dropfaith Posted October 9, 2008 Share Posted October 9, 2008 i know nothing about security for uploads <?php header('Location: index.php'); ?> <?php at the end of this script you will have two variables $filenames - an array that contains the names of the file uploads that succeeded $error - an array of errors that occured while processing files if the max file size in the form is more than what is set in php.ini then an addition needs to be made to the htaccess file to accomodate this add this to your .htaccess file for this directory php_value post_max_size 10M php_value upload_max_filesize 10M replace 10M to match the value you entered above for $max_file_size */ // images dir - relative from document root // this needs to be a folder that is writeable by the server $image_dir = '/art/'; // upload dir $destination = $_SERVER['DOCUMENT_ROOT'].$image_dir; if(isset($_FILES)) { // initialize error var for processing $error = array(); // acceptable files // if array is blank then all file types will be accepted $filetypes = array( 'ai' => 'application/postscript', 'jpg' => 'image/jpeg', 'jpe' => 'image/jpeg', 'jpeg' => 'image/jpeg', 'png' => 'image/x-png', 'gif' => 'image/gif', 'tif' => 'image/tiff', 'tiff' => 'image/tiff', ); // function to check for accpetable file type function okFileType($type) { // if filetypes array is empty then let everything through if(count($GLOBALS['filetypes']) < 1) { return true; } // if no match is made to a valid file types array then kick it back elseif(!in_array($type,$GLOBALS['filetypes'])) { $GLOBALS['error'][] = $type.' is not an acceptable file type. '. $type.' has been ignored.'; return false; } // else - let the file through else { return true; } } // function to check and move file function processFile($file) { // set full path/name of file to be moved $upload_file = $GLOBALS['destination'].$file['name']; if(file_exists($upload_file)) { $GLOBALS['error'][] = $file['name'].' - Filename exists - please change your image filename'; return false; } if(!move_uploaded_file($file['tmp_name'], $upload_file)) { // failed to move file $GLOBALS['error'][] = 'File Upload Failed on '.$file['name'].' - Please try again'; return false; } else { // upload OK - change file permissions chmod($upload_file, 0755); return true; } } // check to make sure files were uploaded $no_files = 0; $uploaded = array(); foreach($_FILES as $file) { switch($file['error']) { case 0: // file found if($file['name'] != NULL && okFileType($file['type']) != false) { // process the file if(processFile($file) == true) $uploaded = $file['name']; } break; case (1|2): // upload too large $error[] = 'file upload is too large for '.$file['name']; break; case 4: // no file uploaded break; case (6|7): // no temp folder or failed write - server config errors $error[] = 'internal error - flog the webmaster on '.$file['name']; break; } } } include '../template/conf.php'; // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); echo "<hr>"; $Title=$_POST['Title']; $Name=$_POST['Name']; if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $rt=mysql_query("insert into Artistimages (Title, Name, uploaded) values('$Title','$Name','$uploaded')") or die(mysql_error()); echo $rt; ?> Link to comment https://forums.phpfreaks.com/topic/127770-is-this-secure-for-image-uploads/ Share on other sites More sharing options...
lokie538 Posted December 31, 2008 Share Posted December 31, 2008 Yes Link to comment https://forums.phpfreaks.com/topic/127770-is-this-secure-for-image-uploads/#findComment-726883 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.