April 21, 2013

HTML File Upload action – can this be hacked to spam endless file uploads

Adam’s Questions:

I have a question about hacking file uploads. Below shows the kind of setup I’m using and my concern is around the action that gives the full path to the upload script:

<form action="http://www.mydomain.com/scripts/php/photo_processing.php?page=join method="post" enctype="multipart/form-data">
  <input type="file" name="file" class="fileProfile"><br>
</form>

Can someone use the full path to send repetitive files constantly and then fill a web server disk space etc? eg: can you send files using this path outside the website and/or in a way that allows automated constant uploads?

Note: the php file has the following at the top – it is set to only this domain name – needed because of AWS Cloudfront POST limitation

header("Access-Control-Allow-Origin: http://www.mydomain.com");

No, they are basically prevented by cross domain policy. Unless the mydomain.com gives you access to it.

November 6, 2012

File replace in upload in php

Question by Mervyn

I would like to delete a file that is already exists and add the new one in the same folder.
I have taken the tmp name added it in a session. Deleted the existing already but it not movin in the new one.

<?php
session_start();
$files = $_SESSION['Already'];
$tmp=$_SESSION['PATH'];
unlink('../upload/'.$files);
$to="../upload/".$files; 
move_uploaded_file($tmp,$to);
?>

Answer by Starx

Try replacing the files. If the files name are exactly same, you don’t need to unlink them. Just using move_uploaded_file() will do.

Its important to know what is causing the error. Check your server error_logs for such informations.

April 9, 2012

how to upload multiple files

Question by bonny

i like to post a number of images on my site.

it works for single post when i just use one image. as i tried to use with multiple images it doesnt work anymore and i dont understand why this doesnt work. to show my code:

if (isset($_POST['var1'];
 ...
 ...        $Bild1 = $_FILES['image1']; 
            $Bild2 = $_FILES['image2'];
            $Bild3 = $_FILES['image3'];
            $Bild4 = $_FILES['image4']; 
            $Bild5 = $_FILES['image5'];
            $Bild6 = $_FILES['image6'];
            $Bild7 = $_FILES['image7'];
            $Bild8 = $_FILES['image8'];
            $Bild9 = $_FILES['image9'];
            $Bild10 = $_FILES['image10'];

                $errors = array();
                $allowed_extension = array('jpg', 'jpeg', 'png', 'bmp', 'tiff', 'gif');

                $file_name_1 = $_FILES['image1']['name'];
                $file_name_2 = $_FILES['image2']['name'];
                $file_name_3 = $_FILES['image3']['name'];
                $file_name_4 = $_FILES['image4']['name'];
                $file_name_5 = $_FILES['image5']['name'];
                $file_name_6 = $_FILES['image6']['name'];
                $file_name_7 = $_FILES['image7']['name'];
                $file_name_8 = $_FILES['image8']['name'];
                $file_name_9 = $_FILES['image9']['name'];
                $file_name_10 = $_FILES['image10']['name'];

                $split_1 = explode('.', $file_name_1);  
                $split_2 = explode('.', $file_name_2);
                $split_3 = explode('.', $file_name_3);
                $split_4 = explode('.', $file_name_4);
                $split_5 = explode('.', $file_name_5);
                $split_6 = explode('.', $file_name_6);
                $split_7 = explode('.', $file_name_7);
                $split_8 = explode('.', $file_name_8);
                $split_9 = explode('.', $file_name_9);
                $split_10 = explode('.', $file_name_10);

                $split_1[0] = '1';
                $split_2[0] = '2';
                $split_3[0] = '3';
                $split_4[0] = '4';
                $split_5[0] = '5';
                $split_6[0] = '6';
                $split_7[0] = '7';
                $split_8[0] = '8';
                $split_9[0] = '9';
                $split_10[0] = '10';

                $file_basename_1 = $split_1[0];
                $file_basename_2 = $split_2[0];
                $file_basename_3 = $split_3[0];
                $file_basename_4 = $split_4[0];
                $file_basename_5 = $split_5[0];
                $file_basename_6 = $split_6[0];
                $file_basename_7 = $split_7[0];
                $file_basename_8 = $split_8[0];
                $file_basename_9 = $split_9[0];
                $file_basename_10 = $split_10[0];

                $file_extension_1 = strtolower(end(explode('.', $file_name_1)));
                $file_extension_2 = strtolower(end(explode('.', $file_name_2)));
                $file_extension_3 = strtolower(end(explode('.', $file_name_3)));
                $file_extension_4 = strtolower(end(explode('.', $file_name_4)));
                $file_extension_5 = strtolower(end(explode('.', $file_name_5)));
                $file_extension_6 = strtolower(end(explode('.', $file_name_6)));
                $file_extension_7 = strtolower(end(explode('.', $file_name_7)));
                $file_extension_8 = strtolower(end(explode('.', $file_name_8)));
                $file_extension_9 = strtolower(end(explode('.', $file_name_9)));
                $file_extension_10 = strtolower(end(explode('.', $file_name_10)));

                $file_size_1 = $_FILES['image1']['size'];
                $file_size_2 = $_FILES['image2']['size'];
                $file_size_3 = $_FILES['image3']['size'];
                $file_size_4 = $_FILES['image4']['size'];
                $file_size_5 = $_FILES['image5']['size'];
                $file_size_6 = $_FILES['image6']['size'];
                $file_size_7 = $_FILES['image7']['size'];
                $file_size_8 = $_FILES['image8']['size'];
                $file_size_9 = $_FILES['image9']['size'];
                $file_size_10 = $_FILES['image10']['size'];

                $file_tmp_1 = $_FILES['image1']['tmp_name'];
                $file_tmp_2 = $_FILES['image2']['tmp_name'];
                $file_tmp_3 = $_FILES['image3']['tmp_name'];
                $file_tmp_4 = $_FILES['image4']['tmp_name'];
                $file_tmp_5 = $_FILES['image5']['tmp_name'];
                $file_tmp_6 = $_FILES['image6']['tmp_name'];
                $file_tmp_7 = $_FILES['image7']['tmp_name'];
                $file_tmp_8 = $_FILES['image8']['tmp_name'];
                $file_tmp_9 = $_FILES['image9']['tmp_name'];
                $file_tmp_10 = $_FILES['image10']['tmp_name'];

                $file_newname_1 = $file_basename_1 .".". $file_extension_1;
                $file_newname_2 = $file_basename_2 .".". $file_extension_2;
                $file_newname_3 = $file_basename_3 .".". $file_extension_3;
                $file_newname_4 = $file_basename_4 .".". $file_extension_4;
                $file_newname_5 = $file_basename_5 .".". $file_extension_5;
                $file_newname_6 = $file_basename_6 .".". $file_extension_6;
                $file_newname_7 = $file_basename_7 .".". $file_extension_7;
                $file_newname_8 = $file_basename_8 .".". $file_extension_8;
                $file_newname_9 = $file_basename_9 .".". $file_extension_9;
                $file_newname_10 = $file_basename_10 .".". $file_extension_10;

                $path ='a/b/c/'.$id.'/'.$new_file_id.'/';

                if (in_array($file_extension_1, $allowed_extension)=== false){
                    $errors[] = 'errormessage1';
                }
                if (in_array($file_extension_2, $allowed_extension)=== false){
                    $errors[] = 'errormessage2';
                }
                if (in_array($file_extension_3, $allowed_extension)=== false){
                    $errors[] = 'errormessage3';
                }
                if (in_array($file_extension_4, $allowed_extension)=== false){
                    $errors[] = 'errormessage4';
                }
                if (in_array($file_extension_5, $allowed_extension)=== false){
                    $errors[] = 'errormessage5';
                }
                if (in_array($file_extension_6, $allowed_extension)=== false){
                    $errors[] = 'errormessage6';
                }
                if (in_array($file_extension_7, $allowed_extension)=== false){
                    $errors[] = 'errormessage7';
                }
                if (in_array($file_extension_8, $allowed_extension)=== false){
                    $errors[] = 'errormessage8';
                }
                if (in_array($file_extension_9, $allowed_extension)=== false){
                    $errors[] = 'errormessage9';
                }
                if (in_array($file_extension_10, $allowed_extension)=== false){
                    $errors[] = 'errormessage10';
                }

                if ($file_size_1 > 2097152){
                    $errors[] = 'errormessage1';
                }
                if ($file_size_2 > 2097152){
                    $errors[] = 'errormessage2';
                }
                if ($file_size_3 > 2097152){
                    $errors[] = 'errormessage3';
                }
                if ($file_size_4 > 2097152){
                    $errors[] = 'errormessage4';
                }
                if ($file_size_5 > 2097152){
                    $errors[] = 'errormessage5';
                }
                if ($file_size_6 > 2097152){
                    $errors[] = 'errormessage6';
                }
                if ($file_size_7 > 2097152){
                    $errors[] = 'errormessage7';
                }
                if ($file_size_8 > 2097152){
                    $errors[] = 'errormessage8';
                }
                if ($file_size_9 > 2097152){
                    $errors[] = 'errormessage9';
                }
                if ($file_size_10 > 2097152){
                    $errors[] = 'errormessage10';
                }

                if (empty($errors)) {

                if (move_uploaded_file($file_tmp_1, $path . $file_newname_1)) {
                    echo 'success1'; 
                }

                if (move_uploaded_file($file_tmp_2, $path . $file_newname_2)) {
                    echo 'success2'; 
                }

                if (move_uploaded_file($file_tmp_3, $path . $file_newname_3)) {
                    echo 'success3'; 
                }

            }

is there also a way to shorten this code? thanks a lot.

Answer by Starx

You are doing it so wrong. To much redundancy in your code

$allowed_extension = array('jpg', 'jpeg', 'png', 'bmp', 'tiff', 'gif');
foreach($_FILES as $file) {
   // Carry on like this
   $file_name = $file['name'];
   $size = $file['size'];

   //However, you might want to extract the extension like this
   $ext = pathinfo($file_name, PATHINFO_EXTENSION);
   //...


}
April 4, 2012

How to get content of selected file by jQuery + Ajax

Question by user752433

I have a file upload element as hereafter:

<input type="file" id="uploadFile">

I can get the path & name of selected file by jQuery script as hereafter:

var filePath = $("#uploadFile").val();
var fileName = filePath.split('\').pop();

Could you please advise me how to get the file content (i thought it is in object or string format) and send it to server action.

Answer by Starx

First of all, you cannot get the path of an file-input element using $("#uploadFile").val();. It is a restriction by most of the modern browsers for security reasons.

Next, you have to upload the first, read the contents and throw the content back to the page using ajax.

You can use jQuery Form plugin to submit the form and grab the file contents on your backend.

March 21, 2012

How can I use getimagesize() with $_FILES['']?

Question by eric01

I am doing an image upload handler and I would like it to detect the dimensions of the image that’s been uploaded by the user.

So I start with:

if (isset($_FILES['image'])) etc....

and I have

list($width, $height) = getimagesize(...);

How am i supposed to use them together?

Thanks a lot

Answer by Starx

You can do this as such

$filename = $_FILES['image']['tmp_name'];
$size = getimagesize($filename);

// or

list($width, $height) = getimagesize($filename);
// USAGE:  echo $width; echo $height;

Using the condition combined, here is an example

if (isset($_FILES['image'])) {
    $filename = $_FILES['image']['tmp_name'];
    list($width, $height) = getimagesize($filename);
    echo $width; 
    echo $height;    
}
March 19, 2012

Using variables to check if certain things are allowed

Question by Marshall Mathews

i was thinking of implementing features of turning on and off certain things on my website like registering and logging of.
I could include a file with variables like so

<?php
$upload = 1;
$register = 1;
?>

And then in suppose my register.php file i could do a check like so

if($register == 1){
//Show form
} else { echo "Registration is disabled" }

i was wondering if this would be a security issue as i read somewhere that stuff can be suffixed the url to bring the same effect
Like so

register.php?register=1

But that does not work if register globals are turned off, is this much of a security issue?

Answer by Starx

NO

register.php?register=1 will only be accessed from $_GET['register']
Unless you’re using an older version of PHP with register_globals turned on Thanks Lex

If you are configuring some features on the server, I suggest you use sessions instead.

$_SESSION['upload'] = 1;
$_SESSION['register'] = 1;

Unlike constants, they can be changed, if some criteria is met.

And register_globals() is removed from the latest PHP 5.4.0, so, dont use that.

April 18, 2011

How to limit browse button to valid image files only

Question by sandeep

I want that whenever we click on browser button to upload so only image file is comes automatically instead of other file extension

Answer by Starx

You cannot restrict the upload, with just using HTML. There are two ways AFAIK

  • Read the file types and deny, after the form is submitted at the back end.
  • Use plugins like uploadify to restrict while selecting the file
...

Please fill the form - I will response as fast as I can!