Restrict ".php" File upload -


i making basic photo hosting, upload images , resize them.

everything works fine, have added accept="image/*" file upload button, still possible upload other files. in php code check whether image or other file, if not image, remove it. have problem. if user uploads "index.php" file, index file on server overwritten , code should do, removes "index.php" so. self destruction.

is there way restrict file upload before file uploaded on server?

or @ least, there way change root directory of file uploaded?

i don't think javascript or html restriction anything, because "hackermans" can change in inspect element.

class upload {  private $destinationpath; private $errormessage; private $extensions; private $allowall; private $maxsize; private $uploadname; private $seqnence; private $imageseq; public $name = 'uploader'; public $usetable = false;  function setdir($path) {     $this->destinationpath = $path;     $this->allowall = false; }  function allowallformats() {     $this->allowall = true; }  function setmaxsize($sizemb) {     $this->maxsize = $sizemb * (1024 * 1024); }  function setextensions($options) {     $this->extensions = $options; }  function setsamefilename() {     $this->samefilename = true;     $this->samename = true; }  function getextension($string) {     $ext = "";     try {         $parts = explode(".", $string);         $ext = strtolower($parts[count($parts) - 1]);     } catch (exception $c) {         $ext = "";     }     return $ext; }  function setmessage($message) {     $this->errormessage = $message; }  function getmessage() {     return $this->errormessage; }  function getuploadname() {     return $this->uploadname; }  function setsequence($seq) {     $this->imageseq = $seq; }  function getrandom() {     return strtotime(date('y-m-d h:i:s')) . rand(1111, 9999) . rand(11, 99) . rand(111, 999); }  function samename($true) {     $this->samename = $true; }  function uploadfile($filebrowse) {     $result = false;     $size = $_files[$filebrowse]["size"];     $name = $_files[$filebrowse]["name"];     $ext = $this->getextension($name);     if (!is_dir($this->destinationpath)) {         $this->setmessage("destination folder not directory ");     } else if (!is_writable($this->destinationpath)) {         $this->setmessage("destination not writable !");     } else if (empty($name)) {         $this->setmessage("file not selected ");     } else if ($size > $this->maxsize) {         $this->setmessage("too large file !");     } else if ($this->allowall || (!$this->allowall && in_array($ext, $this->extensions))) {          if ($this->samename == false) {             $this->uploadname = $this->imageseq . "-" . substr(md5(rand(1111, 9999)), 0, 8) . $this->getrandom() . rand(1111, 1000) . rand(99, 9999) . "." . $ext;         } else {             $this->uploadname = $name;         }         if (move_uploaded_file($_files[$filebrowse]["tmp_name"], $this->destinationpath . $this->uploadname)) {             $result = true;         } else {             $this->setmessage("upload failed , try later !");         }     } else {         $this->setmessage("invalid file format !");     }     return $result; }  function deleteuploaded() {     unlink($this->destinationpath . $this->uploadname); } 

}

how use :

function callme(){                 $uploader   =   new upload();                 $directory = "namedir"                 if(!is_dir($directory)){                     mkdir($directory);                 }                 $uploader->setdir($directory);                 $uploader->setextensions(array('jpg','jpeg','png','gif'));  //allowed extensions list//                 $uploader->setmaxsize(.5);                          //set max file size allowed in mb//                 $uploader->samename(true);                 if($uploader->uploadfile('file')){   //txtfile filebrowse element name //                          $image  =   $uploader->getuploadname(); //get uploaded file name, renames on upload//                      echo json_encode(array("success"=>true,"message"=>"success add","image"=>$directory.$image,"image_upload"=>$image));                  }else{//upload failed                     echo json_encode(array("success"=>false,"message"=>$uploader->getmessage(),"image"=>""));                 }             }             callme(); 

Comments

Popular posts from this blog

account - Script error login visual studio DefaultLogin_PCore.js -

xcode - CocoaPod Storyboard error: -