Jump to content

how to secure file upload ?

plodos

By plodos
in PHP Coding Help

 Share

Recommended Posts

plodos Regular Member

plodos

Posted
Posted

i have a upload/ directory...there are some pics. inside of the that directory

when I upload the files, link looks like

www.aaaa.com/upload/a.gif

www.aaaa.com/upload/sdf.gif

www.aaaa.com/upload/sadasd.gif

these are not secure...somebody can download all the pictures by the help of flashget or other programs...

 

I want to add HASH code before the upload like..HASH is good? there will be lots of different directories:S

 

www.aaaa.com/upload/1f3870be274f6c49b3e31a0c6728957f/a.gif

www.aaaa.com/upload/1f3870be274f6c49b3e31aasdasdadd/sdf.gif

www.aaaa.com/upload/1f3870be274f6c49b3e31a0casdasddk/sadasd.gif

now thats not easy to find the pictures ( in my opinion )

 

I dont know how will I add this hash code inside of the these script :s

Who can help me!!!

 

And other question....is it good solution method ? or Could you tell me whats better to keep these pictures from unwanted users( easy way is better for me to understand and apply )...

 

thnx for helping me !!!

 

<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.