PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Mon Feb 18, 2019 2:35 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Upload Script
PostPosted: Tue Jul 06, 2004 2:47 pm 
Offline
Forum Commoner
User avatar

Joined: Fri Nov 21, 2003 6:02 pm
Posts: 61
Location: connecticut, usa
I am creating a site that would allow registered users to upload videos, flash files, pictures, text files and music to a section of the site. I want the script to, first of all, be safe. I am *very* unsure how to pull this off. What sort of precautions would you recommend? Also, I want the file upload to be able to auto detect what type of media is being uploaded (video, flash, picture, music, text files). How could this be pulled off? Again, I am very much worried about security, so an emphasis on that would be great! Thanks to all.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 06, 2004 3:01 pm 
Offline
Forum Regular
User avatar

Joined: Thu Jan 08, 2004 12:22 pm
Posts: 926
Location: ecuador
Do you actually want to make that script you're self or .. http://www.hotscripts.com have a dozen scripts like that premade.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 06, 2004 3:05 pm 
Offline
Forum Commoner
User avatar

Joined: Fri Nov 21, 2003 6:02 pm
Posts: 61
Location: connecticut, usa
I would really prefer creating one myself; I am doing this for a company so I do not want to include script that are not mine. Also, I have not found anythign pre-made that really seems *secure*. I know file upload to begin with is insecure, but I want to try and avoid any potential problems that can be thought of. Thats where you guys come in :p.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 06, 2004 3:08 pm 
Offline
Neighborhood Spidermoddy
User avatar

Joined: Mon Mar 29, 2004 4:24 pm
Posts: 31559
Location: Bothell, Washington, USA
we've got a TON of discussions on file uploading, so instead, I'll focus more on detecting the type of file being passed.

Since the mime-type may not be passed, or can be forged easily, you'll need to rely on checking the data.
  • Text files: ASCII encoded files use a maximum of 7-bits for each byte. So passing each byte of the file through a filter to check if the bytes are greater than 127 numerically will tell you if the file is text.
  • Flash: Uses a fairly specific file structure, you should probably download the Flash SDK from Macromedia
  • Video: You'll need to find the file format specs for each of the formats you wish to allow, and detect them.
  • Pictures: you may be able to use [php_man]getimagesize[/php_man](), if the images you wish to allow are supported by PHP's core. Otherwise, you'll need to get the file format specs. A great resource is Encyclopedia of Graphics File Formats
  • Music: Just like video, you'll need to look up the file format specs.


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 06, 2004 3:20 pm 
Offline
Forum Commoner
User avatar

Joined: Fri Nov 21, 2003 6:02 pm
Posts: 61
Location: connecticut, usa
Thanks feyd, that helped out quite a bit. The video, pictures, and music I can hande without a problem, but I do have a question on the text files and flash files. First of all, could you provide an example on how to create the text file filter specified above. Also, I could not find any concrete info on the Macromedia site about the Flash SDK. Could you explain what it is and an example about how it could be implimented. Thanks!


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 06, 2004 3:30 pm 
Offline
Neighborhood Spidermoddy
User avatar

Joined: Mon Mar 29, 2004 4:24 pm
Posts: 31559
Location: Bothell, Washington, USA
you can find the Flash format spec here: http://www.macromedia.com/software/flas ... ileformat/


Top
 Profile  
 
 Post subject:
PostPosted: Tue Jul 06, 2004 4:04 pm 
Offline
Neighborhood Spidermoddy
User avatar

Joined: Mon Mar 29, 2004 4:24 pm
Posts: 31559
Location: Bothell, Washington, USA
text file filter (untested)
Syntax: [ Download ] [ Hide ]
<?php



function is_text_file($filename)

{

  if(!is_readable($filename)) return false;

  $data = file_get_contents($filename);

  $bad = false;

  for($x = 0, $y = strlen($data); !$bad && $x < $y; $x++)

  {

    $bad = ( ord($data{$x}) > 127 );

  }



  return !$bad;

}



?>


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: Google [Bot] and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group