File Upload

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

File Upload

Post by user___ »

Hi guys,
I have to make a script which is supposed to upload files on a remote server. What is the best and most secure way of doing that? I have made a script which sends a form to a script on the remote server which receives the file and copies it. I use hashed keys for security.
yanglei1979
Forum Commoner
Posts: 38
Joined: Sat Aug 25, 2007 10:21 pm

Re: File Upload

Post by yanglei1979 »

$actual_name = $_FILES['upload_file1']['name'];
$tmp_name=$_FILES['upload_file1']['tmp_name'];
move_uploaded_file($tmp_name,$dirname);
sideral
Forum Newbie
Posts: 4
Joined: Sun Jan 13, 2008 10:19 pm

Re: File Upload

Post by sideral »

As for security, don't ever forget the check if the file uploaded is of the type you expect. This can be done by means of

$mime_type = $_FILES['upload_file1']['type'];

Where $mime_type should be "image/jpeg", "audio/mpeg".. you name it.

However, don't just trust the mime type, since this can be spoofed.

For example, if you expect the file to be an image, perform further validation, by using

getimagesize($path_to_the_file);

In this case, php will return FALSE if the actual file could not be recognized as an image.

Cheking for the file extension can also add up a bit to security. In security, every bit of information you check always adds something.
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Re: File Upload

Post by user___ »

Thank you for your replies but I need to know the way of uploading files from the client through a Web Server to another server. I mean:client logs in server one then by using the utilities of the site on that server they must upload to the other server. It actually is another machine with a Web Server installed on it. I use the way I described but I am not sure whether there is a better one?
User avatar
jimthunderbird
Forum Contributor
Posts: 147
Joined: Tue Jul 04, 2006 3:59 am
Location: San Francisco, CA

Re: File Upload

Post by jimthunderbird »

Maybe try storing the file into database. Use database as a middle man.
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Re: File Upload

Post by user___ »

Thank you jimthunderbird. That's a solution but not for that case because I missed to say that here we talk about files bigger than five hundred MB or even more. That would slow the DB a lot. Do you have any other suggestions?
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: File Upload

Post by Mordred »

user___ wrote:Thank you for your replies but I need to know the way of uploading files from the client through a Web Server to another server. I mean:client logs in server one then by using the utilities of the site on that server they must upload to the other server. It actually is another machine with a Web Server installed on it. I use the way I described but I am not sure whether there is a better one?
I didn't get it, please elaborate.
User avatar
jimthunderbird
Forum Contributor
Posts: 147
Joined: Tue Jul 04, 2006 3:59 am
Location: San Francisco, CA

Re: File Upload

Post by jimthunderbird »

A little "think out of the box", for such a big file, see if http://www.radinks.com/upload/ helps.
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Re: File Upload

Post by user___ »

Well, Java works fine but I need a Php solution. What I want is to upload very big files from an client through one server and save them on another. It is about a system where users log in and upload big files but those files are not saved on the same machine they are logged in but on another one. I do not use DB for sessions' storing because of other reasons. I just wonder whether there is a better and more secure way of doing that than the one I explained earlier.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: File Upload

Post by VladSun »

If I understand you correctly, you can use scp for transferring the uploaded file between the servers.
There are 10 types of people in this world, those who understand binary and those who don't
user___
Forum Contributor
Posts: 297
Joined: Tue Dec 05, 2006 3:05 pm

Re: File Upload

Post by user___ »

Thank you VladSun but I need that done by a client without scp or anything else. Just a browser. Do you have any other solutions?
Post Reply