I am thinking about solving the problem of uploading files by store visitors. Let's imagine a simple store. On the product page, the customer sees an additional "File Upload" field. The uploaded file will be added to the order.
The customer uploads the file when adding the product to the cart.
Then I have two scenarios - A: The customer makes a purchase, B: The customer abandons the cart and never returns to the store. But what to do with uploaded files?
I wonder what the best approach would be for scenario B?
Upload the file to the /guest_files directory (accessible only for admin)
If the customer places an order, move the file to another directory, eg "order/1234/client_files"
Run CRON job once a day at night - clean the /guest_file directory
or
Upload the file to the /client_files directory
If the session has expired, delete the files uploaded by the user
But, Is it possible to call an event in PHP when the session ends?
or
I know that during the upload, files go to the temporary directory and then are deleted, unless move_uploaded_file is called. Is it possible to extend the time of a file's presence in the temporary directory?
or
All sessions are stored in /tmp directory. For example current session has id: 0pnkm91lcgjtikftoe1imedt07 and the session file is /tmp/sess_0pnkm91lcgjtikftoe1imedt07
I upload files to the: /tmp/uploads/0pnkm91lcgjtikftoe1imedt07/ directory. CRON job run every 5-15 mins (algorithm below):
GET all sess_* file names from /tmp
FOR every directory in /tmp/uploads ($dir_name) check if '/tmp/sess_'.$dir_name exists
IF sess_ does not exist THEN delete /tmp/uploads/{sessionid} directory
Thanks for any reply
Ok, so I've tried several options. I think that IndexedDB is the right answer.
Here, I prepared simple lib to handle a files queue and store to the IDB.
filequeue.js repo
Related
I have a wordpress site where people buy access to downloads through the woocommerce plugin.
There are usually several thousand downloads for each order and I have found woocommerce to be inefficient when handling large amounts of downloads.
The download files are like this
product1_date.pdf
product2_date.pdf
etc...
I can't change this
I need a PHP solution which
Admin can upload files to a directory via FTP
Users who buy a product can download them in their download area
Users cannot access files for products they haven't purchased by guessing the filename
1 and 2 I can handle, but how do I prevent 3? Is there a way I can set file permissions to only be read by a specific user who has purchased? Or would is it possible to make the directory writable by everyone (so they can be uploaded) but the files only readable by apache and serve the files to the user some other way?
First, you must stop hotlinks!
After, you create a downloader file contain of downloader function. This's parameters is file mime-type, file name, file url etc... Users can only download with this downloader file. Function is first control users access, after accept user want or not accept. RETURN
I'm reading about security stuff for PHP and my biggest concern now is the users file upload form. I've read a lot that some users may upload files that seems to be something else by changing the extension or even manipulating the header and the mimetype. I understand this.
But my question is how will this be an issue if I rename any uploaded file and move it to a directory that they do not know.
Please let me know if this will be enough or not, and if not, just give me some headline of what extra security checks should I perform
Thanks a lot
It really depends on what your online application is looking to achieve. If you wish to limit access directly to files which are uploaded, then you should set the folder permissions for the parent folder of the uploaded area to block user access. Then in your database you can record to path and only host the files through the http response. This will ensure that no files are accessed which could be potentially harmful, and also that users can still upload what they feel. As an extra step, you could add an erroneous file extension to each file while it is hosted and then remove it when it is served.
You might run an antivirus scan daemon in the background like avscand, configured. for scanning and moving infected files to a quarantaine directory. This ought to prevent delivering infected files later back to the people. Configure automatic virus database updating. A bit back that I did do such things, so investigate.
A simple renaming of the file name to one with safe characters should be sufficient; per user separated of course.
To have a more secure site the following needs to happen:
Due to the nature of security, this list will need be updated every so often.
Set the upload_max_filesize to something sensible
Install an Antivirus on the server
Set the upload_tmp_dir to something sensible, that the user may not access. See Setting PHP tmp dir - PHP upload not working
Have your form you upload files (which you already have done)
Your form handler should:
Run a file command to get the type of the data without executing it
Reject random files
The PHP interpreter will validate the file size
Run the virus scanner on the file
Do a file rename to ensure the filename is clean (if you need to reference things, it is convenient to rename the file to the primary key of your attachments table)
Move the file to a location that isn't accessible by the client (but move it, so if a later upload comes in with the same name nothing happens)
When you move the files, ensure they don't have execute permissions
I have to check the Content of a zip/rar file before uploading to the server.
Let me explain the scenario.
There are 2 types of users in my web project:
1: Normal Registered user
2: Administrator of the Project
Any Registered user can Create Pages on our Project,also they can create Themes For Pages.
Here one of us suggested a feature that to upload the Theme as theme pack [Compressed in Zip/Rar File].
If it is a Administrator then it is ok,there is no more security constraints.
But i am afraid in the case of Normal Registered Users.
My Problems are :
Assume that a Registered User uploading a theme pack that contains some malicious Files [Including PHP file] that may hurt the system.
I know that it is posible to check the Contents after upload,but what will happen if the use executed the File before that?
Ex : a user uploading a theme pack : contains some PHP codes & other large files,First our system will extract the content of the Theme Pack: Assume that the extraction of large files takes some time,and the smaller PHP file already extracted.So that the user can RUN the PHP file First.
The above one is my noob soubt,Actually i dont know other sides.
Please help me to figure out this problem.
Is it possible to upload the ZIP file in a secure manner ?
You won't be able to check this client side unless, of course, you had some kind of plugin (for all browsers) that did the checking/uploading for you. You'll have to handle this on the server side.
Also, Admins can upload viruses just as easily as non-admins. Some user's don't even know their machine has more viruses than a shanty-town brothel.
EDIT: Also, how is the user going to execute their PHP file on your server before you've checked it unless you run that php file? This sounds like a recipe for disaster anyway. All it will take is for something to slip through the cracks and a malicious user will destroy your site. Allowing normal people to upload executable script to your server is asking for serious trouble.
Unpack it in directory, which can't be reached through the web, check, then move back to web-folder, where it should be.
Assuming that you have your website in directory /var/www/website and user content goes to /var/www/website/user and is reachable through www.website.com/user/ :
Create temporary dir in /tmp unpack there, check, move to /var/www/website/user
If you don't have access to /tmp, you can create /var/www/website/tmp and prohibit access to it using your server settings
you can create a folder for putting the zip file and unzip.
and disable the php execute for the folder. that can solve your problem
I can't seem to find clarification. I have 7 steps and the second one is to upload a file. The problem I am having is that on the final step when I finalize the form and try and access the temp file it says "Could not access file: ..." (saved in the default tmp folder).
Other multi-step tutorials say to keep it in a temp folder and then move to the appropriate folder when complete. So do they mean I move it from the default temp folder into a temp folder I manage and then when they complete the form move it again to a final folder?
So do they mean I move it from the default temp folder into a temp folder I manage and then when they complete the form move it again to a final folder?
Yes, exactly. You do the first move on the request that receives the files, because when that request is finished PHP would delete them if they still exist.
See move_uploaded_fileDocs and Handling File Uploads.
With "temp folder" they don't mean /temp.
After the upload, you should actually save the file in some folder, maybe with the user's session id as name. Then, with the last step, you should move that file to its definitive location.
Temp files (like, actual temporary file) are destroyed once the program who created them exits (that means usually, in php, after the next output page is sent to the client).
I have a form page that posts to another page where multiple fields as well as file uploads are processed. Just wondering what happens to the 'tmp_name' files when/if the user enters some incorrect info and I send them back to the form page with a meta refesh?
If successful, I move the file to a new location. But if not successful, do the files get unset or erased if the user gets redirected? If they don't, can I reaccess them again so the user doesnt have to reupload? OTOH if there is a problem with the file, say it is not the expected MIME type, should I unlink($_FILES['userFile']['tmp_name']? Its easy to force the user to re-upload again, i think, but I dont want the server being filled up with files that will never be used? If the form passes inspection, and I use rename() to move the file, is the temp file really gone? Did it ever exist on the server's hard drive, or was it only in RAM? Whats the best practice here?
do the files get unset or erased if the user gets redirected?
The uploaded files are stored in the /tmp directory (or whatever is specified as PHP's temporary location). Once your script has run, files left there are subject to deletion any time. I don't think they usually get deleted straight away, but the contents of /tmp will be automatically purged by the OS when necessary.
/tmp is usually located on a hard drive, not in RAM.
Managing this is usually nothing you need to worry about.
If the form passes inspection, and I use rename() to move the file, is the temp file really gone?
Yes, but you must use move_uploaded_file() on uploaded files instead of rename() for security reasons.
The file is stored in the tmp folder and if you don't move it elsewhere it will stay there. It will be removed automatically by the OS on next cleanup.
Edit:
Please look at Marc's comment below.
http://www.php.net/manual/en/features.file-upload.post-method.php
The file will be deleted from the
temporary directory at the end of the
request if it has not been moved away
or renamed.