File Upload
Moderator: General Moderators
File Upload
Hi guys,
I have to make a script which is supposed to upload files on a remote server. What is the best and most secure way of doing that? I have made a script which sends a form to a script on the remote server which receives the file and copies it. I use hashed keys for security.
I have to make a script which is supposed to upload files on a remote server. What is the best and most secure way of doing that? I have made a script which sends a form to a script on the remote server which receives the file and copies it. I use hashed keys for security.
-
yanglei1979
- Forum Commoner
- Posts: 38
- Joined: Sat Aug 25, 2007 10:21 pm
Re: File Upload
$actual_name = $_FILES['upload_file1']['name'];
$tmp_name=$_FILES['upload_file1']['tmp_name'];
move_uploaded_file($tmp_name,$dirname);
$tmp_name=$_FILES['upload_file1']['tmp_name'];
move_uploaded_file($tmp_name,$dirname);
Re: File Upload
As for security, don't ever forget the check if the file uploaded is of the type you expect. This can be done by means of
$mime_type = $_FILES['upload_file1']['type'];
Where $mime_type should be "image/jpeg", "audio/mpeg".. you name it.
However, don't just trust the mime type, since this can be spoofed.
For example, if you expect the file to be an image, perform further validation, by using
getimagesize($path_to_the_file);
In this case, php will return FALSE if the actual file could not be recognized as an image.
Cheking for the file extension can also add up a bit to security. In security, every bit of information you check always adds something.
$mime_type = $_FILES['upload_file1']['type'];
Where $mime_type should be "image/jpeg", "audio/mpeg".. you name it.
However, don't just trust the mime type, since this can be spoofed.
For example, if you expect the file to be an image, perform further validation, by using
getimagesize($path_to_the_file);
In this case, php will return FALSE if the actual file could not be recognized as an image.
Cheking for the file extension can also add up a bit to security. In security, every bit of information you check always adds something.
Re: File Upload
Thank you for your replies but I need to know the way of uploading files from the client through a Web Server to another server. I mean:client logs in server one then by using the utilities of the site on that server they must upload to the other server. It actually is another machine with a Web Server installed on it. I use the way I described but I am not sure whether there is a better one?
- jimthunderbird
- Forum Contributor
- Posts: 147
- Joined: Tue Jul 04, 2006 3:59 am
- Location: San Francisco, CA
Re: File Upload
Maybe try storing the file into database. Use database as a middle man.
Re: File Upload
Thank you jimthunderbird. That's a solution but not for that case because I missed to say that here we talk about files bigger than five hundred MB or even more. That would slow the DB a lot. Do you have any other suggestions?
Re: File Upload
I didn't get it, please elaborate.user___ wrote:Thank you for your replies but I need to know the way of uploading files from the client through a Web Server to another server. I mean:client logs in server one then by using the utilities of the site on that server they must upload to the other server. It actually is another machine with a Web Server installed on it. I use the way I described but I am not sure whether there is a better one?
- jimthunderbird
- Forum Contributor
- Posts: 147
- Joined: Tue Jul 04, 2006 3:59 am
- Location: San Francisco, CA
Re: File Upload
A little "think out of the box", for such a big file, see if http://www.radinks.com/upload/ helps.
Re: File Upload
Well, Java works fine but I need a Php solution. What I want is to upload very big files from an client through one server and save them on another. It is about a system where users log in and upload big files but those files are not saved on the same machine they are logged in but on another one. I do not use DB for sessions' storing because of other reasons. I just wonder whether there is a better and more secure way of doing that than the one I explained earlier.
Re: File Upload
If I understand you correctly, you can use scp for transferring the uploaded file between the servers.
There are 10 types of people in this world, those who understand binary and those who don't
Re: File Upload
Thank you VladSun but I need that done by a client without scp or anything else. Just a browser. Do you have any other solutions?