Jump to content

Archived

This topic is now archived and is closed to further replies.

Pezzoni

Problem with image upload validation

Recommended Posts

I've written a script for users to upload images to use as avatars as part of a project I'm working on.
This works absolutely fine on my testing server, but on my live one, it doesn't - allowing users to upload any file type of any size, which is obviously not a good thing.
Can anyone see anything wrong with the below?

[code]    if (isset($_FILES['avatar_img']['name']) && !empty($_FILES['avatar_img']['name'])){

        $filename = $_FILES['avatar_img']['name'];

    } else {

        header("Location: profile.php?action=avatar&error=1&$session");

    }

    //Turn the filename into an array, and check the file is a JPEG
    $file_peices = explode(".", $filename);
    $size = sizeof($file_peices);

    if(($file_peices[$size -1] != 'jpg') && ($file_peices[$size -1] != 'jpeg') && ($file_peices[$size -1] != 'gif') && ($file_peices[$size -1] != 'png')){

        header("Location: profile.php?action=avatar&error=2&$session");

    }

    //If the file is too big, stop script execution.
    if($_FILES['avatar_img']['size'] > $config['av_max_size']) {

        header("Location: profile.php?action=avatar&error=3&$session");

    }

    //Check physical image dimensions
    $img_size = getimagesize($_FILES['avatar_img']['tmp_name']);
    if(($img_size[0] > $config['av_max_dimensions']) || ($img_size[1] > $config['av_max_dimensions'])){

        header("Location: profile.php?action=avatar&error=4&$session");

    }

    $filename_store = md5($filename).'.'.$file_peices[$size -1];

    while(file_exists('images/avatars/'.$filename_store)){

        $filename_store = md5(uniqid(rand(), true)).'.'.$file_peices[$size -1];

    }

    if(move_uploaded_file($_FILES['avatar_img']['tmp_name'], 'images/avatars/'.$filename_store)){

        $sql = 'UPDATE '.USERS_TABLE.'
                    SET user_avatar = "'.$filename_store.'"
                    WHERE user_id = '.$auth->userdata['user_id'];

        $db->db_action($sql);

        header("Location: profile.php?action=avatar&$session");

    }

    else{

        header("Location: profile.php?action=avatar&error=4&$session");

    }[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.