Image Gallery
Moderator: General Moderators
Image Gallery
Hi I'm making an image gallery for my site. I want it to users can upload images to the gallery. But I want to approve images, when their uploaded beofore they will display in the site gallery and users can see them. I would also make it pritty hard for the preapproved images to be foubd by some kind of loserso they can link to them in the forum and stuff.
for example I wouldnt want the unaproved images somewhere accesibly like
images/upload/unapproved.
would it be best to just password protect the unapproved folder?
Any comments, suggestions and experience would be usefull.
Thanks Chris
for example I wouldnt want the unaproved images somewhere accesibly like
images/upload/unapproved.
would it be best to just password protect the unapproved folder?
Any comments, suggestions and experience would be usefull.
Thanks Chris
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
store the filename, some id number, and a flag that says whether it's approved or not in a database table. All images should be loaded from a script that takes the id number. This script checks if the record is approved before sending the image. If not approved, send a false image of some kind. Use an .htaccess file to set "Deny From All" on the directory where you wish to store the files. This will disallow a user directly accessing any of the files without going through the image script.
A bit off topic for the momment probly shouldnt go in this forum but on the php manual regarding file uploads here
http://uk.php.net/features.file-upload
it doesnt mention unliking files where as in the php book it says this is bery sloppy to do so. but I find it hard to believe that the php would be, has the upload method changed and an unnlink is nolgonger needed? for example if a found a file was to large once uploaded how would i get it off the server cos i owuldnt want a 100gig file to stay on there even for 10 minutes for example..
http://uk.php.net/features.file-upload
it doesnt mention unliking files where as in the php book it says this is bery sloppy to do so. but I find it hard to believe that the php would be, has the upload method changed and an unnlink is nolgonger needed? for example if a found a file was to large once uploaded how would i get it off the server cos i owuldnt want a 100gig file to stay on there even for 10 minutes for example..
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
first off, the upload system limits the size of an upload in several places, which are the directives mentioned on that page. So unless you change your configuration to allow a 100GB file, it's not going to happen very easily. You can unlink() a file uploaded, in some cases this may be a good idea, however, the folder the upload system uses is often a temporary folder, things left there are cleared out my php or the server on a regular basis, I believe. But, if you want to be safe, unlink() the file.
The problem with that is I dont mind the images being accessible once they are approved, its just someone might upload loads porn and give peeople links to it.feyd wrote:store the filename, some id number, and a flag that says whether it's approved or not in a database table. All images should be loaded from a script that takes the id number. This script checks if the record is approved before sending the image. If not approved, send a false image of some kind. Use an .htaccess file to set "Deny From All" on the directory where you wish to store the files. This will disallow a user directly accessing any of the files without going through the image script.
---- Later Post
I'm trying to also have the script check the file is less then 500K and either a gif or jpeg. I'm using this if
Code: Select all
if (($imagesize <= "512000") && ($filetpye == "image/gif") || ($filetpye == "image/jpeg")) {One last point lol.. in the php manual it says:
That does seem very good, is there a better way to get the file type. Within php. Because surely an evil person constract their own browser that sends the type as jpg when its actually a mean php script or something of the same effect.$_FILES['userfile']['type']
The mime type of the file, if the browser provided this information. An example would be "image/gif".
Will an extra set of parenthesis around the gif/jpeg work?The problem is that if the file is a jpeg it doesnt check for the size, I undertsand why because the && doesnt conver the to type checks if you get what i mean.. I want it to be... if the image is less then 500k and a gif of jpeg not if the image is less then 500k and a gif, or the image is a jpeg.
cs-web
Code: Select all
if (($imagesize <= "512000") && (($filetpye == "image/gif") || ($filetpye == "image/jpeg")))- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
although it'd work for the average user, be careful as the file type information is sent from the requesting client, and can very easily be spoofed. Using getimagesize(), php will actually read the file, to see if it can recognize it as an image. Warning: some JPEG files may not get recognized, because there are MANY variants to JPEG. You can use the exif functions to determine more variants of JPEG, among other formats, though you need to write code to check if the function(s) exist, as they are a compile option.. exif_imagetype()
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
you can compare $_FILES['yourfile']['size'] against filesize()