Wednesday, April 16, 2008

Secure file upload 


function process_upload(){
 global $_FILES;
 $retVal = false;
 $disallowed_ext = array('.php', '.php3', '.php4', '.shtml', '.pl', '.jsp', '.cgi','.exe');
 $file_field = $_FILES['file'];

 //detect if there are any uploaded files in $_FILES; return false if not
 if($file_field['size'] != 0){
  $path_parts = pathinfo($file_field['name']);
  $ext = '.' . strtolower($path_parts["extension"]);
  if(in_array($ext, $disallowed_ext)){
   die("Wrong file type ($ext). Please upload other file types than : " . implode(' ',$disallowed_ext) );
  }

  $new_name = $file_field['name'];
  if(move_uploaded_file($file_field['tmp_name'], "$this->working_dir/$new_name")){
   chmod("$this->working_dir/$new_name", 0644);
   $retVal[] = $new_name;
  }

 }
 return $retVal;
}
Posted by at No comments:

Thumbnail 


function thumbnail($maxx, $maxy, $name_in, $name_out){
 $size = GetImageSize ($name_in);        // params of image

 // Check if both sides of image exceed allowable proportions.
 if(false && $size[0] < $maxx && $size[1] < $maxy) {
  $imgWidth  = $size[0];
  $imgHeight = $size[1];
  $dst_x = $dst_y = 0;
 }
 else {
  // Find the largest side (width/height).
  if($size[0] > $size[1]) {
   $imgLarge = $size[0];
   $imgWidth = $maxx;

   // Divide that side by the maximum size allowed.
   $aspectRatio = $imgLarge / $maxx;

   // Determine size of remaining side (height) using the result above.
   $imgHeight = round($size[1] / $aspectRatio);
   $dst_x = 0;
   $dst_y = abs($maxy - $imgHeight) / 2;
  }
  else {
   $imgLarge  = $size[1];
   $imgHeight = $maxy;

   // Divide that side by the maximum size allowed.
   $aspectRatio = $imgLarge / $maxy;

   // Determine size of remaining side (width) using the result above.
   $imgWidth = round($size[0] / $aspectRatio);
   $dst_x = abs($maxx - $imgWidth) / 2;
   $dst_y = 0;
  }
 }

 $im=@imagecreatefromjpeg($name_in);                // path to your gallery
 if (!$im) { /* See if it failed */
  $im  = imagecreate(150, 30); /* Create a blank image */
  $bgc = imagecolorallocate($im, 255, 255, 255);
  $tc  = imagecolorallocate($im, 0, 0, 0);
  imagefilledrectangle($im, 0, 0, 150, 30, $bgc);
  /* Output an errmsg */
  imagestring($im, 1, 5, 5, "Error loading $imgname", $tc);
  return false;
 }

 $small = imagecreatetruecolor($maxx, $maxy);    // new image
 $bgColor = imagecolorallocate($small, 255,255,255);
 imagefilledrectangle($small, 0, 0, $maxx-1, $maxy-1, $bgColor);

 ImageCopyResampled($small, $im, $dst_x, $dst_y, 0, 0, $imgWidth, $imgHeight, $size[0], $size[1]);
 // below is main function resampling image
 ImageDestroy($im);                        // free memory
 if (ImageJPEG($small,$name_out,100)){
  // try to save image
  return true;
 }else{
  return false;
 }
}
Posted by at No comments:
Subscribe to: Comments (Atom)