uploading images from other web locations..

[mkosmosports]

Hey,

 

I want to allow users of my site to be able to upload images from other web locations, to my server.

 

Ive never done this before, but Im assuming I cant use the FILES array here and I should pass the file url through POST or GET, then validate it, then save it to the server using fwrite?

 

Is that a correct approach? Can someone give me some advice or point to me to any good tutorials on doing this?

 

Thanks.

[rajivgonsalves]

You could try the following code

 

<?
$strImage = file_get_contents("http://us.i1.yimg.com/us.yimg.com/i/ww/beta/y3.gif");

file_put_contents("test.gif",$strImage);

?>

 

work well on php 5 on windows you can change the image name according to your need, hope it is helpful

 

Cheer!

Rajiv

[mkosmosports]

Thanks rajivgonsalves,

 

I do plan on downloading the image that way, but Im still having trouble validating the image, I dont want it to be be bigger than 20KB and it has to be either a jpg, gif or png file.

 

Im trying exif_imagetype, but it doesnt want to accept urls.

 

Anyone know of a way to validate images residing on other web locations before downloading them?

 

Thanks.

[marcus]

if(filesize($file) > 20480){
echo "File size too big!";
}else {
//whatever
}

[d22552000]

as far as I know you can use URL's for filesize

 

if (filesize($URL)<20480) {

$strImage = file_get_contents($URL);

}

[mkosmosports]

Ive tried that already and get the following error message:

 

Warning: filesize() [function.filesize]: stat failed for http://images.google.ca/intl/en_ALL/images/images_hp.gif in

 

[mkosmosports]

Ive found a solution using the get_headers function which works in php 5 and above.

 

$filename = 'http://images.google.ca/intl/en_ALL/images/images_hp.gif';
$headerarr = get_headers($filename, 1);       
           
$filesize = $headerarr['Content-Length'];
$type = $headerarr['Content-Type'];

[d22552000]

good job there!  please click on TOPIC SOLVED at the bottom.

[mkosmosports]

Hey,

 

Im marking this topic unsolved again as I wanted to know if using get_headers to obtain remote file information is really a safe method?

 

What Im doing is basically allowing users to upload an image from a remote web location which has to be jpeg,gif or png and not larger than 20000 bytes.

 

Now, cant the user uploading the file just choose a file which they know will send fake headers back, so for example a file is 2GB and its mpeg, but it sends back headers saying its only 15000 and its a jpg type file?

 

I heard you can conceal php inside valid imagery even. Am I worried for nothing? If Im not, Is there a way to determined if a remote file is TRULY an image (jpg,png,gif) and is under 20000 bytes?

 

Thanks all!

[mkosmosports]

*bump bump*

 

I hate to be annoying but Im still struggling with this. Quick recap, I want to allow users to upload images from other web locations to my server. However, they have to be valid gif,jpg or png images and cannot excede 20000 bytes.

 

I've come up with the following test script:

 

$deal_image = trim($_POST['deal_image']);
$deal_image_ext = substr($deal_image,-4);

$goodimgtypes = array(".gif",".jpg",".png");
if(!in_array($deal_image_ext,$goodimgtypes)) {	//only check image url's ending with .png, .gif or .jpg
echo 'bad extension';	//invalid image type in url filename
exit();
}	
if (!@get_headers($deal_image,1)) {	//only check image url's from which we get http header responses
echo 'unable to get headers back, not a valid url';	//unable to get header response back, file is not accessible through http	
exit();
}
$headerarr = get_headers($deal_image, 1);
$filesize = $headerarr['Content-Length'];
$filetype = $headerarr['Content-Type'];
$goodimgtypes = array("image/gif","image/jpg","image/png");
if(!in_array($filetype,$goodimgtypes) || $filesize > 20000) {	//only jpg,gif,png and smaller than 20000 bytes
echo 'bad filetype or image too big';	//not a valid image type or too big
exit();
}
$getfile = file_get_contents($deal_image,FALSE,NULL,0,20000);	//get 20000 bytes of the image in case fake headers were sent back

 

What I want to do though is make sure the $getfile is indeed a valid/complete image before I put I on my server. Is there a way to do it having the image data inside the $getfile string?

 

Or is this approach just not gonna work?

 

Any advice/input much appreciated!

Thanks.