Jump to content

[SOLVED] Renamming Image

Clinton

By Clinton
in PHP Coding Help

 Share

Recommended Posts

Clinton Regular Member

Clinton

Posted
Posted

I've used the code here to upload my image and everything works just fine. http://uk3.php.net/manual/en/features.file-upload.post-method.php

 

 

<form enctype="multipart/form-data" action="imageup.php" method="POST">
    		    <input type="hidden" name="MAX_FILE_SIZE" value="60000" />
    			Send this file: <input name="userfile" type="file" /><br />
    			<input type="submit" value="Save Logo" />
</form>

 

 

imageup.php

<?php


$uploaddir = 'C:/xampp/htdocs/project/clogos/';
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

echo '<pre>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
} else {
    echo "Possible file upload attack!\n";
}

echo 'Here is some more debugging info:';
print_r($_FILES);

print "</pre>";

?>

My question is this... I could save the location and name of the uploaded file to a database but chances are that more than one individual has their logo named 'logo'. I don't want to check the db to see if that name already exists and then tell the user if it does to rename their logo simply because i'm sure some users will not know how to do that. Instead, I would rather change the name of the image that they uploaded to their username, which is stored as a session variable. What's the best way to go about this?

Link to comment
https://forums.phpfreaks.com/topic/140040-solved-renamming-image/
Share on other sites
premiso Regular Member

premiso

Posted
Posted

Use an md5 hash using time as a salt:

 

$uploaddir = 'C:/xampp/htdocs/project/clogos/';
$uploadfile = $uploaddir . md5(time() . basename($_FILES['userfile']['name']));

 

Should give you a unique hash, you could even throw the username in there too as part of the salt so it is unique to that user with the time etc.

premiso Regular Member

premiso

Posted
Posted

Usually any file over 2mb will time out the browser. I am not sure how to check this before upload (or if that is possible maybe JScript). But if the file is too big either A the browser will timeout or B the php will give an error.

 

I do not deal with file uploads too much, but maybe someone else can shed some light on it.

Zhadus Newbie

Zhadus

Posted
Posted

Partially, that will disallow someone to attempt to upload anything larger than that, but it is easy to get around. Because it's only HTML, people can just view the source, create their own external HTML page and upload to your site with as large a file as they would like.

 

I would recommend checking the file size in your PHP file before accepting the upload.

premiso Regular Member

premiso

Posted
Posted 

echo '<pre>';
$file_size = $_FILES['userfile']['size'];
if ($file_size <= MAX_FILE_SIZE) {
  if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
    echo "File is valid, and was successfully uploaded.\n";
  } else {
    echo "Possible file upload attack!\n";
  }
}

 

Something like that might do.

Zhadus Newbie

Zhadus

Posted
Posted

$_SERVER['CONTENT_LENGTH'] should do, check to make sure it's less than "blah" in bytes.

 

As a side note, this will still allow them to upload the file to a temporary folder, it just won't be completely saved on your system until it accepts it through that.

 

You can also change the php.ini file to change the max upload size.

Clinton Regular Member

Clinton

Posted
  • Author
Posted

"this will still allow them to upload the file to a temporary folder,"

 

But I read in the manual that as soon as the process is done it deletes from the temporary folder. So if it gets to the tmp folder but is too large does it just sit there or will it delete?

premiso Regular Member

premiso

Posted
Posted

"this will still allow them to upload the file to a temporary folder,"

 

But I read in the manual that as soon as the process is done it deletes from the temporary folder. So if it gets to the tmp folder but is too large does it just sit there or will it delete?

 

I believe if it is not moved via the script, it will be deleted on script completetion. But not 100% sure on that.

Clinton Regular Member

Clinton

Posted
  • Author
Posted

Real quick... I'm using this now...

 

if ((($_FILES['userfile']['size']) < 60001) AND (($_FILES['userfile']['type']) == 'image/png' OR 'image/jpeg' OR 'image/gif' OR 'image/jpg'))

 

But it didn't error out when it recognized the type as application/octet-stream. Any ideas? I also tried

 

if (($_FILES['userfile']['size']) < 60001 AND ($_FILES['userfile']['type']) == 'image/png' OR 'image/jpeg' OR 'image/gif' OR 'image/jpg')

premiso Regular Member

premiso

Posted
Posted

I would suggest this, the reason yours was not working is because you do not have the right conditionals in the OR

 

$allowedTypes = array("image/png", "image/jpeg", "image/gif", "image/jpg");

if (($_FILES['userfile']['size']) < 60001 AND in_array($_FILES['userfile']['type'], $allowedTypes)) {

 

That should be much easier =)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.