|
PHP - Php Trick For Image Upload Virus And All That On A Shared Host.
Hi all i was wondering if someone knows a way to make sure an image which is uploaded isn't infected by a virus.
I have read about avclam, but if your on a shared host your mostly not allowed to add own software. Isn't there maybe a php trick to resize the image which would magically remove a virus? If anyone knows a nice way or tricks to limit the virus breating space to a certain folder please let me know. Similar TutorialsHi,
I would like to ask if someone knows a trick to know if the script is running on a shared hosting or a vps or a dedicated server.
Regards
I am on a shared hosting server running CentOS. I have copied a PHP extension (imagick.so) that was built on similar server to my shared hosting server. I have resolved most of the dependencies by placing the missing files in ~/lib but I have one that I can't figure out how to cope with. I am getting the following error: There's this really old website called http://ipolygraph.com/google/ Basically it mimics the Google homepage (as you can see it's been a while since they've updated) but the idea is really simple but clever. If you go to the search box and type cars (or whatever) and click search, it searches Google for "cars". However if you type something like /php manual/ you'll notice it changes what you're searching to "What is...etc etc". The idea is say you tell your friend you're on Google and you ask them to think of a card, if you type /4c/ is bob thinking of? it'll look as if you're typing "What is Bob thinking of?", when you hit search it'll be the 4 of clubs. Is there any way to make something similar to this? The idea came to me after I learned about the file_get_contents command in PHP. How can i edit just one image at on time with a multiple image upload form? I have the images being stored in a folder and the path being stored in MySQL. I also have the files being uploaded with a unique id. My issue is that I want to be able to pass the values of what is already in $name2 $name3 $name4 if I only want to edit $name1. I don't want to have to manually update the 4 images. Here is the PHP: Code: [Select] <?php require_once('storescripts/connect.php'); mysql_select_db($database_phpimage,$phpimage); $uploadDir = 'upload/'; if(isset($_POST['upload'])) { foreach ($_FILES as $file) { $fileName = $file['name']; $tmpName = $file['tmp_name']; $fileSize = $file['size']; $fileType = $file['type']; if ($fileName != ""){ $filePath = $uploadDir; $fileName = str_replace(" ", "_", $fileName); //Split the name into the base name and extension $pathInfo = pathinfo($fileName); $fileName_base = $pathInfo['fileName']; $fileName_ext = $pathInfo['extension']; //now we re-assemble the file name, sticking the output of uniqid into it //and keep doing this in a loop until we generate a name that //does not already exist (most likely we will get that first try) do { $fileName = $fileName_base . uniqid() . '.' . $fileName_ext; } while (file_exists($filePath.$fileName)); $file_names [] = $fileName; $result = move_uploaded_file($tmpName, $filePath.$fileName); } if(!get_magic_quotes_gpc()) { $fileName = addslashes($fileName); $filePath = addslashes($filePath); } $fileinsert[] = $filePath; } } $mid = mysql_real_escape_string(trim($_POST['mid'])); $cat = mysql_real_escape_string(trim($_POST['cat'])); $item = mysql_real_escape_string(trim($_POST['item'])); $price = mysql_real_escape_string(trim($_POST['price'])); $about = mysql_real_escape_string(trim($_POST['about'])); $fields = array(); $values = array(); $updateVals = array(); for($i = 0; $i < 4; $i++) { $values[$i] = isset($file_names[$i]) ? mysql_real_escape_string($file_names[$i]) : ''; if($values[$i] != '') { $updateVals[] = 'name' . ($i + 1) . " = '{$values[$i]}'"; } } $updateNames = ''; if(count($updateVals)) { $updateNames = ", " . implode(', ', $updateVals); } $update = "INSERT INTO image (mid, cid, item, price, about, name1, name2, name3, name4) VALUES ('$mid', '$cat', '$item', '$price', '$about', '$values[0]', '$values[1]', '$values[2]', '$values[3]') ON DUPLICATE KEY UPDATE cid = '$cat', item = '$item', price = '$price', about = '$about' $updateNames"; $result = mysql_query($update) or die (mysql_error()); Hello I am having problems uploading an image through a HTML form. I want the image to be uploaded to the server and the image name to be written to the mysql database. Below is the code I am using: Code: [Select] <?php if (isset($_POST['add'])){ echo "<br /> add value is true"; $name = $_POST['name']; $description = $_POST['description']; $price = $_POST['price']; $category_id = $_POST['category_name']; $image = $_FILES['image']['name']; //file path of the image upload $filepath = "../images/"; //mew name for the image upload $newimagename = $name; //new width for the image $newwidth = 100; //new height for the image $newheight = 100; include('../includes/image-upload.php'); mysql_query("INSERT INTO item (item_name, item_description, item_price, item_image) VALUES ('$name','$description','$price','$image')"); ?> Here is the image-upload.php file code: Code: [Select] <?php //assigns the file to the image $image =$_FILES["image"]["name"]; $uploadedfile =$_FILES["image"]["tmp_name"]; if ($image) { //retrieves the extension type from image upload $extension = getextension($image); //converts extension to lowercase $extension = strtolower($extension); //create image from uploaded file type if($extension=="jpg" || $extension=="jpeg") { $uploadedfile = $_FILES['image']['tmp_name']; $src = imagecreatefromjpeg($uploadedfile); }else if($extension=="png") { $uploadedfile = $_FILES['image']['tmp_name']; $src = imagecreatefrompng($uploadedfile); }else{ $src = imagecreatefromgif($uploadedfile); } //creates a list of the width and height of the image list($width,$height)=getimagesize($uploadedfile); //adds color to the image $tmp = imagecreatetruecolor($newwidth,$newheight); //create image imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height); //set file name $filename = $filepath.$newimagename.".".$extension; $imagename = $newimagename.".".$extension; //uploads new file with name to the chosen directory imagejpeg($tmp,$filename,100); //empty variables imagedestroy($src); imagedestroy($tmp); } ?> Any help would be appreciated, fairly new to all this! Thanks!!! hello friends, while clicking the form all the information goes to database, I have one image upload field, when cliking the submit button, i would like 'image name' to go in database and file to go in /upload folder, i have tried this for hours and gave up, if anyone help me in this, i would be very greatful I have a working image upload script that uploads, renames the file and adds filename to the database. is it possible to include some sort of image resize code? if so can anyone point me in the right direction or better still show some example code and explain how it works etc. below is my working code: Code: [Select] <?php $rand = mt_rand(1,9999999); $member_id = $_SESSION['SESS_MEMBER_ID']; $caption = $_POST["caption"]; if(isset($_FILES['uploaded']['name'])) { $allowed_filetypes = array('.jpg','.gif','.bmp','.png','.jpeg'); $max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB) $fileName = basename($_FILES['uploaded']['name']); $errors = array(); $target = "gallery/"; $fileBaseName = substr($fileName, 0, strripos($fileName, '.')); // Get the extension from the filename. $ext = substr($fileName, strpos($fileName,'.'), strlen($fileName)-1); //$newFileName = md5($fileBaseName) . $ext; $newFileName = $target . $rand . "_" . $member_id.$ext; // Check if filename already exists if(file_exists("gallery/" . $newFileName)) { $errors[] = "The file you attempted to upload already exists, please try again."; } // Check if the filetype is allowed. if(!in_array($ext,$allowed_filetypes)) { $errors[] = "The file you attempted to upload is not allowed."; } // Now check the filesize. if(!filesize($_FILES['uploaded']['tmp_name']) > $max_filesize) { $errors[] = "The file you attempted to upload is too large."; } // Check if we can upload to the specified path. if(!is_writable($target)) { $errors[] = "You cannot upload to the specified directory, please CHMOD it to 777."; } //Here we check that no validation errors have occured. if(count($errors)==0) { //Try to upload it. if(!move_uploaded_file($_FILES['uploaded']['tmp_name'], $newFileName)) { $errors[] = "Sorry, there was a problem uploading your file."; } } //Lets INSERT database information here if(count($errors)==0) { $result = mysql_query("INSERT INTO `gallery` (`image`, `memberid`, `caption`) VALUES ('$newFileName', '$member_id', '$caption')") or die (mysql_error()); } //If no errors show confirmation message if(count($errors)==0) { echo "<div class='notification success png_bg'> <a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a> <div> Image has been uploaded.<br>\n </div> </div>"; //echo "The file {$fileName} has been uploaded"; echo "<br>\n"; echo "<a href='gallery.php'>Go Back</a>\n"; } else { //show error message echo "<div class='notification attention png_bg'> <a href='#' class='close'><img src='img/cross_grey_small.png' title='Close this notification' alt='close' /></a> <div> Sorry your file was not uploaded due to the following errors:<br>\n </div> </div>"; //echo "Sorry your file was not uploaded due to the following errors:<br>\n"; echo "<ul>\n"; foreach($errors as $error) { echo "<li>{$error}</li>\n"; } echo "</ul>\n"; echo "<br>\n"; echo "<a href='gallery.php'>Go Back</a>\n"; } } else { //Show the form echo "Use the following form below to add a new image to your gallery;<br /><br />\n"; echo "<form enctype='multipart/form-data' action='' method='POST'>\n"; echo "Please choose a file:<br /><input class='text' name='uploaded' type='file' /><br />\n"; echo "Image Caption:<br /><input class='text' name='caption' type='text' value='' /><br /><br />\n"; echo "<input class='Button' type='submit' value='Upload' />\n"; echo "</form>\n"; } ?> Many thanks to phpfreaks again. hello all, please kindly assist me, i have a site that has been running well for over a year now till last week. the session fluctuate presenting the access denied page, like the session are unset, if one clicks another link, it might open as if the session are set. it goes back and front like that. the site is hosted somewhere, not locally. my hosted suggested that setenv TIMEOUT 300, setenv CPULIMIT 100 which i guest is not the case, cos, if it really unset the session due to time, how can it automatically set the session again? please does anyone has an idea Being a complete newbie, i was wondering if the said would be possible through PHP? If so, could anyone help out. I would be willing to pay for such work...only because my levels of knowledge are far too low.
Not experienced coding PHP and need help doing something which is probably very easy but looks like Mt Everest to me. FOO = 123456 BAR = abc Then, write URLs with those variables and have them work the same in a browser:
http://webpage1.com/?var1=FOO&var2=BAR
http://webpage2.com/?var1=FOO&var2=BAR
http://webpage3.com/?var1=FOO&var2=BAR If I update the fields in my local webpage and refresh browser, would like the new value(s) to be used instead. Any help with this greatly appreciated. If someone will put a file together think that I can edit and modify from there for my specific application. Thank you. Edited December 1, 2020 by XcloneI need code for upload images for php as well as to edit that image
Hi, Im rather new to php and really unable to get the above to work. Everything works apart from the image being resized. File is uploaded, and the image name is printed into the SQL database. But i cant for the life of me get the image to go to 300x200? If you could help me i would be very grateful My code for the form processing page is attached. Ive put a few line breaks into the code as to where i think is the issue. I just cant seem to resize the image. Does the image resize need to come before the part it writes the image to the server or can this be done afterwards? Please help. P.S - Thanks in advance Hello - I have usually run my own servers, and always drop my .php files with MYSQL connection strings in a directory like /var, with webroot being /var/www/mysite. I now find myself in a shared hosting environment for a client and wondering the safety of my connection string .php files. Unfortunately they are sitting in a folder in the root of my hosting directory right now, and they feel vulnerable. It seems the only thing I could do would be to put the root of my hosting into a subdirectory, point the site there, and then put my connection strings on directory back. But seems the problem is they are still in my shared hosting. What's the best way to secure this type of sensitive info in a shared environment? I'm also getting ready to explore credit card processing via an API, and wondering if shared hosting is even worth it. Thanks!! does anyone know a good open source image upload with info upload basically upload a image to a dir and submitt the info like $date $title $who to a DB Thanks in advance I am looking to upload an image or pdf file to my server an with this upload script below. It works well and uploads the images and the pdf file but for some reason i can open the image and view it but not the pdf file can someone please let me know why this is happening and show me what changes i need to make to get the script to work as i'm very new to PHP . thanks Quote Code: [Select] <?php $target = "images/"; $target = $target . basename( $_FILES['image']['name']); $company=$_POST['company']; $image=($_FILES['image']['name']); mysql_connect("localhost", "username", "password") or die(mysql_error()) ; mysql_select_db("testupload") or die(mysql_error()) ; mysql_query("INSERT INTO `table` (company, image) VALUES ('$company', '$image')") ; if(move_uploaded_file($_FILES['image']['tmp_name'], $target)) { echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded, and your information has been added to the directory"; } else { echo "Sorry, there was a problem uploading your file."; } ?> Hi Guys! I already have a database with a table that stores information about different franchises for the company like franchise name, address, tel, email etc etc. This works beautiful so I can CRUD this data. However, now to be able to add the facility for each franchise to be able to upload their own image of the franchise itself and still be able to CRUD the data. I have looked on the internet and found many scripts using BLOB etc but I can get it to link in with my existing table. I'll show you the edit form that I have so far. (Pleas not Ter = territory, ie the territory that franchise covers. <?php include('config.php'); if (isset($_GET['Ter']) ) { $ter = (int) $_GET['Ter']; if (isset($_POST['submitted'])) { foreach($_POST AS $key => $value) { $_POST[$key] = mysql_real_escape_string($value); } $sql= "UPDATE `ter` SET `Ter` = '{$_POST['Ter']}' , `BranchName` = '{$_POST['BranchName']}' , `BranchAddress` = '{$_POST['BranchAddress']}' , `BranchTel` = '{$_POST['BranchTel']}' , `BranchEmail` = '{$_POST['BranchEmail']}' , `BranchLink` = '{$_POST['BranchLink']}' , `Theme` = '{$_POST['Theme']}' , `LocalInfo` = '{$_POST['LocalInfo']}' , `BranchInfo` = '{$_POST['BranchInfo']}' WHERE `Ter` = '$ter' "; mysql_query($sql) or die(mysql_error()); echo (mysql_affected_rows()) ? "Edited Branch.<br />" : "Nothing changed. <br />"; } $row = mysql_fetch_array ( mysql_query("SELECT * FROM `ter` WHERE `Ter` = '$ter' ")); ?> <form action='' method='POST'> <p><b>Territory:</b><br /><input name='Ter' type='text' value='<?= stripslashes($row['Ter']) ?>' size="3" readonly="readonly" /> <p><b>Branch Name:</b><br /><input name='BranchName' type='text' value='<?= stripslashes($row['BranchName']) ?>' size="50" /> <p><b>Address:</b><br /> <textarea name='BranchAddress' cols="40" rows="5"><?= stripslashes($row['BranchAddress']) ?></textarea> <p><b>Telephone:</b><br /><input name='BranchTel' type='text' value='<?= stripslashes($row['BranchTel']) ?>' size="15" /> <p><b>Email:</b><br /><input name='BranchEmail' type='text' value='<?= stripslashes($row['BranchEmail']) ?>' size="50" /> <p><b>Link:</b><br /><input name='BranchLink' type='text' value='<?= stripslashes($row['BranchLink']) ?>' size="50" /> <hr /> <p><b>Your Single Webpage Options</b> <p><b>Theme:</b><br /> <input name='Theme' type='text' value='<?= stripslashes($row['Theme']) ?>' size="1" /> <p><b>Local Information:</b><br /> <textarea name='LocalInfo' cols="85" rows="8" id="LocalInfo"><?= stripslashes($row['LocalInfo']) ?> </textarea> <p><b>Franchise Information:</b><br /> <textarea name='BranchInfo' cols="85" rows="8" id="BranchInfo"><?= stripslashes($row['BranchInfo']) ?> </textarea> <p><b>Photo:</b><br /> <label> <input type="file" name="photo" id="photo" /> </label> (Franchise Photo) <p><b>Downloads:</b><br /> <label> <input type="file" name="download1" id="download1" /> </label> (S/O Mandate) <p> <label> <input type="file" name="download2" id="download2" /> </label> (Other Download) <p> <label> <input type="file" name="download3" id="download3" /> </label> (Other Download) <p> <input type='submit' value='Save' /> <input type='hidden' value='1' name='submitted' /> </form> <? } ?> It is the 'photo' file above that I want to be able to upload the image with. Is this the right way to do it? Ignore the download1,2,3 bit. Cheers, S I'm having some trouble with an image upload form. I have a few instances of this code that works in other areas of my site so I'm pretty sure there is just something small that I'm missing: The Form: <? include("../include/session.php"); ?> <html> <head> <title>Template Configuration</title> <link rel="stylesheet" type="text/css" href="../css/backend.css"> </head> <body> <? if($session->logged_in){ $data = mysql_query("SELECT * FROM template WHERE id = '1'") or die(mysql_error()); while($info = mysql_fetch_array( $data )) { echo " <h1 style='text-align:center;'>Template Configuration</h1> <div id='textedit'> <form method='post' action='templateprocess.php' enctype='multipart/form-data'> <table> <tr><td><h2>Header Image</h2></td></tr> <tr><td colspan='2' style='text-align:center'><img src='../upload/template/".$info['headerimg'] ."'><br /><br /></tr></td> <tr> <td>Image Upload:</td> <td> <input type='file' name='headerimg'> </td> </tr> </table <input type='hidden' name='id' value='1'> <input TYPE='submit' name='upload' title='Add data to the Database' value='Submit'/> </form> <a href='../main.php'><img src='../images/backButton.jpg'></a> </div> "; } } else{ echo "[<a href='../main.php'>Please Login</a>] "; } ?> </body> </html> The Processor: <? include("../include/session.php"); ?> <html> <head> <title>Template Configuration</title> <link rel="stylesheet" type="text/css" href="../css/backend.css"> </head> <body> <div id='process'> <? if($session->logged_in){ $target = "/path/to/folder/upload/template/"; if ($headerimg != ''){ $headerimg = ($_FILES['headerimg']['name']); foreach($_FILES as $file) { move_uploaded_file($file['tmp_name'], $target . $file['name']); } mysql_query("UPDATE template SET headerimg ='$headerimg' WHERE id ='1'"); } ?> <p>Update Successful... <a href="../main.php">click here</a> to return to the administration area.</p> <?php } else{ echo "[<a href='../main.php'>Please Login</a>] "; } ?> </div> </body> </html> My database has a table named 'template' with two fields of 'id' and 'headerimg'. I have inserted into the table (id) '1' and (headerimg) 'header-image.png' and is reading this as a preview above. I can't, however, get the 'headerimg' field to update and the image never uploads into my template folder. Hello everyone.i'm beginner in programming.How to make page that user can upload their own image.. my database table:product product_id (PK) product_price product_name product_picture anyone can help me..thank for advance:) It will add the 'FILES' folder if it isn't there, but just refreshes the page, displaying no errors, without adding anything to the folder??? As you can probably see I have three file slots for users, I want to fill the next available slot up, and if no slots, display error 2 ($e=2; - Delete a file to make space) Code: [Select] //^^GET VARIABLES SUCH AS USERNAME ETC. if(isset($_POST['uploadfile'])){ if(is_dir("files/$username/FILES/")){}else{mkdir("files/$username/FILES/");} if (is_uploaded_file($_FILES['file']['tmp_name'])) { $name = $_FILES['file']['name']; if ($file != "application/pdf" || substr(strrchr($file, '.'), 1) != "pdf" || substr(strrchr($file, '.'), 1) != "jpg" || $file != "image/jpeg" || $file != "image/pjpeg") { $errors[] = 'File must be in PDF or JPEG format'; } else if($_FILES['file']['size'] > 256000){$errors[] = 'File must be under 250KB';} else { $name1 = substr($name, 0, strrpos($name, '.')); $ext = strtolower(substr(strrchr($name, '.'), 1)); $name = $name1.'.'.$ext; $res = mysql_query("SELECT username,file1,file2,file3 FROM `files` WHERE `username`='$username'"); $row = mysql_fetch_array($res); $f1 = $row['file1']; $f2 = $row['file2']; $f3 = $row['file3']; if($f1==''){ $result = move_uploaded_file($_FILES['file']['tmp_name'], "files/$username/FILES/$name"); if ($result == 1){ $time = time(); $t=1; mysql_query("UPDATE files SET file1='$name', file1_val='0', file1_added='$time' WHERE username='$username'"); }else $e=1; }else if(empty($f2)){ $result = move_uploaded_file($_FILES['file']['tmp_name'], "files/$username/FILES/$name"); if ($result == 1){ $time = time(); $t=1; mysql_query("UPDATE files SET file2='$name', file2_val='0', file2_added='$time' WHERE username='$username'"); }else $e=1; }else if(empty($f3)){ $result = move_uploaded_file($_FILES['file']['tmp_name'], "files/$username/FILES/$name"); if ($result == 1){ $time = time(); $t=1; mysql_query("UPDATE files SET file3='$name', file3_val='0', file3_added='$time' WHERE username='$username'"); }else $e=1; }else{$e=2;} } } } |
|||||||