olsrey Posted October 8, 2006 Share Posted October 8, 2006 Hey everyone,Ive got a very big problem with images in html, this is mainly because of the jpg exploit.I need to know if there is a way of checking to see if an image really is an image or not.My site has just got hacked due to this as the user was stealing session id's etc and it was down to the use of code inside an image.So if anyone can help me with this id be very grateful and so will my friend as he got hacked once down to the same thing a while back but he never found out how to stop it.Oliver Quote Link to comment Share on other sites More sharing options...
Barand Posted October 8, 2006 Share Posted October 8, 2006 You could use getimagesize() which returns the image type in addition to the width and height.http://www.php.net/getimagesize Quote Link to comment Share on other sites More sharing options...
printf Posted October 8, 2006 Share Posted October 8, 2006 Just use getimagesize ( $image_file ); it will tell you if it's valid image![code]<?$image_file = './test.jpg';if ( getimagesize ( $image_file ) !== false ){ echo 'valid image';}else{ echo 'not a image file';}?>[/code]me! Quote Link to comment Share on other sites More sharing options...
olsrey Posted October 8, 2006 Author Share Posted October 8, 2006 ok cheers for this but will this work for all images including images that arent on my server and also another question would i be able to implement this into a bbcode file and if yes how would i go about doing it :D Quote Link to comment Share on other sites More sharing options...
printf Posted October 8, 2006 Share Posted October 8, 2006 It will only work on remote files if you have [b]allow_url_fopen = On[/b], in your PHP.INI file. As for the bbcode question, you will have to explain that in more detail!me! Quote Link to comment Share on other sites More sharing options...
olsrey Posted October 8, 2006 Author Share Posted October 8, 2006 right this is how i convert a bbcode image into html[code]$bericht = preg_replace("!\\[img\\](.*)\\[/img\\]!Usi","<img src=\"\\1\" border=0>",$bericht);[/code]and this is inside a function which i call when ever i need it soo for example for user profiles i do this [code]$content = htmlentities(nl2br($profile['message']));$content = maakOp($content);[/code]maakOp is the bbcode function.i need someway of the function checking the image before actually displaying it and if its a "hacker" image id like it to display an image on my server.if you need anymore info please so ask Quote Link to comment Share on other sites More sharing options...
olsrey Posted October 9, 2006 Author Share Posted October 9, 2006 Right ive used the getimagesize function but this just makes pages take a very long time to execute what i really need is a function that searches the image headers or something like that but as you can tell i dont really know what im doing lol Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.