We Keep Coding

Image resize with php image magician

I'm using PHP IMAGE MAGICIAN for resizing the images of my website.
When I try to resize the image with a changed extension (e.g. changing image.jpg to image.gif), the function returns an error because the image is invalid in this situation. I want to avoid this error.
I tried a lot of methods to check is the image valid but without success.
The error which appear is:
"file
/Users/.../uploads/1541963916_4dd672e5f3a3060ced41f3f7975453c9.gif is
missing or invalid"
Every image I upload to my website I am renaming to a new filename with its extension.
This is the part of code which I am using.
$workWithImage = new imageLib(UPLOADS_DIR . $original);
$workWithImage->resizeImage($width, $height, $type);
$workWithImage->saveImage(UPLOADS_DIR . $thumbnail, $imageQuality);
I searched for this problem but I could not find a solution.

Unfortunately looking at source this library seems to not handle this situation at all. You can create bug report at library home page. What you can do is compare mime type of file with it's extension and either do you own error handling or rename file name to have correct extension. Mime type detection code used by this library is
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mimeType = finfo_file($finfo, $file);
finfo_close($finfo);
switch($mimeType) {
case 'image/jpeg':
case 'image/gif':
case 'image/png':
case 'image/bmp':
case 'image/x-windows-bmp':
$isImage = true;
break;
default:
$isImage = false;
}

Your File Path is not valid.
You have a path error like : "/Users/.../uploads/1541963916_4dd672e5f3a3060ced41f3f7975453c9.gif"
After /Users/ you have stille three dots "..." that is not passible .. dots for a folder backwards. And one dot . for root direcotory.
Your Errocode, says: "file /Users/.../uploads/1541963916_4dd672e5f3a3060ced41f3f7975453c9.gif is missing or invalid"
Ist Invalid PATH, that means he cant find your file in your system.

Check upload file , accept only file zip formats

In my project , there is a possibility to download/upload a backup of the project (with some configuration/images etc etc).
I have to accept only backups in .zip format (for the upload) , for this i used this code for check the format (client side and server side)
client side , with jQuery form
var ftype=$('#FileInput')[0].files[0].type;
switch(ftype){
case 'multipart/x-zip':
break;
case 'application/zip':
break;
case 'application/x-zip-compressed':
break;
case 'application/x-zip':
break;
default: .... //error type
}
server side
switch(strtolower($_FILES['FileInput']['type'])){
case 'multipart/x-zip':
break;
case 'application/zip':
break;
case 'application/x-zip-compressed':
break;
case 'application/x-zip':
break;
default: exit("1");
}
Every O.S has a different manner to recognize a .zip file (in fact in the switch there isn't the application/octet-stream case , and for this i decided to ask about this because a user tell me this problem).
So , the question is : where i can find a doc about this , or something where i can find a list of the various manner in which the O.S recognize a .zip file.
thanks

Imagecreatefromjpeg With Faulty File

im writing an script that resize and crops the uploaded images.
all valid files are ok...
but some of my visitors are trying to upload non-valid ones.. for example the file extension is jpg, but in fact its a tiff file .. the uploading file's extension looks gif, but in its exif details writes 'its a jpg'.. etc..
As you can imagine, imagecreatefromXX() functions are all giving error in that case (its not a valid jpg etc)..
do you have any idea, how may i solve this problem?
how must i modify my recent codes?
switch($type) {
case 'gif':
$img = imagecreatefromgif($source);
break;
case 'jpg':
case 'JPEG':
case 'jpeg':
$img = imagecreatefromjpeg($source);
break;
case 'png':
$img = imagecreatefrompng($source);
break;
}

Your best bet would probably be to modify the code that sets $type, rather than the code you've shared (though John Conde's suggestion to have a default case is a good one), and use something like exif_imagetype (which your question suggests might already be in play) to determine the type, rather than trusting the extension (which you may even want to change to the appropriate type when writing the file): the extension is user-supplied data, and as such, the least likely to be accurate and/or useful.
e.g.
$type = exif_imagetype($source);
switch ($type){
case IMAGETYPE_GIF:
$img = imagecreatefromgif($source);
break;
case IMAGETYPE_JPG:
$img = imagecreatefromjpeg($source);
break;
case IMAGETYPE_PNG:
... etc ...
default:
//Fail Gracefully
}

Validating image uploads with PHP

I have an image upload program setup that I made with PHP to allow the public to submit their images. I am having trouble finding a method to make sure the file is actually an image. I'm checking the file type, and also using getimagesize(), amongst other checks but if I rename a text file to become a JPG file my validation allows the file. How can I ensure this is actually an image? I don't want my boss to execute any infected files.

you can use Imagick's identifyImage() command.
if it gives you back image data its an image if it hands back an error or no image data then its not an image. there is a command line version of this tool you can use to: http://www.imagemagick.org/script/identify.php if you do not have php compiled with imagemagick

Check allowed extensions
.gif .jpg .jpeg .png should be allowed

How about to use Exif module's exit-imagetype() function?
http://www.php.net/manual/en/function.exif-imagetype.php
<?php
if (exif_imagetype('image.gif') != IMAGETYPE_GIF) {
echo 'The picture is not a gif';
}
?>

Reproduce the uploaded image using gd. If the image isn't reproduced, it's not an image!
If this function returns false, then it's not a valid image. I haven't worked with any more than jpg, png and gif, so there might be some more image types out there that can fit into this function (bmp?)...
function checkFileType($filetype,$tmp_name)
{
$return_val = false;
switch($filetype){
case 'image/jpg':
case 'image/jpeg':
case 'image/pjpeg':
$return_val = #imagecreatefromjpeg($tmp_name);
break;
case 'image/gif':
$return_val = #imagecreatefromgif($tmp_name);
break;
case 'image/png':
case 'image/x-png':
$return_val = #imagecreatefrompng($tmp_name);
break;
}
return $return_val;
}

Best way to validate an upload form?

Which would be the best way to validate an upload form?
Using the mime type at the moment, but that's not quite working - can't upload mpegs even though am looking for video in the mime type.
Thank you
Tom

This seems to work:
switch (strtolower($_FILES["file"]["type"])){
case "application/msword":
case "application/pdf":
case "application/vnd.ms-excel":
case "application/vnd.ms-powerpoint":
case "application/zip":
case "image/gif":
case "image/jpeg":
case "image/png":
case "image/tiff":
case "text/plain":
case "video/mpeg":
case "video/x-mpeg2":
case "video/msvideo":
case "video/quicktime":
// do it
break;
default:
// don't do it
break;
}
For anyone else this might help have a look at http://www.sfsu.edu/training/mimetype.htm for adding other mime types you might need to check.

I guess you want to check if an uploaded file is a valid video-file. So one thing you can check is the file extension (IE ".mpg" for mpeg video). Because no webframework known to me has an internal video-validation, you have to rely on some external program/library to check if the video file is really a video-file. Maybe FFMPEG is able to do this.

Try something like so:
$mime = strtolower($_FILES["file"]["type"]);
$parts = explode("/",$mime);
switch($parts[0])
{
case 'video':
//Video file, use $parts[1] to check the video subtype
break;
case 'image':
break;
}