Image uploads/creating images

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
newbie2php
Forum Commoner
Posts: 35
Joined: Wed Nov 07, 2007 4:44 pm

Image uploads/creating images

Post by newbie2php »

Hi all,

I am currently looking into image upload scripts, and the security around allowing users to do so.

There seems to be quite a few methods, some more secure then others.

I looked into image generation in PHP, and how you can reproduce an image based off another image.

My question - if I produced a script that took the image uploaded by the user, and then resaved this image (type depending on which type they uploaded) using PHP - would this not ensure that we are only uploading images and not risky user files?

e.g imagecreatefromgif($tempname)

Maybe also some slight resizing too, is the image is over a certain dimension.

Any feedback regarding this, and image upload would be great

Thanks
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

My question - if I produced a script that took the image uploaded by the user, and then resaved this image (type depending on which type they uploaded) using PHP - would this not ensure that we are only uploading images and not risky user files?
Have you tried it? There is no better way to learn than for yourself. Better yet, let us know. An alternative may be to simply use getimagesize() to determine whether the file is actually an image or masked as one. Careful though, getimagesize() can be tricked.
Maybe also some slight resizing too, is the image is over a certain dimension.
Indeed, this is common practice.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

Using GD as you have described is good, but you should check the file type data first anyway.
Post Reply