Jump to content


Photo

PHP Image Checking??


  • Please log in to reply
6 replies to this topic

#1 olsrey

olsrey
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 08 October 2006 - 10:51 PM

Hey everyone,
Ive got a very big problem with images in html, this is mainly because of the jpg exploit.

I need to know if there is a way of checking to see if an image really is an image or not.

My site has just got hacked due to this as the user was stealing session id's etc and it was down to the use of code inside an image.

So if anyone can help me with this id be very grateful and so will my friend as he got hacked once down to the same thing a while back but he never found out how to stop it.

Oliver



#2 Barand

Barand
  • Moderators
  • Sen . ( ile || sei )
  • 18,021 posts

Posted 08 October 2006 - 11:19 PM

You could use getimagesize() which returns the image type in addition to the width and height.

http://www.php.net/getimagesize
If you are still using mysql_ functions, STOP! Use mysqli_ or PDO. The longer you leave it the more you will have to rewrite.

Donations gratefully received






moon.png

|baaGrid| easy data tables - and more
|baaChart| easy line, column and pie charts

#3 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 08 October 2006 - 11:20 PM

Just use getimagesize ( $image_file ); it will tell you if it's valid image!

<?

$image_file = './test.jpg';

if ( getimagesize ( $image_file ) !== false )
{
	echo 'valid image';
}
else
{
	echo 'not a image file';
}

?>


me!

#4 olsrey

olsrey
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 08 October 2006 - 11:24 PM

ok cheers for this but will this work for all images including images that arent on my server and also another question would i be able to implement this into a bbcode file and if yes how would i go about doing it :D



#5 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 08 October 2006 - 11:27 PM

It will only work on remote files if you have allow_url_fopen = On, in your PHP.INI file. As for the bbcode question, you will have to explain that in more detail!


me!

#6 olsrey

olsrey
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 08 October 2006 - 11:32 PM

right this is how i convert a bbcode image into html

$bericht = preg_replace("!\\[img\\](.*)\\[/img\\]!Usi","<img src=\"\\1\" border=0>",$bericht);

and this is inside a function which i call when ever i need it soo for example for user profiles i do this

$content = htmlentities(nl2br($profile['message']));
$content = maakOp($content);

maakOp is the bbcode function.

i need someway of the function checking the image before actually displaying it and if its a "hacker" image id like it to display an image on my server.

if you need anymore info please so ask



#7 olsrey

olsrey
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 09 October 2006 - 10:31 PM

Right ive used the getimagesize function but this just makes pages take a very long time to execute what i really need is a function that searches the image headers or something like that but as you can tell i dont really know what im doing lol






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users