Users uploading image files to my server question

Forum Moderators: phranque

Message Too Old, No Replies

Users uploading image files to my server question

Patrick Taylor

12:43 am on Jul 8, 2003 (gmt 0)

I hope this is the right forum for this question. I want to build a web page where visitors can upload .jpg files to my server (I will then present the images on my site with links etc - that's not a problem). I've looked at downloadable programs like Photopost and don't fancy that approach. I would rather build the HTML page myself perhaps with a pre-written php script or something like that. I realize that security is an issue. Can anyone point me in the right direction... an online tutorial maybe?

txbakers

6:08 pm on Jul 8, 2003 (gmt 0)

This isn't a difficult problem. You can create a simple web page with a form element called "file" which would accept a file as an input parameter, then can be sent to you either as an email attachment, or an FTP to a dedicated directory on your server.

There are many free scripts to do this, check them out at a place like cgi-resources.com

denisl

9:13 pm on Jul 9, 2003 (gmt 0)

Search the web for php scripts and you will find a number of scripts that will do this.
The script can easily check for the jpg extension but you need more protection that as some people will unknowingly or knowingly simply change the extension. The script wll need to check that the file is an image file before moving it from a temp location to the final location.

You will also be able to limit the files size and image dimensions in the script, displaying an error message if these are not complied with.

The HTML form can also limit the file size of the uploaded file but does not enable ou you to dislay an error message

mole

9:20 pm on Jul 9, 2003 (gmt 0)

make sure you remove all EXECUTE permissions from the directory they're uploading too. Otherwise you'd be leaving yourself wide open to the possibility of someone uploading a malicious script or program, and then running it.

Patrick Taylor

10:59 pm on Jul 9, 2003 (gmt 0)

Thanks for the replies. This is helpful.

ksponline

1:09 am on Jul 11, 2003 (gmt 0)

Hi,

Re: removing all execute permissions. After reading this, I checked the permissions on the directory that I have image uploads going to. I changed it so that there were no execute permissions (except for owner), but then it wouldn't allow me to upload anything so I had to change it back. Why is that?

Also, I recently found a nice php fileupload script on hotscripts.com. Unfortunately after I tried it to see how it was, I couldn't remember exactly which one it was I downloaded and there's not identifying info in it. But there were several there that sounded good. Hopefully I'll be able to find out which one it was I downloaded so that I can rate it.

Thanks.

[edited by: DaveAtIFG at 1:21 am (utc) on July 11, 2003]
[edit reason] DeLinked URL [/edit]