Upload Script
Moderator: General Moderators
- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
Upload Script
I am creating a site that would allow registered users to upload videos, flash files, pictures, text files and music to a section of the site. I want the script to, first of all, be safe. I am *very* unsure how to pull this off. What sort of precautions would you recommend? Also, I want the file upload to be able to auto detect what type of media is being uploaded (video, flash, picture, music, text files). How could this be pulled off? Again, I am very much worried about security, so an emphasis on that would be great! Thanks to all.
Do you actually want to make that script you're self or .. http://www.hotscripts.com have a dozen scripts like that premade.
- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
I would really prefer creating one myself; I am doing this for a company so I do not want to include script that are not mine. Also, I have not found anythign pre-made that really seems *secure*. I know file upload to begin with is insecure, but I want to try and avoid any potential problems that can be thought of. Thats where you guys come in :p.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
we've got a TON of discussions on file uploading, so instead, I'll focus more on detecting the type of file being passed.
Since the mime-type may not be passed, or can be forged easily, you'll need to rely on checking the data.
Since the mime-type may not be passed, or can be forged easily, you'll need to rely on checking the data.
- Text files: ASCII encoded files use a maximum of 7-bits for each byte. So passing each byte of the file through a filter to check if the bytes are greater than 127 numerically will tell you if the file is text.
- Flash: Uses a fairly specific file structure, you should probably download the Flash SDK from Macromedia
- Video: You'll need to find the file format specs for each of the formats you wish to allow, and detect them.
- Pictures: you may be able to use [php_man]getimagesize[/php_man](), if the images you wish to allow are supported by PHP's core. Otherwise, you'll need to get the file format specs. A great resource is Encyclopedia of Graphics File Formats
- Music: Just like video, you'll need to look up the file format specs.
- partiallynothing
- Forum Commoner
- Posts: 61
- Joined: Fri Nov 21, 2003 5:02 pm
- Location: connecticut, usa
Thanks feyd, that helped out quite a bit. The video, pictures, and music I can hande without a problem, but I do have a question on the text files and flash files. First of all, could you provide an example on how to create the text file filter specified above. Also, I could not find any concrete info on the Macromedia site about the Flash SDK. Could you explain what it is and an example about how it could be implimented. Thanks!
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
you can find the Flash format spec here: http://www.macromedia.com/software/flas ... ileformat/
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
text file filter (untested)
Code: Select all
<?php
function is_text_file($filename)
{
if(!is_readable($filename)) return false;
$data = file_get_contents($filename);
$bad = false;
for($x = 0, $y = strlen($data); !$bad && $x < $y; $x++)
{
$bad = ( ord($data{$x}) > 127 );
}
return !$bad;
}
?>