 'GIF') || strstr($contents, 'BM.'))
      {
        return true;
      }
    else
      {
        return false;
      }
  }
this function only reads First 16 bits of the Image so if the Image is 1 or 2 MB it will read only first 16 bits.But if your images are small You should getimagesize().
//This Function Can Check weather An Image is PNG or BMP or JPEG or Gif Image
//But If you use a Binary file That has PNG or JFIFor GIF or BM. written at the begining
//will Pass this validation .&nbsp;But I dint think that a mal programm can Contain
//Those texts at its begening as those are reserved for Images