plodos Posted October 22, 2008 Share Posted October 22, 2008 i have a upload/ directory...there are some pics. inside of the that directory when I upload the files, link looks like www.aaaa.com/upload/a.gif www.aaaa.com/upload/sdf.gif www.aaaa.com/upload/sadasd.gif these are not secure...somebody can download all the pictures by the help of flashget or other programs... I want to add HASH code before the upload like..HASH is good? there will be lots of different directories:S www.aaaa.com/upload/1f3870be274f6c49b3e31a0c6728957f/a.gif www.aaaa.com/upload/1f3870be274f6c49b3e31aasdasdadd/sdf.gif www.aaaa.com/upload/1f3870be274f6c49b3e31a0casdasddk/sadasd.gif now thats not easy to find the pictures ( in my opinion ) I dont know how will I add this hash code inside of the these script :s Who can help me!!! And other question....is it good solution method ? or Could you tell me whats better to keep these pictures from unwanted users( easy way is better for me to understand and apply )... thnx for helping me !!! <?php if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 20000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("upload/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); echo "Stored in: " . "upload/" . $_FILES["file"]["name"]; } } } else { echo "Invalid file"; } ?> Link to comment https://forums.phpfreaks.com/topic/129497-how-to-secure-file-upload/ Share on other sites More sharing options...
MadTechie Posted October 22, 2008 Share Posted October 22, 2008 or you could turn off directory listing via .htaccess.. the fact remains if anyone can access the image then anyone can steal the image.. removing the listing makes it a little harder Link to comment https://forums.phpfreaks.com/topic/129497-how-to-secure-file-upload/#findComment-671379 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.