Jump to content

Archived

This topic is now archived and is closed to further replies.

olsrey

PHP Image Checking??

Recommended Posts

Hey everyone,
Ive got a very big problem with images in html, this is mainly because of the jpg exploit.

I need to know if there is a way of checking to see if an image really is an image or not.

My site has just got hacked due to this as the user was stealing session id's etc and it was down to the use of code inside an image.

So if anyone can help me with this id be very grateful and so will my friend as he got hacked once down to the same thing a while back but he never found out how to stop it.

Oliver

Share this post


Link to post
Share on other sites
You could use getimagesize() which returns the image type in addition to the width and height.

http://www.php.net/getimagesize

Share this post


Link to post
Share on other sites
Just use getimagesize ( $image_file ); it will tell you if it's valid image!

[code]<?

$image_file = './test.jpg';

if ( getimagesize ( $image_file ) !== false )
{
echo 'valid image';
}
else
{
echo 'not a image file';
}

?>[/code]


me!

Share this post


Link to post
Share on other sites
ok cheers for this but will this work for all images including images that arent on my server and also another question would i be able to implement this into a bbcode file and if yes how would i go about doing it :D

Share this post


Link to post
Share on other sites
It will only work on remote files if you have [b]allow_url_fopen = On[/b], in your PHP.INI file. As for the bbcode question, you will have to explain that in more detail!


me!

Share this post


Link to post
Share on other sites
right this is how i convert a bbcode image into html

[code]$bericht = preg_replace("!\\[img\\](.*)\\[/img\\]!Usi","<img src=\"\\1\" border=0>",$bericht);[/code]

and this is inside a function which i call when ever i need it soo for example for user profiles i do this

[code]$content = htmlentities(nl2br($profile['message']));
$content = maakOp($content);[/code]

maakOp is the bbcode function.

i need someway of the function checking the image before actually displaying it and if its a "hacker" image id like it to display an image on my server.

if you need anymore info please so ask

Share this post


Link to post
Share on other sites
Right ive used the getimagesize function but this just makes pages take a very long time to execute what i really need is a function that searches the image headers or something like that but as you can tell i dont really know what im doing lol

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.