Jump to content

Recommended Posts

Hi, ive recently created a gallery website and im happy with the way everything currently works. However the main drawback is the site uploads using a html webfom which is great for remote users or the odd image.

 

However, as i want to mass upload my existing collection i will need the ability to read a selected folder and then to carry out all the same processes that existed from the existing html form upload.

 

Im also using gdlibrary and checking file types to ensure they are within my allowed list, but im wondering if there are any other common security alerts i should be aware of to keep things a little bit safer if/when i publish outside of my LAN.

 

So in a nut shell i need some assistance with changing my upload process to work for more than one file at a time, ideally by reading a folder, or at least reading X amount of files at a time - processing them then moving onto next batch of files in the list.  Then the next part i need help with is checking/improving basic security of the system

Something I wrote a long time ago, it won't list the file itself if it is called index.html.

Still, this might help you and give you an idea what to do! or? just ask!

 

I would also recommend checking if the person is logged in or whatever before allowing somebody to upload stuff to your server, but since it's local... perhaps okay.

 

Also, I would recommend just setting up an ftp server instead and writing a php script for viewing the pictures as they get uploaded. If you mess around with this code a bit, you will probably figure out how to do that too. (to set up an ftp server, I'd say filezille is quite easy). I used this code when I went to school, because they blocked all other ports than 80 and 443.

 

<?php
echo '<table><form enctype="multipart/form-data" action="" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="5000000" />
<tr>
	<td><input name="userfile" type="file" /></td>
	<td><input type="submit" value="Upload" /></td>
</tr>
</form></table>';
if ($_FILES) {
if (move_uploaded_file($_FILES['userfile']['tmp_name'], basename($_FILES['userfile']['name']))) {
	echo 'You successfully uploaded the file: '.$_FILES['userfile']['name'].'!';
} else {
	echo 'ERROR';
}
}
echo '<br />
<p>Download files:';
if ($handle = opendir('.')) {
while (false !== ($file = readdir($handle))) {
	if ($file != '.' && $file != '..' && $file != 'index.html') {
		echo '<br />
<a href="'.$file.'">'.$file.'</a>';
	}
}
closedir($handle);
}
echo '</p>';
?>

Just by way of how HTML forms work, they will not allow multiple files to be uploaded at one time. That is just the HTML specs. The only way to get around it is to use a Flash based uploader (thats what Gmail uses) or something similar.

 

I just implemented a multiple file upload using a jquery based script found at http://valums.com/ajax-upload/

 

It works great and does not rely on flash.

yeah, or just compress it into an archive. Much more efficient.

Again, I would recommend ftp!

 

Yeah, those are both better options if the end users are knowledgeable of these things. But the last project I completed which I implemented the mentioned upload script, the user is not savvy enough to zip files up and upload that single zip file nor do they have any idea what FTP is, how to use it or care to learn.

 

I attempted to do a zip file upload script before and had trouble getting the individual file names. That was on PHP 4, I know that PHP 5 has some better zip handling functions.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.