Page 1 of 1

File Upload

Posted: Sun Jan 13, 2008 4:12 pm
by user___
Hi guys,
I have to make a script which is supposed to upload files on a remote server. What is the best and most secure way of doing that? I have made a script which sends a form to a script on the remote server which receives the file and copies it. I use hashed keys for security.

Re: File Upload

Posted: Sun Jan 13, 2008 10:11 pm
by yanglei1979
$actual_name = $_FILES['upload_file1']['name'];
$tmp_name=$_FILES['upload_file1']['tmp_name'];
move_uploaded_file($tmp_name,$dirname);

Re: File Upload

Posted: Sun Jan 13, 2008 10:48 pm
by sideral
As for security, don't ever forget the check if the file uploaded is of the type you expect. This can be done by means of

$mime_type = $_FILES['upload_file1']['type'];

Where $mime_type should be "image/jpeg", "audio/mpeg".. you name it.

However, don't just trust the mime type, since this can be spoofed.

For example, if you expect the file to be an image, perform further validation, by using

getimagesize($path_to_the_file);

In this case, php will return FALSE if the actual file could not be recognized as an image.

Cheking for the file extension can also add up a bit to security. In security, every bit of information you check always adds something.

Re: File Upload

Posted: Mon Jan 14, 2008 1:49 am
by user___
Thank you for your replies but I need to know the way of uploading files from the client through a Web Server to another server. I mean:client logs in server one then by using the utilities of the site on that server they must upload to the other server. It actually is another machine with a Web Server installed on it. I use the way I described but I am not sure whether there is a better one?

Re: File Upload

Posted: Mon Jan 14, 2008 1:58 am
by jimthunderbird
Maybe try storing the file into database. Use database as a middle man.

Re: File Upload

Posted: Mon Jan 14, 2008 5:26 am
by user___
Thank you jimthunderbird. That's a solution but not for that case because I missed to say that here we talk about files bigger than five hundred MB or even more. That would slow the DB a lot. Do you have any other suggestions?

Re: File Upload

Posted: Mon Jan 14, 2008 6:02 am
by Mordred
user___ wrote:Thank you for your replies but I need to know the way of uploading files from the client through a Web Server to another server. I mean:client logs in server one then by using the utilities of the site on that server they must upload to the other server. It actually is another machine with a Web Server installed on it. I use the way I described but I am not sure whether there is a better one?
I didn't get it, please elaborate.

Re: File Upload

Posted: Mon Jan 14, 2008 6:03 am
by jimthunderbird
A little "think out of the box", for such a big file, see if http://www.radinks.com/upload/ helps.

Re: File Upload

Posted: Mon Jan 14, 2008 7:16 am
by user___
Well, Java works fine but I need a Php solution. What I want is to upload very big files from an client through one server and save them on another. It is about a system where users log in and upload big files but those files are not saved on the same machine they are logged in but on another one. I do not use DB for sessions' storing because of other reasons. I just wonder whether there is a better and more secure way of doing that than the one I explained earlier.

Re: File Upload

Posted: Mon Jan 14, 2008 8:10 am
by VladSun
If I understand you correctly, you can use scp for transferring the uploaded file between the servers.

Re: File Upload

Posted: Mon Jan 14, 2008 3:29 pm
by user___
Thank you VladSun but I need that done by a client without scp or anything else. Just a browser. Do you have any other solutions?