just wondering about this php code i have for uploading images to my server is it safe?

[Guest]

hi guys i have this code and was wondering if its secure and safe or can it be tightened up some more in terms of security? i want a small snipet of code to add anywhere i like in my store to allow uploads of images for custom designed merchandise i am offering. ;)

 

ultimately i'd love to incorporate a code in the inquiry/contact us email form which sends the images as an attachment to the email sent to me... but i'm not that good :'( ... maybe someone can help me out?? :thumbsup:

 

<?php
//Сheck that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) {
 //Check if the file is JPEG image and it's size is less than 350Kb
 $filename = basename($_FILES['uploaded_file']['name']);
 $ext = substr($filename, strrpos($filename, '.') + 1);
 if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") && 
($_FILES["uploaded_file"]["size"] < 350000)) {
//Determine the path to which we want to save this file
  $newname = dirname(__FILE__).'/upload/'.$filename;
  //Check if the file with the same name is already exists on the server
  if (!file_exists($newname)) {
	//Attempt to move the uploaded file to it's new place
	if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
	   echo "It's done! The file has been saved as: ".$newname;
	} else {
	   echo "Error: A problem occurred during file upload!";
	}
  } else {
	 echo "Error: File ".$_FILES["uploaded_file"]["name"]." already exists";
  }
 } else {
 echo "Error: Only .jpg images under 350Kb are accepted for upload";
 }
} else {
echo "Error: No file uploaded";
}
?>

 

thanks in advance guys you're help is always appreciated :)

[Guest]

Hello Misery, I'm not that great with php yet either but here's my post for doing the contact_us.php for uploading images. It doesn't send images to the email yet but uploads the file. Maybe we can brainstorm and figure it out or I'll let you know if I get it working.

 

contact_us upload post

 

Also it uploads anything atm, not just jpeg. That's what I'm planning though is prob just jpeg and gif files

 

I'd like to do something like what your code entails also but I have yet to find a mod that will show in the admin as an option type value (but for image uploads) like the select box, dropdown, and text fields.

 

Sory I couldn't help more :(

[Guest]

hey i appreciate the reply!! no sorry needed :)

 

from my coding this snipet determines if the file is jpeg and less then 350kb <--- guessing it can be changed to what you want ;)

//Check if the file is JPEG image and it's size is less than 350Kb
 $filename = basename($_FILES['uploaded_file']['name']);
 $ext = substr($filename, strrpos($filename, '.') + 1);
 if (($ext == "jpg") && ($_FILES["uploaded_file"]["type"] == "image/jpeg") &&
($_FILES["uploaded_file"]["size"] < 350000)) {

 

and this part either accepts it or denies it if its not a jpeg within 350kb... but i think a couple of } are missing at the end to be careful when using it dont want to mess up anything on you!! >_<

 

	  //Attempt to move the uploaded file to it's new place
	if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
	   echo "It's done! The file has been saved as: ".$newname;
 } else {
 echo "Error: Only .jpg images under 350Kb are accepted for upload";

 

i hope we can help each other as 2 heads hopefully are better then one :P bit of a worry when to nebies to php get together lol :D

[Guest]

I'm still trying to brainstorm this thing :) it has me stumped to no end. I think the tricky part is it somehow has to save the images in a temp folder on the server, rather then text can simply whip on through. :'(

I'll definitely let ya know when I get it to work and post ya the code.

[Guest]

thanks!! its really appreciated :) good luck... i'll keep working on it too... or if i find something that works i'll send it you're way :D