homepage Welcome to WebmasterWorld Guest from 54.197.215.146
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Upload pictures with PHP
cfmtravel




msg:4653862
 11:52 pm on Mar 13, 2014 (gmt 0)

I'm planning to give the chance to the users to upload pictures related to some element in my web site.
I want to ask your opinion about the fact that I'm thinking to use the upload class class.upload.php [verot.net...]

I don't want to reinvent something that I think it already works pretty well.

What do you think? Is it enough for a small site? What will happen if I will have more users?
Any consideration? I'm thinking to reduce size and dimension of each pictured upload in order to avoid to use too much space on the server (normal hosting on bluehost).

Any recommendation?

Thanks

 

mack




msg:4654911
 12:21 am on Mar 18, 2014 (gmt 0)

I have used that method in the past and it does work. I am yet to use it on a live site though. There are just so many security issues that you need to be aware of.

You need to make sure all files you allow users to upload. Just because something is an image file, does not mean it is only an image. There are so many ways if placing dangerous code within almost any file.

I am no expert on this, and I am hopeful that someone with more experience will join the thread.

Mack.

omoutop




msg:4655001
 10:19 am on Mar 18, 2014 (gmt 0)

avoid gif files - they are dangerous (php code can be written inside them)
i found that jpg/jpeg/bmp are more secure in that way

pay attention to file names - allow only letters and numbers, avoid spaces and other special characters

limit size is mandatory - users tend to stick their camera/mobile/flash drive on their pc, select image and upload from there.

what will happen if a user deletes an image?
can he rename it? crop it? alter it? watermarked it?
are there unique urls per image?
take into cosideration seo approach on these issues.

for my tastes, i create a folder per user. All of his uploads end there (even the thumbs of his images)

cfmtravel




msg:4655422
 3:56 pm on Mar 19, 2014 (gmt 0)

Thanks guys,

First point definitely not gif images.
Secondo: all the images will be associated to different elements that are store in the database (elements like monuments, museum, religious building and some other type). Each element has a unique 10 chars string that I will use to generate the name of the images that I'm going to save in the server.
Most likely I'll set a 2MB limit and I will resize the image and save an original and a thumb ( the "original" will show up once you click on the thumb through something like lightbox or something like that). The thumb will have a fix length and width according if it is an horizontal or vertical image. The original I'll probably resize if the width and height are too big.
I'll have the control over the pictures that users will publish so I can automatically delete in case the picture is not proper.
What do you think? Any possible issues?

brotherhood of LAN




msg:4655462
 5:52 pm on Mar 19, 2014 (gmt 0)

- Make sure the images have read only permissions once they've been moved to their permanent and publicly accessible location. Basically give it the least amount of permissions and no more.

- Preferably give it your own filename. Something like imagefile.php.apachedoesntknowthisextension can be parsed as PHP. At the very least sanitise/validate the file name.

- Have a look at client side technologies that can help shrink the image before it gets pushed to your server. People don't know that a 50MB file from their camera can be shrunk down to a more sane size with little loss in quality. "Uploadify" is a popular package that can accommodate this.

Howzitza




msg:4655515
 8:15 pm on Mar 19, 2014 (gmt 0)

When I started my world in php I also had the same problem.
Its an endless search to know exactly how to do it.
You will need a script that will upload, resize and rename the images.

I eventually got hold of a script and adapted it to what I need by reverse engineering.
Let me know if you need sample script to do the same... It makes life so much easier!

Scotlanddig




msg:4657182
 7:38 pm on Mar 25, 2014 (gmt 0)

If you use HTML5 you can resize the files using the File API before the upload thereby reducing the load on your hosting server.

See the following url for info:

https://developer.mozilla.org/en-US/docs/Using_files_from_web_applications

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved