Jump to content

File upload issues

sford999

By sford999
in PHP Coding Help

Recommended Posts

sford999 Member

sford999

Posted
Posted
Hi,

I have this function to upload files via an online form, but the problem being is that if someone renames a file from say "nastyscript.php" to nastyscript.jpg" they can upload it and run it from their browser.

How or what can I add to the function to prevent this happening?

[code=php:0]function do_upload()
{
if(!$_COOKIE['username'] && !$_COOKIE['password'])
{
make_header($title = 'Error: You must be logged in to upload files');
echo "<p>Error: Sorry, you must be logged in to upload files.</p>";
make_footer();
exit();
}
else
{
make_header($title = 'Upload Images');
//Set the maximum file size in bytes
$max_file_size = 153600;
// Set the max width in pixels
$max_width = 800;
// Set the max height in pixels
$max_height = 600;
// Set the directory to upload to
$directory_to_upload = UPLOAD_PATH;
$mfs = $max_file_size / 1024;


if(isset($_POST['submit']))
{
// get the time for a random image name
$time = time();
$image_dimensions = getimagesize($_FILES['image_to_upload']['tmp_name']);
$image_height = $image_dimensions[1];
$image_width = $image_dimensions[0];
$errors = array();
if(!$_FILES['image_to_upload']['name'])
{
$errors[] = "You did not select a file to upload.<br />";
}

if(!is_uploaded_file($_FILES['image_to_upload']['tmp_name']))
{
$errors[] = "Error while uploading file.<br />";
make_footer();
exit();
}

if($_FILES['image_to_upload']['size'] > $max_file_size)
{
$errors[] = "Your image size was too big. The maximum filesize is $mfs Kilobytes.<br />";
}
// check the image type, gif or jpg/jpeg is allowed
if(!exif_imagetype($_FILES['image_to_upload']['tmp_name']) == IMAGETYPE_GIF || !exif_imagetype($_FILES['image_to_upload']['tmp_name']) == IMAGETYPE_JPEG || !exif_imagetype($_FILES['image_to_upload']['tmp_name']) == IMAGETYPE_PNG)
{
$errors[] = "Wrong file type, you can only upload .jpg, .gif and .png files.<br />";
}
// check the iamge dimensions
if($image_height > $max_width)
{
$errors[] = "Your image height was too large.<br />";
}

if($image_width > $max_width)
{
$errors[] = "Your image width was too large.<br />";
}
if(count($errors) > 0)
{
echo "Error: ";
foreach($errors as $err)
{
echo $err . "<br />";
make_footer();
exit();
}
}
else
{
$comment = mysql_real_escape_string(htmlspecialchars(addslashes($_POST['comment'])));
$user_id = base64_decode($_COOKIE['user_id']);
$image_url = $directory_to_upload . $user_id . '-' . $time . '-' . $_FILES['image_to_upload']['name'];
$img_id = $user_id . '-' . $time . '-' . $_FILES['image_to_upload']['name'];
if(copy($_FILES['image_to_upload']['tmp_name'], $image_url))
{
db_connect();
$sql = "INSERT INTO images (img_id, user_id, comments, date, auth) VALUES ('$img_id', '$user_id', '$comment', '$time', '0')";
mysql_query($sql) or die(sql_error($error = mysql_error(), $query = $sql, $query = $sql, $url = $_SERVER['REQUEST_URI']));
if(mysql_affected_rows() == 0)
{
echo "Sorry there was an error uploading your image.<br /> An email has been sent to the sites administrator with the full details.";
make_footer();
exit();
}
else
{
echo "Thank you your image was successfully uploaded.<br />";
echo "Pending administrator approval, it will be online shortly.";
make_footer();
exit();
}
}
else
{
echo "Sorry, but there was an error in uploading your image.<br />";
echo "If this error persists, please contact us with details of the error.<br />";
make_footer();
exit();
}
}
}
echo "<form action=\"index.php?p=upload\" method=\"post\" id=\"image_upload\" name=\"image_upload\" enctype=\"multipart/form-data\">
<script language='javascript' type='text/javascript'>
image_upload = function()
{
if( document.getElementById( 'image_to_upload' ).value == '' )
{
alert( 'Error: You must select a file to upload.' );
document.getElementById( 'image_to_upload' ).focus();
document.getElementById( 'image_to_upload' ).select();
return false;
}
else
{
return true;
}
}
document.getElementById( 'image_upload' ).onsubmit = image_upload;
</script>
<table width=\"100%\" border=\"0\" class=\"td\">
  <tr>
    <td colspan=\"2\" class=\"header\"><div align=\"center\" class=\"style6\">Upload an image.</div></td>
  </tr>
  <tr>
    <td width=\"40%\"><div align=\"right\">Browse for image:</div></td>
    <td width=\"60%\"><div align=\"left\"><input name=\"image_to_upload\" id=\"image_to_upload\" type=\"file\" size=\"40\" class=\"textarea\" /></div></td>
  </tr>
  <tr>
    <td width=\"30%\"><div align=\"right\">Add a comment:</div></td>
    <td width=\"70%\"><div align=\"left\">
    <input name=\"comment\" id=\"comment\" type=\"text\" maxlength=\"150\" size=\"40\" class=\"textarea\" onKeyDown=\"textCounter(document.image_upload.comment,document.image_upload.remLen1,150)\" onKeyUp=\"textCounter(document.image_upload.comment,document.image_upload.remLen1,150)\" />
    <input readonly type=\"text\" name=\"remLen1\" size=\"1\" maxlength=\"3\" value=\"150\" class=\"textarea\" />
    </div></td>
  </tr>
  <tr>
    <td colspan=\"2\"><div align=\"center\">The Maximum image size is ".$max_width." x ".$max_height." pixels and ".$mfs."kb in size.</div></td>
  </tr>
  <tr>
    <td colspan=\"2\"><div align=\"center\"><input type=\"submit\" name=\"submit\" id=\"submit\" value=\"Upload Image\" class=\"button\" /></div></td>
  </tr>
</table>
</form>";
make_footer();
}
}
[/code]
Link to comment
https://forums.phpfreaks.com/topic/34666-file-upload-issues/
Share on other sites
Ferenc Newbie

Ferenc

Posted
Posted
http://us2.php.net/manual/en/function.exif-read-data.php

[code]<?php
echo "test1.jpg:<br />\n";
$exif = exif_read_data('tests/test1.jpg', 'IFD0');
echo $exif===false ? "No header data found.<br />\n" : "Image contains headers<br />\n";

$exif = exif_read_data('tests/test2.jpg', 0, true);
echo "test2.jpg:<br />\n";
foreach ($exif as $key => $section) {
  foreach ($section as $name => $val) {
      echo "$key.$name: $val<br />\n";
  }
}
?> [/code]
Link to comment
https://forums.phpfreaks.com/topic/34666-file-upload-issues/#findComment-163394
Share on other sites
sford999 Member

sford999

Posted
  • Author
Posted
[quote author=Ferenc link=topic=122908.msg507513#msg507513 date=1169088791]
http://us2.php.net/manual/en/function.exif-read-data.php

[code]<?php
echo "test1.jpg:<br />\n";
$exif = exif_read_data('tests/test1.jpg', 'IFD0');
echo $exif===false ? "No header data found.<br />\n" : "Image contains headers<br />\n";

$exif = exif_read_data('tests/test2.jpg', 0, true);
echo "test2.jpg:<br />\n";
foreach ($exif as $key => $section) {
  foreach ($section as $name => $val) {
      echo "$key.$name: $val<br />\n";
  }
}
?> [/code]
[/quote]

Not really valid as I`m allowing .gif/ .jpeg/.png files

[quote]exif_read_data() reads the EXIF headers from a JPEG or TIFF image file. This way you can read meta data generated by digital cameras.[/quote]
Link to comment
https://forums.phpfreaks.com/topic/34666-file-upload-issues/#findComment-163542
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.