PHP - Uploading Photos Securely?
I have users becoming members and allowed them to upload their own photos. But when they try to upload 5MB photos, it takes time to upload the photo, and sometimes server gives a timeout error.
I have searched and found javascripts that uploads to the server but I have noticed that it has security problems. So how do you let users to upload photos ? Similar TutorialsDoes anyone know of a good tutorial on uploading a picture file to a folder using php and copying the name to the database in mysql? Resizing photos on upload is helpful also...If you know it works...some I have tried do not work. Not asking for someone to write code for me but info or tutorial would be nice. Or maybe a code that has worked for you that is similar that I could learn from and edit... I can upload the actual photo into the database but it slows it way down. I have heard of loading the name only and resizing the photo and sending the actual photo to a file folder on the server. The few codes I have tried were not successful. Thanks for any guidance. I appreciate it. This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=348558.0 Hello, I am trying to implement a remember me feature on my site, but am having problems doing so securely. I would like the cookies that remember your info to be sent securely over ssl, but the problem is all of my pages are http. I do not want to force everyone to be https because it is not needed. Is there a way to tell php to check for the cookies via ssl even though the page request was http? Thank you! weee Hey, I know this questions get asked a lot but here is a different version of it. What is a simple and secure method for storing data/passwords? I know there is a lot of debate in this subject but I run a browser game off my server and just want the data to be encrypted. is this good enough or is this easy to crack? Code: [Select] <?php $password = 'abcdefg'; $salt = 'whateversecrethash'; $pw_hash = md5($salt.$password); ?> or I just found this tutorial is this up to date and actually a good method? http://webhole.net/2010/10/30/php-password-encryption-with-salt/ HI All, Currently when my users log into my site i store their user level in a session. This allows admins to see more than normal users. I am worried that it would be very easy for someone to amend the session and give themselves admin rights. I am asking for advice on best practice for setting the user level of the logged in user. Where would you suggest i store this information so that only admins see the admin stuff. My navbar has a PHP if test running against $_SESSION['user_level'] and only admins see the admin panal. I have a site where I want another user that has a password fills out a form & it then downloads to my server. I want them to be able to then download that file from my site at the same time the form is submitted. I've tried adding this code to the bottom of the php file that the form points to but it just displays the file on the screen instead of downloading to the user's computer. <?php $file = '/site/downloadfile'; if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); readfile($file); exit; } ?> if I put the same code in a separate file it works perfectly but i don't want to add another file if i can help it. Any help appreciated
I have had a load of people who are silly enought to forget their username and or password so wish to add in the option for them to save their details in a cookie, and break my number one rule, never to use them!!! can anyone suggest how i can do this so it is stored safely like most websites do it. How should I go about keeping track of photos that a user has rated, since I only want the user to rate the photo once? Can I store arrays in a mysql database? thanks, George I have some thousands of photos about nature I ll let visitors/members to see them one by one, but I dont want to show them the same photo again after they visit 1 week later How can I do this ? What I think as a solution is; For members; I can store the ids (like "everest01") of the photos that member has visited , and show user the most visited photos that he/she has not see for next visit. But what I m wondering is, how will I take the photos from DB ? select * from photos WHERE id not in ( $thousandsofvisitedphotoids ) ?? I m stuck here ? For visitors ( not members ) ; I can set a cookie that keeps the ids of visited photos.. when visitor visits the website again, I take the cookie and sent to $thousandsofvisitedphotoids and make a query again ? I m stuck here, How you guys do this ? what's the logic of this ? Hi! I am creating a small project somewhat like a photo gallery as my first practice page. I just would like to know how can I alter photos or file in php. Or should I just do a delete and then upload a new one? Thanks in advance... This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=354562.0 Hi friends, I have two mysql db tables, photos and album, I would like to list photos by album how do i do that ? CREATE TABLE `album` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `album_name` varchar(95) NOT NULL, `album_desc` text NOT NULL, PRIMARY KEY (`id`) ); CREATE TABLE `photos` ( `id` int(11) unsigned NOT NULL AUTO_INCREMENT, `album_id` int(11) NOT NULL, `thumb_name` varchar(255) NOT NULL, `photo_name` varchar(250) NOT NULL, PRIMARY KEY (`id`) ) I have a page for image uploads and I just realized it will only work if a user already has on picture uploaded. If they don't it won't work. The ones that do fail some photos anyway which is probably that they don't pass the image check but when I put echoes in there to trace what happens any user with an empty gallery can't upload a photo because the page says there is no file in the $_FILES['image']['name'] variable. Here are the initial conditions and the form (leaving out the image processing etc since that works): Code: [Select] if (!isset($_SESSION['user'])) die("<br /><br /> You need to log in to view this page"); $user = sanitizeString($_SESSION['user']); $view = sanitizeString($_GET['view']); $dir = './grafik/users/'.$user.'/big/'; $files = scandir($dir); $len = count($files); $nr= $len-1; $maxPhotos = 8; if ($view == $user) { echo "view is user"; if(!file_exists("grafik/users/$user")) { mkdir("grafik/users/$user"); mkdir("grafik/users/$user/big/");} } if (!isset($_FILES['image']['name'])) echo "There is no file <br />$dir - $user - $nr"; if (isset($_FILES['image']['name'])) { echo "<br />...is a file <br />$dir - $user - $nr"; $photoName="$dir$user$nr.jpg"; move_uploaded_file($_FILES['image']['tmp_name'], $photoName); $typeok = TRUE; .... <form method='post' action='gallery.php?view=$user' enctype='multipart/form-data'> Upload another photo: <br /> Max $maxPhotos allowed, max filesize 2Mb <br /> <input type='file' name='image' size='10' /><br /> <input type='submit' value='Upload' /> </form> I can't see why it wouldn't let me but I have a feeling someone here knows why. My photo files are not being displayed in my table? They get sent to the mySQL database, then the server and it does grab all the other variables in the table and displays them, but the .jpg's are not shown, instead theres just the file name?? Code: [Select] <?php error_reporting(E_ALL); ini_set("display_errors", 1); echo '<pre>' . print_r($_FILES, true) . '</pre>'; //This is the directory where images will be saved $target = "/home/users/web/b109/ipg.removalspacecom/images/COMPANIES"; $target = $target . basename( $_FILES['upload']['name']); //This gets all the other information from the form $company_name=$_POST['company_name']; $basicpackage_description=$_POST['basicpackage_description']; $location=$_POST['location']; $postcode=$_POST['postcode']; $upload=($_FILES['upload']['name']); // Connects to your Database mysql_connect("server****", "username***", "password****") or die(mysql_error()) ; mysql_select_db("DB") or die(mysql_error()) ; //Writes the information to the database mysql_query("INSERT INTO `Companies` (company_name, basicpackage_description, location, postcode, upload) VALUES ('$company_name', '$basicpackage_description', '$location', '$postcode', '$upload')") ; echo mysql_error(); //Writes the photo to the server if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". basename( $_FILES['upload']['name']). " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } ?> "upload" is the variable that isnt displaying in my table how i want it to? Have you guys any ideas how to get it displayed correctly? Hello. My website has a photo gallery of thumbnails that is created by reading all photo files in a specified directory. Here is my function that builds the array which is ultimately displayed in the gallery...
<?php function getPhotoFilesArray($photoPath){ /** * Takes path to photo-directory, and returns an array containing photo-filenames. */ // Initialize Array. $photoFiles = array(); // Check for Photo-Directory. if (is_dir($photoPath)){ // Photo-Directory Found. // Open Directory-Handle. $handle = opendir($photoPath); // Open Photo-Directory. if($handle){ // Initialize Key. $i = 1001; // Iterate through Photo-Directory items. while(($file = readdir($handle)) !== FALSE){ // Return next Filename in Directory. // Define fullpath to file/folder. $fullPath = $photoPath . $file; // Populate Array. if(!is_dir($fullPath) && preg_match("#^[^\.].*$#", $file)){ // Not Directory. // Not Hidden File. // Add to array. $photoFiles[$i] = $file; $i++; }//End of POPULATE ARRAY. }//End of ITERATE THROUGH PHOTO-DIRECTORY ITEMS closedir($handle); }//End of OPEN PHOTO-DIRECTORY }else{ // Photo-Directory Not Found. // Redirect to Page-Not-Found. header("Location: " . BASE_URL . "/utilities/page-not-found"); // End script. exit(); }//End of CHECK FOR PHOTO-DIRECTORY return $photoFiles; }//End of getPhotoFilesArray ?>
Everything works fine locally in DEV, but when I uploaded my website (and photos) onto a webserver, the photos are appearing in a backwards order in PROD. This is annoying, because I want the photos displayed chronologically from oldest (first) to newest (last). I'm not sure where the problem is happening, because each photo was taken with my camera and by nature of the camera, photo names are incremented by one, so IMG_001.jpg would have been taken FIRST, followed by IMG_002.jpg, IMG_003.jpg, and so on. How can I fix things so the photos are displayed in the order they were physically taken AND match how things display locally in DEV? Thanks!
I was thinking of a board where you can bookmark the photos from Facebook.
It may require an App and a "Facebook Login" for the website, so one can bookmark photos from Facebook. The website would have additional features for the photos.
I thought of an "Add to ..." function.
Is this possible with the Facebook API?
Edited by glassfish, 07 October 2014 - 02:31 PM. I'm talking like /uploads at the main folder where index.php or index.html goes
These photos theoretically are meant to be publicly viewed anyway so what is bad about that?
Let's say profile pictures.
I mean couldn't anyone scrape facebook and "steal" profile pictures? I don't know why but I'm just wondering.
I am looking at making a photogallery system for an online community based site. I know that we need to have unique id's , photo names and albums. What i am looking for is: Would it be recommended to create a directory for each user once they are registerd? How would you go about naming and sorting photogralleries? How would you go about naming you photos? How would you do it? I was thinking about a uuid kind of code: ( from php.net) Code: [Select] class UUID { public static function v3($namespace, $name) { if(!self::is_valid($namespace)) return false; // Get hexadecimal components of namespace $nhex = str_replace(array('-','{','}'), '', $namespace); // Binary Value $nstr = ''; // Convert Namespace UUID to bits for($i = 0; $i < strlen($nhex); $i+=2) { $nstr .= chr(hexdec($nhex[$i].$nhex[$i+1])); } // Calculate hash value $hash = md5($nstr . $name); return sprintf('%08s-%04s-%04x-%04x-%12s', // 32 bits for "time_low" substr($hash, 0, 8), // 16 bits for "time_mid" substr($hash, 8, 4), // 16 bits for "time_hi_and_version", // four most significant bits holds version number 3 (hexdec(substr($hash, 12, 4)) & 0x0fff) | 0x3000, // 16 bits, 8 bits for "clk_seq_hi_res", // 8 bits for "clk_seq_low", // two most significant bits holds zero and one for variant DCE1.1 (hexdec(substr($hash, 16, 4)) & 0x3fff) | 0x8000, // 48 bits for "node" substr($hash, 20, 12) ); } public static function v4() { return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x', // 32 bits for "time_low" mt_rand(0, 0xffff), mt_rand(0, 0xffff), // 16 bits for "time_mid" mt_rand(0, 0xffff), // 16 bits for "time_hi_and_version", // four most significant bits holds version number 4 mt_rand(0, 0x0fff) | 0x4000, // 16 bits, 8 bits for "clk_seq_hi_res", // 8 bits for "clk_seq_low", // two most significant bits holds zero and one for variant DCE1.1 mt_rand(0, 0x3fff) | 0x8000, // 48 bits for "node" mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff) ); } public static function v5($namespace, $name) { if(!self::is_valid($namespace)) return false; // Get hexadecimal components of namespace $nhex = str_replace(array('-','{','}'), '', $namespace); // Binary Value $nstr = ''; // Convert Namespace UUID to bits for($i = 0; $i < strlen($nhex); $i+=2) { $nstr .= chr(hexdec($nhex[$i].$nhex[$i+1])); } // Calculate hash value $hash = sha1($nstr . $name); return sprintf('%08s-%04s-%04x-%04x-%12s', // 32 bits for "time_low" substr($hash, 0, 8), // 16 bits for "time_mid" substr($hash, 8, 4), // 16 bits for "time_hi_and_version", // four most significant bits holds version number 5 (hexdec(substr($hash, 12, 4)) & 0x0fff) | 0x5000, // 16 bits, 8 bits for "clk_seq_hi_res", // 8 bits for "clk_seq_low", // two most significant bits holds zero and one for variant DCE1.1 (hexdec(substr($hash, 16, 4)) & 0x3fff) | 0x8000, // 48 bits for "node" substr($hash, 20, 12) ); } public static function is_valid($uuid) { return preg_match('/^\{?[0-9a-f]{8}\-?[0-9a-f]{4}\-?[0-9a-f]{4}\-?'. '[0-9a-f]{4}\-?[0-9a-f]{12}\}?$/i', $uuid) === 1; } } // Usage // Named-based UUID. $v3uuid = UUID::v3('1546058f-5a25-4334-85ae-e68f2a44bbaf', 'SomeRandomString'); $v5uuid = UUID::v5('1546058f-5a25-4334-85ae-e68f2a44bbaf', 'SomeRandomString'); // Pseudo-random UUID $v4uuid = UUID::v4(); I need help with my webpage here, how do you get so if you are at http://www.blabla.com/account.php and then click on a photo, it will go to www.blabla.com/photo.php?id=1 but still be at account.php? Just like facebook shows their photos. I dont know how to think nor to get it work. Would appreciate some help! ThNXX 1n 4dv4nc3 // Machram! I have a php page that creates a photo gallery with thumbnails. It is populated by code that reads all photo files from a specified photo directory. This was working fine in DEV, but now that I have uploaded to my test web server, the pictures are in reverse order. Not the end of the world, yet annoying, because they should be in chronological order. Files names are straight off my iPhone (e.g. IMG_2203.jpg, IMG_2204.jpg, IMG_2207.jpg) What is happening, and how can I fix this? Thanks! |