function process_upload(){
global $_FILES;
$retVal = false;
$disallowed_ext = array('.php', '.php3', '.php4', '.shtml', '.pl', '.jsp', '.cgi','.exe');
$file_field = $_FILES['file'];
//detect if there are any uploaded files in $_FILES; return false if not
if($file_field['size'] != 0){
$path_parts = pathinfo($file_field['name']);
$ext = '.' . strtolower($path_parts["extension"]);
if(in_array($ext, $disallowed_ext)){
die("Wrong file type ($ext). Please upload other file types than : " . implode(' ',$disallowed_ext) );
}
$new_name = $file_field['name'];
if(move_uploaded_file($file_field['tmp_name'], "$this->working_dir/$new_name")){
chmod("$this->working_dir/$new_name", 0644);
$retVal[] = $new_name;
}
}
return $retVal;
}
Wednesday, April 16, 2008
Secure file upload
Thumbnail
function thumbnail($maxx, $maxy, $name_in, $name_out){
$size = GetImageSize ($name_in); // params of image
// Check if both sides of image exceed allowable proportions.
if(false && $size[0] < $maxx && $size[1] < $maxy) {
$imgWidth = $size[0];
$imgHeight = $size[1];
$dst_x = $dst_y = 0;
}
else {
// Find the largest side (width/height).
if($size[0] > $size[1]) {
$imgLarge = $size[0];
$imgWidth = $maxx;
// Divide that side by the maximum size allowed.
$aspectRatio = $imgLarge / $maxx;
// Determine size of remaining side (height) using the result above.
$imgHeight = round($size[1] / $aspectRatio);
$dst_x = 0;
$dst_y = abs($maxy - $imgHeight) / 2;
}
else {
$imgLarge = $size[1];
$imgHeight = $maxy;
// Divide that side by the maximum size allowed.
$aspectRatio = $imgLarge / $maxy;
// Determine size of remaining side (width) using the result above.
$imgWidth = round($size[0] / $aspectRatio);
$dst_x = abs($maxx - $imgWidth) / 2;
$dst_y = 0;
}
}
$im=@imagecreatefromjpeg($name_in); // path to your gallery
if (!$im) { /* See if it failed */
$im = imagecreate(150, 30); /* Create a blank image */
$bgc = imagecolorallocate($im, 255, 255, 255);
$tc = imagecolorallocate($im, 0, 0, 0);
imagefilledrectangle($im, 0, 0, 150, 30, $bgc);
/* Output an errmsg */
imagestring($im, 1, 5, 5, "Error loading $imgname", $tc);
return false;
}
$small = imagecreatetruecolor($maxx, $maxy); // new image
$bgColor = imagecolorallocate($small, 255,255,255);
imagefilledrectangle($small, 0, 0, $maxx-1, $maxy-1, $bgColor);
ImageCopyResampled($small, $im, $dst_x, $dst_y, 0, 0, $imgWidth, $imgHeight, $size[0], $size[1]);
// below is main function resampling image
ImageDestroy($im); // free memory
if (ImageJPEG($small,$name_out,100)){
// try to save image
return true;
}else{
return false;
}
}
Thursday, March 13, 2008
Extract file name from URI
$req = $_SERVER['REQUEST_URI'];
function parse_request_uri($req){
$filename = strrchr($req, '/');
if('/' == $filename[0]){
$filename = substr($filename, 1);
}
if(($pos = strpos($filename, '?'))!== false){
$filename = substr($filename, 0, $pos);
}
$parts = pathinfo($filename);
return urldecode(strtolower($parts['filename']));
}
Wednesday, January 09, 2008
Common PHP functions
function parse_input($var_array, $var_name){ if(!isset($var_array[$var_name])) return ''; if(!is_array($var_array[$var_name])){ if (!get_magic_quotes_gpc()) { $retVal = trim(addslashes($var_array[$var_name])); } else { $retVal = trim($var_array[$var_name]); } }else{ if (!get_magic_quotes_gpc()) { foreach ($var_array[$var_name] as $value){ $retVal[] = trim(addslashes($value)); } } else { foreach ($var_array[$var_name] as $value) { $retVal[] = trim($value); } } } return $retVal; } function dprint($var, $message = ''){ if(DEBUG){ echo(" DEBUG : $message\r\n "); if(is_array($var) || is_object($var)){ print_r($var); }else{ echo($var); } echo("\r\n "); } } function sql_date_format($sqldate, $format = 'M j, Y g:i a'){ list($dy,$dm,$dd, $h,$m,$s) = sscanf($sqldate, "%4d-%2d-%2d %2d:%2d:%2d"); $str = date($format, mktime($h, $m, $s, $dm, $dd, $dy)); return $str; }
Subscribe to:
Comments (Atom)