Jump to content


Photo

Problem with image upload validation


  • Please log in to reply
1 reply to this topic

#1 Pezzoni

Pezzoni
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 26 February 2006 - 04:40 PM

I've written a script for users to upload images to use as avatars as part of a project I'm working on.
This works absolutely fine on my testing server, but on my live one, it doesn't - allowing users to upload any file type of any size, which is obviously not a good thing.
Can anyone see anything wrong with the below?

    if (isset($_FILES['avatar_img']['name']) && !empty($_FILES['avatar_img']['name'])){

        $filename = $_FILES['avatar_img']['name'];

    } else {

        header("Location: profile.php?action=avatar&error=1&$session");

    }

    //Turn the filename into an array, and check the file is a JPEG
    $file_peices = explode(".", $filename);
    $size = sizeof($file_peices);

    if(($file_peices[$size -1] != 'jpg') && ($file_peices[$size -1] != 'jpeg') && ($file_peices[$size -1] != 'gif') && ($file_peices[$size -1] != 'png')){

        header("Location: profile.php?action=avatar&error=2&$session");

    }

    //If the file is too big, stop script execution.
    if($_FILES['avatar_img']['size'] > $config['av_max_size']) {

        header("Location: profile.php?action=avatar&error=3&$session");

    }

    //Check physical image dimensions
    $img_size = getimagesize($_FILES['avatar_img']['tmp_name']);
    if(($img_size[0] > $config['av_max_dimensions']) || ($img_size[1] > $config['av_max_dimensions'])){

        header("Location: profile.php?action=avatar&error=4&$session");

    }

    $filename_store = md5($filename).'.'.$file_peices[$size -1];

    while(file_exists('images/avatars/'.$filename_store)){

        $filename_store = md5(uniqid(rand(), true)).'.'.$file_peices[$size -1];

    }

    if(move_uploaded_file($_FILES['avatar_img']['tmp_name'], 'images/avatars/'.$filename_store)){

        $sql = 'UPDATE '.USERS_TABLE.'
                    SET user_avatar = "'.$filename_store.'"
                    WHERE user_id = '.$auth->userdata['user_id'];

        $db->db_action($sql);

        header("Location: profile.php?action=avatar&$session");

    }

    else{

        header("Location: profile.php?action=avatar&error=4&$session");

    }


#2 Pezzoni

Pezzoni
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 27 February 2006 - 10:09 PM

Anyone got any ideas on this one?

Thanks again.

Dan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users