sean04 Posted April 8, 2010 Share Posted April 8, 2010 I know this can be more secure but I'm not sure how. Any suggestions? <?php if($logged[user_ID]) { if(isset($_GET['upload'])) { $filename = $_FILES["avatar"]["name"]; $tmp_name = $_FILES["avatar"]["tmp_name"]; $useridnum = $loggedinuser[user_ID]; $avatar = "testupload/$filename"; $username = $logged[username]; if (move_uploaded_file($tmp_name, "testupload/".$useridnum.$filename)) { $query = mysql_query("UPDATE `members` SET `avatar` = '$avatar' WHERE `username` = '$login[username]'"); echo ("File uploaded $avatar, $username"); } else { echo "Uploading file Failed"; } } } ?> Also, I added useridnum because I want filename to never repeat. I realize I need more then just the user id. Anyone have any other ideas for that to? I guess maybe a random number string possibly? Thanks for any help, Sean Link to comment https://forums.phpfreaks.com/topic/198056-file-upload-can-this-be-more-secure/ Share on other sites More sharing options...
andrewgauger Posted April 9, 2010 Share Posted April 9, 2010 Id recommend a table to track files. So what you'd do is insert a record into a table like this: id autonum, Original_name varchar(255) Then when you upload a file, insert the name into the table and get the id. Rename the file using the id generated from: http://php.net/manual/en/function.mysql-insert-id.php So, upload a file: "myavatar.jpg" insert myavatar.jpg into the database. get the id with mysql_insert_id. lets say it returns 12345 rename the file 12345.jpg You might also want to separate the extension and filename portions and keep the extension on the renamed file. You really don't need to track the original name, The only time it would come in handy is when something goes wrong and a user says they uploaded their file "myavatar.jpg" and they don't see it--you could do a select where on the table. Link to comment https://forums.phpfreaks.com/topic/198056-file-upload-can-this-be-more-secure/#findComment-1039271 Share on other sites More sharing options...
sean04 Posted April 13, 2010 Author Share Posted April 13, 2010 Thanks for the help! Does anyone know how I would resize images as they get uploaded? I mean it would check the image width and length when there being uploaded and if the the size of the photo is small enough then it doesn't have to be resized, otherwise it will have to be resized. Thanks, Sean Link to comment https://forums.phpfreaks.com/topic/198056-file-upload-can-this-be-more-secure/#findComment-1041135 Share on other sites More sharing options...
andrewgauger Posted April 13, 2010 Share Posted April 13, 2010 http://www.php.net/manual/en/function.getimagesize.php But you are going to have to make sure you php is compiled with the appropriate --with directive. Try to call the function on a known file and see it it says "call to unreferenced function getimagesize() error" you might need to set ini_set('display_errors', 1); Link to comment https://forums.phpfreaks.com/topic/198056-file-upload-can-this-be-more-secure/#findComment-1041144 Share on other sites More sharing options...
the182guy Posted April 13, 2010 Share Posted April 13, 2010 Does anyone know how I would resize images as they get uploaded? There is a thread here asking the same question http://www.phpfreaks.com/forums/index.php/topic,294431.0.html Plus loads of sample scripts online for this. Link to comment https://forums.phpfreaks.com/topic/198056-file-upload-can-this-be-more-secure/#findComment-1041146 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.