therob1 Posted December 10, 2010 Share Posted December 10, 2010 Hi, ive recently created a gallery website and im happy with the way everything currently works. However the main drawback is the site uploads using a html webfom which is great for remote users or the odd image. However, as i want to mass upload my existing collection i will need the ability to read a selected folder and then to carry out all the same processes that existed from the existing html form upload. Im also using gdlibrary and checking file types to ensure they are within my allowed list, but im wondering if there are any other common security alerts i should be aware of to keep things a little bit safer if/when i publish outside of my LAN. So in a nut shell i need some assistance with changing my upload process to work for more than one file at a time, ideally by reading a folder, or at least reading X amount of files at a time - processing them then moving onto next batch of files in the list. Then the next part i need help with is checking/improving basic security of the system Quote Link to comment Share on other sites More sharing options...
MMDE Posted December 10, 2010 Share Posted December 10, 2010 Something I wrote a long time ago, it won't list the file itself if it is called index.html. Still, this might help you and give you an idea what to do! or? just ask! I would also recommend checking if the person is logged in or whatever before allowing somebody to upload stuff to your server, but since it's local... perhaps okay. Also, I would recommend just setting up an ftp server instead and writing a php script for viewing the pictures as they get uploaded. If you mess around with this code a bit, you will probably figure out how to do that too. (to set up an ftp server, I'd say filezille is quite easy). I used this code when I went to school, because they blocked all other ports than 80 and 443. <?php echo '<table><form enctype="multipart/form-data" action="" method="post"> <input type="hidden" name="MAX_FILE_SIZE" value="5000000" /> <tr> <td><input name="userfile" type="file" /></td> <td><input type="submit" value="Upload" /></td> </tr> </form></table>'; if ($_FILES) { if (move_uploaded_file($_FILES['userfile']['tmp_name'], basename($_FILES['userfile']['name']))) { echo 'You successfully uploaded the file: '.$_FILES['userfile']['name'].'!'; } else { echo 'ERROR'; } } echo '<br /> <p>Download files:'; if ($handle = opendir('.')) { while (false !== ($file = readdir($handle))) { if ($file != '.' && $file != '..' && $file != 'index.html') { echo '<br /> <a href="'.$file.'">'.$file.'</a>'; } } closedir($handle); } echo '</p>'; ?> Quote Link to comment Share on other sites More sharing options...
chronister Posted December 11, 2010 Share Posted December 11, 2010 Just by way of how HTML forms work, they will not allow multiple files to be uploaded at one time. That is just the HTML specs. The only way to get around it is to use a Flash based uploader (thats what Gmail uses) or something similar. I just implemented a multiple file upload using a jquery based script found at http://valums.com/ajax-upload/ It works great and does not rely on flash. Quote Link to comment Share on other sites More sharing options...
MMDE Posted December 11, 2010 Share Posted December 11, 2010 yeah, or just compress it into an archive. Much more efficient. Again, I would recommend ftp! Quote Link to comment Share on other sites More sharing options...
chronister Posted December 11, 2010 Share Posted December 11, 2010 yeah, or just compress it into an archive. Much more efficient. Again, I would recommend ftp! Yeah, those are both better options if the end users are knowledgeable of these things. But the last project I completed which I implemented the mentioned upload script, the user is not savvy enough to zip files up and upload that single zip file nor do they have any idea what FTP is, how to use it or care to learn. I attempted to do a zip file upload script before and had trouble getting the individual file names. That was on PHP 4, I know that PHP 5 has some better zip handling functions. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.