• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 219
  • Last Modified:

uploading files

Hello Experts ,
i am a new in the PHP world , but i have been study this lang for serverl years but as a part time ,
i have seen lots of codes which are upload files and photo . but the problem there aren't too secure because in some cases some one could upload shell script as a JPG format or another types ..
Can any one help me to get a small code which is can upload the files and photo with the most security methods...
thanx in advance.
 
0
CFIL
Asked:
CFIL
  • 3
  • 2
1 Solution
 
phpintheusaCommented:
I use something similar to this to make sure they are uploading the proper file extension:

$image_types = 'jpg,jpeg,gif,png';
 
function getFileExt($filename) {
	$path_info = pathinfo($filename);
	return $path_info['extension'];
}
$extension = getFileExt($_FILES['photo']['name']);
$extension = strtolower($extension);
$extension = explode('.', $extension);
$ext = $extension[0];
$goode = strtolower($image_types);
$goode = explode(',', $goode);
if( !in_array( $ext, $goode ) ) {
	echo 'Sorry, you can only upload jpg,jpeg,gif and png files.';
         die;
}

Open in new window

0
 
CFILAuthor Commented:
Hi phpintheusa: ,
thank you for your comment ,
could you please put the whole code from  choosing a file until save it in a particular path.
Sorry for my question , i am not an expert as you think ..

0
 
phpintheusaCommented:
Here you go, tested and no errors.
<?php
$image_types = 'jpg,jpeg,gif,png';	// allowed image type (example: 'jpg,gid,jpeg,png')
$upload_path = 'photos/';		// path to uploads directory
 
if (isset($_POST['action']) && $_POST['action'] == 'upload') {
	if (!isset($_FILES['photo'])) {
		die('Photo not chosen. Please try again.');
	} else {
		$temp = $_FILES['photo']['tmp_name'];
		function getFileExt($filename) {
			$path_info = pathinfo($filename);
			return $path_info['extension'];
		}
		$extension = getFileExt($_FILES['photo']['name']);
		$extension = strtolower($extension);
		$extension = explode('.', $extension);
		$ext = $extension[0];
		$goode = strtolower($image_types);
		$goode = explode(',', $goode);
		if( !in_array( $ext, $goode ) ) {
			echo 'Sorry, you can only upload jpg,jpeg,gif and png files.';
		}
		$upload_path = $upload_path . basename( $_FILES['photo']['name']); 
		if(move_uploaded_file($_FILES['photo']['tmp_name'], $upload_path)) {
		    echo 'Success!';
		} else {
		    echo "Please try again!";
		}
 
	}
} else {
	echo '
		<form enctype="multipart/form-data" action="upload.php" method="POST">
			<input type="hidden" name="MAX_FILE_SIZE" value="100000" />
			<input type="hidden" name="action" value="upload" />
			<p>File to upload: <input name="photo" type="file" /></p>
			<p><input type="submit" value="Upload" /></p>
		</form>
 
	';
}
?>

Open in new window

0
 
CFILAuthor Commented:
thank you Sir .. its grate .
i tried it and it is work fine but Do you think there is any way to upload some shell scripts or any trojan files
0
 
phpintheusaCommented:
Nah, you should be fine:D
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now