Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

world writeable

Status
Not open for further replies.
neroX

neroX

Programmer
Oct 31, 2000
3
MY
if i disable this, i cannot upload any image from out side.

but if i don't disable this it would be a security risk because someone can plant bot in this site.

so how can i enable outsite image to download without compromise its security.
any suggestion or may be coding.
 
Sort by date Sort by votes
Heres some code I use, this checks to see that an image has been uploaded and if it isn't an image it gets deleted from the server. - you may want to use the check for filetype on the uploaded file after it has been copied too, but mostly this should get you started.
*note : theres alot of additional crap in here but basically it will help you to see exactly what is happening throughout the upload.
------------
upload.html
########################################################
<html>
<head>
<title>piccy upload</title>
<meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=iso-8859-1&quot;>
</head>
<body>
<form enctype=&quot;multipart/form-data&quot; action=&quot;uploaded.php&quot; method=&quot;post&quot;>
<table width=&quot;100%&quot; border=&quot;0&quot; cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; align=&quot;center&quot;>
<tr>
<td>
<div align=&quot;center&quot;>
<input type=&quot;hidden&quot; name=&quot;MAX_FILE_SIZE&quot; value=&quot;100000&quot;>
<input name=&quot;userfile&quot; type=&quot;file&quot;>
<input type=&quot;submit&quot; value=&quot;Send File&quot; name=&quot;submit&quot;>
</div>
</td>
</tr>
</table>
</form>
</body>
</html>
##########################################################
------------
uploaded.php
##########################################################
<?php

if (is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])) {

echo &quot;Temp name: $userfile <br>Name: $userfile_name <br>Size: $userfile_size<br> type: $userfile_type <br>&quot;;

if ($userfile_name != &quot;.&quot; && $userfile_name != &quot;..&quot; && (ereg(&quot;\\.gif\$&quot;,$userfile_name) || ereg(&quot;\\.jpg\$&quot;,$userfile_name))) {

echo &quot;File: [$userfile_name] is an image&quot;;
echo &quot;<hr>&quot;;
copy($userfile, &quot;../uploaded/$userfile_name&quot;);
Echo &quot;<img src=../uploaded/$userfile_name>&quot;;
unlink($userfile);
}else{

echo &quot;$userfile is not an image<br>&quot;;
if (file_exists($userfile)) {
unlink(&quot;$userfile&quot;);
echo &quot;File: $userfile DELETED!&quot;;
}
}

}else {

echo &quot;No file uploaded!&quot;;
}

?> ***************************************
Party on, dudes!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Smoothas
  • Locked
  • Question
Display World Wide Web Consortium time/date in XML file 1
Replies
12
Views
93
Smoothas
Smoothas
brogan
  • Locked
  • Question
time delay before print &quot;hello world&quot;!!! 1
Replies
12
Views
50
ingresman
ingresman
Apollo6
  • Locked
  • Question
Did the 'Hello World!' script, now what?
Replies
5
Views
42
martinb7
martinb7
Whispers
  • Locked
  • Question
Create a readable/writeable file.
Replies
1
Views
28
gerrygerry
gerrygerry

Part and Inventory Search

Sponsor

Back
Top