mkosmosports Posted October 25, 2007 Share Posted October 25, 2007 Hey, I want to allow users of my site to be able to upload images from other web locations, to my server. Ive never done this before, but Im assuming I cant use the FILES array here and I should pass the file url through POST or GET, then validate it, then save it to the server using fwrite? Is that a correct approach? Can someone give me some advice or point to me to any good tutorials on doing this? Thanks. Quote Link to comment Share on other sites More sharing options...
rajivgonsalves Posted October 25, 2007 Share Posted October 25, 2007 You could try the following code <? $strImage = file_get_contents("http://us.i1.yimg.com/us.yimg.com/i/ww/beta/y3.gif"); file_put_contents("test.gif",$strImage); ?> work well on php 5 on windows you can change the image name according to your need, hope it is helpful Cheer! Rajiv Quote Link to comment Share on other sites More sharing options...
mkosmosports Posted October 27, 2007 Author Share Posted October 27, 2007 Thanks rajivgonsalves, I do plan on downloading the image that way, but Im still having trouble validating the image, I dont want it to be be bigger than 20KB and it has to be either a jpg, gif or png file. Im trying exif_imagetype, but it doesnt want to accept urls. Anyone know of a way to validate images residing on other web locations before downloading them? Thanks. Quote Link to comment Share on other sites More sharing options...
marcus Posted October 27, 2007 Share Posted October 27, 2007 if(filesize($file) > 20480){ echo "File size too big!"; }else { //whatever } Quote Link to comment Share on other sites More sharing options...
d22552000 Posted October 27, 2007 Share Posted October 27, 2007 as far as I know you can use URL's for filesize if (filesize($URL)<20480) { $strImage = file_get_contents($URL); } Quote Link to comment Share on other sites More sharing options...
mkosmosports Posted October 27, 2007 Author Share Posted October 27, 2007 Ive tried that already and get the following error message: Warning: filesize() [function.filesize]: stat failed for http://images.google.ca/intl/en_ALL/images/images_hp.gif in Quote Link to comment Share on other sites More sharing options...
mkosmosports Posted October 27, 2007 Author Share Posted October 27, 2007 Ive found a solution using the get_headers function which works in php 5 and above. $filename = 'http://images.google.ca/intl/en_ALL/images/images_hp.gif'; $headerarr = get_headers($filename, 1); $filesize = $headerarr['Content-Length']; $type = $headerarr['Content-Type']; Quote Link to comment Share on other sites More sharing options...
d22552000 Posted October 27, 2007 Share Posted October 27, 2007 good job there! please click on TOPIC SOLVED at the bottom. Quote Link to comment Share on other sites More sharing options...
mkosmosports Posted October 28, 2007 Author Share Posted October 28, 2007 Hey, Im marking this topic unsolved again as I wanted to know if using get_headers to obtain remote file information is really a safe method? What Im doing is basically allowing users to upload an image from a remote web location which has to be jpeg,gif or png and not larger than 20000 bytes. Now, cant the user uploading the file just choose a file which they know will send fake headers back, so for example a file is 2GB and its mpeg, but it sends back headers saying its only 15000 and its a jpg type file? I heard you can conceal php inside valid imagery even. Am I worried for nothing? If Im not, Is there a way to determined if a remote file is TRULY an image (jpg,png,gif) and is under 20000 bytes? Thanks all! Quote Link to comment Share on other sites More sharing options...
mkosmosports Posted October 28, 2007 Author Share Posted October 28, 2007 *bump bump* I hate to be annoying but Im still struggling with this. Quick recap, I want to allow users to upload images from other web locations to my server. However, they have to be valid gif,jpg or png images and cannot excede 20000 bytes. I've come up with the following test script: $deal_image = trim($_POST['deal_image']); $deal_image_ext = substr($deal_image,-4); $goodimgtypes = array(".gif",".jpg",".png"); if(!in_array($deal_image_ext,$goodimgtypes)) { //only check image url's ending with .png, .gif or .jpg echo 'bad extension'; //invalid image type in url filename exit(); } if (!@get_headers($deal_image,1)) { //only check image url's from which we get http header responses echo 'unable to get headers back, not a valid url'; //unable to get header response back, file is not accessible through http exit(); } $headerarr = get_headers($deal_image, 1); $filesize = $headerarr['Content-Length']; $filetype = $headerarr['Content-Type']; $goodimgtypes = array("image/gif","image/jpg","image/png"); if(!in_array($filetype,$goodimgtypes) || $filesize > 20000) { //only jpg,gif,png and smaller than 20000 bytes echo 'bad filetype or image too big'; //not a valid image type or too big exit(); } $getfile = file_get_contents($deal_image,FALSE,NULL,0,20000); //get 20000 bytes of the image in case fake headers were sent back What I want to do though is make sure the $getfile is indeed a valid/complete image before I put I on my server. Is there a way to do it having the image data inside the $getfile string? Or is this approach just not gonna work? Any advice/input much appreciated! Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.