I want a method for validating image files.
I have tried validating using image type and its formats and size. I need another validation with high accuracy.
I am asking because my site has hacked by an uploaded image file containing code. The hacker has written code in .png format and uploaded it as an image in my site. From that moment he started hacking my site.
Kindly help me to get a high validation for an image file using its header.
I have validation like below:
function upload()
{
//set preferences
$config['upload_path'] = './uploads/';
$config['allowed_types'] = 'txt|pdf';
$config['max_size'] = '100';
//load upload class library
$this->load->library('upload', $config);
if (!$this->upload->do_upload('filename'))
{
// case - failure
$upload_error = array('error' => $this->upload->display_errors());
$this->load->view('upload_file_view', $upload_error);
}
else
{
// case - success
$upload_data = $this->upload->data();
$data['success_msg'] = '<div class="alert alert-success text-center">Your file <strong>' . $upload_data['file_name'] . '</strong> was successfully uploaded!</div>';
$this->load->view('upload_file_view', $data);
}
}
You have allowed filetypes of txt and pdf. You should use
$config['allowed_types'] = 'gif|jpg|png';
If it is images you are uploading.
Related
I am developing a ad site that anyone able to upload 3 images.
So I am coding to upload that 3 images by adding timestamp in front of their file name to make them unique. I use codeigniter framework and attaching the code below.
when I submitting form data, localhost server shows that images have been saved correctly with some code infornt of image filename. But problem is there are no images saved in relevant image folder in that name and I cannot retrieve that images in next preview advertisement page.
I don't know much about php or codeignitor. Your help is highly appreciated.
$config['upload_path'] = './assets/images/adsimages';
$config['allowed_types'] = 'gif|jpg|png';
$config['max_size'] = 5120;
$this->load->library('upload',$config);
$this->upload->initialize($config);
if (!$this->upload->do_upload()){
$errors = array('error' => $this->upload->display_errors());
$post_image = 'no_image.jpg';
}
else {
$data = array('upload_data' => $this->upload->data());
$post_image1 = time().$_FILES['userfile1']['name'];
$post_image2 = time().$_FILES['userfile2']['name'];
$post_image3 = time().$_FILES['userfile3']['name'];
}
$result = $this->post_model->adregister($post_image1,$post_image2,$post_image3);
You can append time to 'filename' in config of upload library
$config['file_name'] = time().$_FILES['userfile1']['name'];
Or if you want unique name for all files the simply add
$config['encrypt_name'] = TRUE;
then
$this->load->library('upload', $config);
Try this one:-
$path = pathinfo($_FILES["userfile1"]["name"]);
$image_path = $path['filename'].'_'.time().'.'.$path['extension'];
I've written a possible solution for your code. You haven't shared your full code so you'll have to fill in the gaps yourself and maybe make some changes here and there; Comments are mentioned wherever necessary. See if it helps you.
public function your_function_name(){
// your-code
// your-code
// check if file is uploaded in field1
if(!empty($_FILES['userfile1']['name'])){
// call function to upload file
$userfile1 = $this->upload_file('userfile1');
}
// check if file is uploaded in field2
if(!empty($_FILES['userfile2']['name'])){
$userfile2 = $this->upload_file('userfile2');
}
// check if file is uploaded in field3
if(!empty($_FILES['userfile3']['name'])){
$userfile3 = $this->upload_file('userfile3');
}
$result = $this->post_model->adregister($userfile1, $userfile2, $userfile3);
}
// function to upload file
function upload_file($filename){
$config['file_name'] = time().$_FILES[$filename]['name']; // append time to filename
$config['upload_path'] = './assets/images/adsimages';
$config['allowed_types'] = 'gif|jpg|jpeg|png|GIF|JPG|PNG|JPEG';
$config['max_size'] = 5120;
$this->load->library('upload', $config);
$this->upload->initialize($config);
$uploaded = $this->upload->do_upload($filename);
if ( ! $uploaded ){
$error = array('error' => $this->upload->display_errors());
$file = 'no_image.jpg'; // default file
}else{
$upload_data = $this->upload->data();
$file = $upload_data['file_name']; // uploaded file name
}
return $file; // return filename
}
As I'm uploading a csv file in localhost it is correctly working. All the validations are done but while uploading the file online it is not working. The file is refreshing itself.This is my sample code
$data['error'] = ''; //initialize image upload error array to empty
$config['upload_path'] = './uploads/';
$config['allowed_types'] = 'csv';
$config['max_size'] = '10000';
$this->load->library('upload', $config);
if (!$this->upload->do_upload())
{
$data['error'] = $this->upload->display_errors();
$data['mainpage']='category';
$data['mode']='addcsv';
$this->load->view('includes/mainpage',$data);
}
else
{
$file_data = $this->upload->data();
$file_path = './uploads/'.$file_data['file_name'];
Please check your write permission to the directory you want to upload.
Are you getting any error messages thrown while uploading the file?
Also make sure that you have set the correct permissions to the upload directory you are trying to upload the file to.
It would also be nice with some code.
Use move_uploaded_file() function like below
move_uploaded_file($_SERVER['DOCUMENT_ROOT'].'/'.$_FILES["file"]["tmp_name"],"upload/" . $_FILES["file"]["name"]);
What's the output of $this->upload->display_errors(); ?
You can also check the folder permissions on the server (0777)
I am new to Codeigniter. Working on an form validation having image in the form. Using Module MVC extension in CodeIgniter.
//for upooading image I found this file upload snippet
$config['upload_path'] = './uploads/audio_files/';
$config['allowed_types'] = 'gif|jpg|jpeg|png';
$config['max_size'] = '2048';
$this->load->library('upload', $config);
if ( ! $this->upload->do_upload($file_name))
{
$error = array('error' => $this->upload->display_errors());
$file1 = '';
}
else
{
$upload_data = $this->upload->data();
$file1 = $upload_data['file_name'];
}
This is working fine. File which is not jpeg | gif is not uploaded. but user dont get any error message. I want the user to show that particular error when other image type is uploaded. Please help
I tried this but failed.
try 1 : $this->template->load_partial('admin/admin_master', 'admin/form', $error);
try 2. : loading view with $error
Thanks
Can't you associate a view with an error message? For instance:
After
$file1 = '';
You put:
$this->load->view('error_view', $error, $file1);
You would have to make a separate view page called 'error_view.php'.
I am doing the following to upload a file(image) using codeigniter. What I am wanting to do is modify the error message so that it obvious which field the error relates too as there are multiple upload options on the page, below is my upload code,
$config['upload_path'] = './media/uploads/users';
$config['allowed_types'] = 'gif|jpg|png';
$config['max_size'] = '1000';
$config['max_width'] = '90';
$config['max_height'] = '60';
$this->upload->initialize($config);
if(!$this->upload->do_upload('logo_small'))
{
$error = array('error' => $this->upload->display_errors());
$this->template->build('users/employer', $error);
}
else
{
$file = $this->upload->data();
$logo_small = "small_".$file['file_name'];
}
So basically I want there error message to state Logo Small in the error message, and then if the error relates to Logo large etc I would want it to state that.
easiest way is to edit system/language/english/upload_lang.php with the error message you want.
I have write below code :
function upld_logo()
{
$config['upload_path'] = './images/';
$config['allowed_types'] = 'gif|jpg|png';
$this->load->library('upload', $config);
if ( ! $this->upload->do_upload())
{
$error = array('error' => $this->upload->display_errors());
$data['msg']='Sorry! Cant Upload' . $error['error'];
$data['main_content']='message';
$this->load->view('template',$data);
}
else
{
//$data = array('upload_data' => $this->upload->data());
$names = $this->upload->data();
$k=$names['file_name'];
$data['msg']='Your Logo Successfully Uploaded. ';
$data['main_content']='message';
$this->load->view('template',$data);
}
}
When I upload Image file with name logo.gif it show error message :
The filetype you are attempting to upload is not allowed.
Find this code in your system->libraries->Upload.php line 200
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $this->file_type);
and replace with this:
$this->file_type = preg_replace("/^(.+?);.*$/", "\\1", $_FILES[$field]['type']);
Yes I also got the same error.
And if u change the $[allowed_types] = "*" (allowed all files)
you will find that upload is success but your image file don't have a type!
I think there's something wrong with the CI library maybe?
I have spent some time with the same issue. You might find codeigniters default upload library is using a couple of deprecated PHP functions to find the files mime type.... Good luck, I'm still trying to patch it myself .