I'm uploading images from my Android app to my server. The app uses the android camera intent and upload via PHP script is ok.
I want to verify if the uploaded files are real images, I'm not checking the extension but the mimetype (I suppose this is the best way to do it, tell me if I'm wrong).
I'm using a Slackware Linux Apache server and I'm trying this code:
....
$finfo = finfo_open(FILEINFO_MIME, '/etc/httpd/magic');
....
fwrite($fp, finfo_file($finfo, "file.jpg"));
....
But I'm getting "application/octet-stream; charset=binary" instead of "image/jpeg; charset=binary" which is given from "file -i file.jpg" (shell command).
What's the problem?
Solved using $finfo = finfo_open(FILEINFO_MIME); instead of the other line. I think the default magic file is not the same that I was specifing.
As refered on www.php.net/manual/en/ref.fileinfo.php:
<?php
function is_jpg($fullpathtoimage){
if(file_exists($fullpathtoimage)){
exec("/usr/bin/identify -format %m $fullpathtoimage",$out);
//using system() echos STDOUT automatically
if(!empty($out)){
//identify returns an empty result to php
//if the file is not an image
if($out == 'JPEG'){
return true;
}
}
}
return false;
}
?>
Alternately, if you've got execution rights and want to use a "hacky" solution, you can simply do what you've already done (using file -i path with shell_exec):
<?php
function shell_get_mime_type($path) {
if (is_readable($path)) {
$command = 'file -i "' . realpath($path) . '"';
$shellOutput = trim(shell_exec($command));
//eg. "nav_item.png: image/png; charset=binary"
if (!empty($shellOutput)) {
$colonPosition = strpos($shellOutput, ':');
if ($colonPosition !== false) {
return rtrim(substr($shellOutput, $colonPosition + 1));
}
return $shellOutput;
}
}
return false;
}
?>
Try to use function mime_content_type().
Related
I am trying to convert .docx files to .pdf files using Unoconv. Libreoffice is installed on my server and the script works for another website on the server.
Using the line use Unoconv\Unoconv; results in an HTTP ERROR 500.
Does someone know why I get a HTTP ERROR 500?
Here is my script:
<?php
require './Unoconv.php';
use Unoconv\Unoconv;
$originFilePath = './uf/invoice/17/word/202100021.docx';
$outputDirPath = './uf/invoice/17/pdf/202100021.pdf';
Unoconv::convertToPdf($originFilePath, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=202100021.pdf");
?>
Here is my Unoconv.php script:
<?php
namespace Unoconv;
class Unoconv {
public static function convert($originFilePath, $outputDirPath, $toFormat)
{
$command = 'unoconv --format %s --output %s %s';
$command = sprintf($command, $toFormat, $outputDirPath, $originFilePath);
system($command, $output);
return $output;
}
public static function convertToPdf($originFilePath, $outputDirPath)
{
return self::convert($originFilePath, $outputDirPath, 'pdf');
}
public static function convertToTxt($originFilePath, $outputDirPath)
{
return self::convert($originFilePath, $outputDirPath, 'txt');
}
}
?>
#Alex is correct about wrapping in try/catch first, but should the syntax be:
...
} catch(\Exception $e){
...
Start from wrapping your code with try...catch to get the error message first:
<?php
try {
require 'Unoconv.php';
use Unoconv\Unoconv;
$map1 = $_SESSION['companyid'];
$filename = $result1['filename'];
$originFilePath = './uf/doc/'.$map1.'/word/'.$filename.'.docx';
$outputDirPath = './uf/doc/'.$map1.'/pdf/'.$filename.'.pdf';
Unoconv::convertToPdf($originFilePath, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=".$filename.".pdf");
readfile($outputDirPath);
} catch (\Exception $e) {
die($e->getMessage());
}
I've observed that LibreOffice can be a little quirky when doing conversions, especially when running in headless mode from a webserver account.
The simplest thing to try is to modify unoconv to use the same Python binary that is shipped with LibreOffice:
#!/usr/bin/env python
should be (after checking where libreoffice is installed)
#!/opt/libreoffice7.1/program/python
Otherwise, I have worked around the problem by invoking libreoffice directly (without Unoconv):
$dir = dirname($docfile);
// Libreoffice saves here
$pdf = $dir . DIRECTORY_SEPARATOR . basename($docfile, '.docx').'.pdf';
$ret = shell_exec("export HOME={$dir} && /usr/bin/libreoffice --headless --convert-to pdf --outdir '{$dir}' '{$docfile}' 2>&1");
if (file_exists($pdf)) {
rename($pdf, $realPDFName);
} else {
return false;
}
return true;
Note the export HOME={$dir} directive, to ensure that temporary lock files will be saved in the current directory where, presumably, the web server has full permissions. If this requirement isn't met,
LibreOffice will silently fail (or at least, it will fail - that much I observed - and I haven't been able to locate an error message anywhere - I found out what was going on through the use of strace).
So your code would become:
$originFilePath = './uf/invoice/17/word/202100021.docx';
$outputDirPath = './uf/invoice/17/pdf/202100021.pdf';
$dir = dirname($originFilePath);
$pdf = $dir . DIRECTORY_SEPARATOR . basename($originFilePath, '.docx').'.pdf';
$ret = shell_exec("export HOME={$dir} && /usr/bin/libreoffice --headless --convert-to pdf --outdir '{$dir}' '{$originFilePath}' 2>&1");
// $ret will contain any errors
if (!file_exists($pdf)) {
die("Conversion error: " . htmlentities($ret));
}
rename($pdf, $outputDirPath);
header("Content-type:application/pdf");
header("Content-Disposition:attachment;filename=202100021.pdf");
readfile($outputDirPath);
I assume that libreoffice is present in the usual alternatives link of "/usr/bin/libreoffice", otherwise you need to retrieve its path with the terminal command of "which libreoffice". Or, from a php script,
<?php
header('Content-Type: text/plain');
print "If this works:\n";
system('which libreoffice 2>&1');
print "\n-- otherwise a different attempt, returning too much information --\n";
system('locate libreoffice');
I'm facing an issue with file uploads using Yii2 framework, but I think that question goes deeper than a framework problem. I have an app that allow the user do pdf files uploads, until here my app works fine but I'm in trouble when some smartass rename the filename extension from anything to pdf. The app isn't validating this kind of trick.
I tried without success to validate the mimetype. Now I'm looking for another way.
Anyone know how to block this kind of cheat?
Its better to keep it simple and just use this
<?php
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if(finfo_file($finfo,$filename) == 'application/pdf'){
// input file is pdf
}
?>
Since you said its not working for you you can try these
if you are using a Linux server you can use the shell commands to check them mime type
<?php
function detectMimeType($filename='')
{
$filename = escapeshellcmd($filename);
$command = "file -b --mime-type -m /usr/share/misc/magic {$filename}";
$mimeType = shell_exec($command);
return trim($mimeType);
}
?>
Or you can try this method .Here we assume that Pdf file starts with a %PDF string .[usually it does start with %PDF].
<?php
function detectFileType($filename='')
{
$handle = fopen($filename, "rb");
$contents = fread($handle, 4);
fclose($handle);
if($contents == "%PDF")
{
return "application/pdf";
}
else
{
return "application/octet-stream"; //unknown type
}
}
?>
[this code is not tested ]
Refer these links you will get some more info about what went wrong
http://php.net/manual/en/function.mime-content-type.php
http://php.net/manual/en/ref.fileinfo.php
the best way is to check mime type of file :
http://php.net/manual/en/function.finfo-file.php
<?php
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if(finfo_file($finfo,$filename) == 'application/pdf'){
// input file is pdf
}
finfo_close($finfo);
?>
The problem was solved using the mime_content_type function.
Check the function here php.net
This function returns the real mime type.
I have exported an SQL file from a database by using phpmyadmin. The file is named final.sql.bz2 and then I uploaded it onto my Live Server.
The question is, how could I extract that file by using PHP code? I tried to search for that on google, but not getting any result. How could I unzip it?
You should use the bzip function from PHP not the zip functions they are different.
http://php.net/manual/en/book.bzip2.php
Or if its possible you can use exec to execute the bunzip2 command to extract your file from your archive:
bunzip2 [DATEI].bz2
I needed to extract bz2 in shared hosting where tar couldnt help me to extract (got error with bzip2 and lbzip2, and I could not install anything or do sudo...)
I solved it by creating a php file and run it from command line (of course you can modify the script to use it online too).
bunzip2.php
<?php
function decompress($data)
{
// Decompress the file
if (#file_exists($data)) {
$bz = bzopen($data, 'r');
$uncompressed = '';
// Read the uncompressed data.
while (!feof($bz)) {
$uncompressed .= bzread($bz, 4096);
}
// Close the Bzip2 compressed file and write
// the data to the uncompressed file.
bzclose($bz);
if (stripos($data, '.tbz2') !== false) {
$newFile = str_replace('.tbz2', '.tar', $data);
} else {
if (stripos($data, '.tbz') !== false) {
$newFile = str_replace('.tbz', '.tar', $data);
} else {
$newFile = str_replace('.bz2', '', $data);
}
}
file_put_contents($newFile, $uncompressed);
return $newFile;
// Else, decompress the string
} else {
return bzdecompress($data);
}
}
decompress($argv[1]);
?>
php bunzip2.php my.tar.bz2
(I just searched for bz2+php on github, I did not check the code in detail but it does the work ;)
I'm trying to make a upload class with PHP. so this is my first PHP class:
//Create Class
class Upload{
//Remote Image Upload
function Remote($Image){
$Content = file_get_contents($Image);
if(copy($Content, '/test/sdfsdfd.jpg')){
return "UPLOADED";
}else{
return "ERROR";
}
}
}
and usage:
$Upload = new Upload();
echo $Upload->Remote('https://www.gstatic.com/webp/gallery/4.sm.jpg');
problem is, this class is not working. where is the problem? I'm new with PHP classes and trying to learn it.
thank you.
copy expects filesystem paths, e.g.
copy('/path/to/source', '/path/to/destination');
You're passing in the literal image you fetched, so it's going to be
copy('massive pile of binary garbage that will be treated as a filename', '/path/to/destination');
You want
file_put_contents('/test/sdfsdfg.jpg', $Content);
instead.
PHP's copy() function is used for copying files that you have permission to copy.
Since you're getting the contents of the file first, you could use fwrite().
<?php
//Remote Image Upload
function Remote($Image){
$Content = file_get_contents($Image);
// Create the file
if (!$fp = fopen('img.png', 'w')) {
echo "Failed to create image file.";
}
// Add the contents
if (fwrite($fp, $Content) === false) {
echo "Failed to write image file contents.";
}
fclose($fp);
}
Since you want to download a image, you could also use the imagejpeg-method of php to ensure you do not end up with any corrupted file format afterwards (http://de2.php.net/manual/en/function.imagejpeg.php):
download the target as "String"
create a image resource out of it.
save it as jpeg, using the proper method:
inside your method:
$content = file_get_contents($Image);
$img = imagecreatefromstring($content);
return imagejpeg($img, "Path/to/targetFile");
In order to have file_get_contents working correctly you need to ensure that allow_url_fopen is set to 1 in your php ini: http://php.net/manual/en/filesystem.configuration.php
Most managed hosters disable this by default. Either contact the support therefore or if they will not enable allow_url_fopen, you need to use another attempt, for example using cURL for file download. http://php.net/manual/en/book.curl.php
U can use the following snippet to check whether its enabled or not:
if ( ini_get('allow_url_fopen') ) {
echo "Enabled";
} else{
echo "Disabled";
}
What you describe is more download (to the server) then upload. stream_copy_to_stream.
class Remote
{
public static function download($in, $out)
{
$src = fopen($in, "r");
if (!$src) {
return 0;
}
$dest = fopen($out, "w");
if (!$dest) {
return 0;
}
$bytes = stream_copy_to_stream($src, $dest);
fclose($src); fclose($dest);
return $bytes;
}
}
$remote = 'https://www.gstatic.com/webp/gallery/4.sm.jpg';
$local = __DIR__ . '/test/sdfsdfd.jpg';
echo (Remote::download($remote, $local) > 0 ? "OK" : "ERROR");
I keep recieving a PHP error, "Call to undefined function getallheaders() in /home/jbird11/public_html/grids/upload.php on line 8"
The upload script basically takes an image that is dragged into an area, and uploads it. When I drag the image, I get this message.
Here is the first 40 or so lines of the php file:
<?php
// Maximum file size
$maxsize = 1024; //Kb
// Supporting image file types
$types = Array('image/png','images/gif','image/jpeg');
$headers = getallheaders();
// LOG
$log = '=== '. #date('Y-m-d H:i:s') . ' ========================================'."\n"
.'HEADER:'.print_r($headers,1)."\n"
.'GET:'.print_r($_GET,1)."\n"
.'POST:'.print_r($_POST,1)."\n"
.'REQUEST:'.print_r($_REQUEST,1)."\n"
.'FILES:'.print_r($_FILES,1)."\n";
$fp = fopen('log.txt','a');
fwrite($fp, $log);
fclose($fp);
header('content-type: plain/text');
// File size control
if($headers['X-File-Size'] > ($maxsize *1024)) {
die("Max file size: $maxsize Kb");
}
// File type control
if(in_array($headers['X-File-Type'],$types)){
// Create an unique file name
$filename = sha1(#date('U').'-'.$headers['X-File-Name']).'.'.$_GET['type'];
// Uploaded file source
$source = file_get_contents('php://input');
// Image resize
imageresize($source, $filename, $_GET['width'], $_GET['height'], $_GET['crop'], $_GET['quality']);
} else die("Unsupported file type: ".$headers['X-File-Type']);
// File path
$path = str_replace('upload.php','',$_SERVER['SCRIPT_NAME']);
// Image tag
echo '<img src="'.$path.$filename.'" alt="image" />';
Any idea what is causing this error? Permissions perhaps? Permission are set to 755. You can see a working demo of this here: http://pixelcakecreative.com/grids/
Any idea how to fix this? Thanks in advance
From the docs:
This function is an alias for apache_request_headers(). Please read the apache_request_headers() documentation for more information on how this function works.
If you're not using apache (with php as a module), this function is not available.
It's an apache related function. Maybe You don't have needed extensions installed?
from the hosting company: It appears that that function is only supported when PHP is run as an Apache module. Our Shared and Reseller servers run PHP as CGI, and unfortunately this cannot be changed. We apologize for any inconvenience.
If that function is absolutely required for your site, you will need to consider upgrading to a VPS, in which case PHP can be installed however you like.
you can use this code to be sure you have such a function not depending on server software configuration:
if (!function_exists("getallheaders"))
{
function getallheaders()
{
$headers = "";
foreach ($_SERVER as $name => $value)
{
if (substr($name, 0, 5) == "HTTP_")
{
$headers[str_replace(" ", "-", ucwords(strtolower(str_replace("_", " ", substr($name, 5)))))] = $value;
}
}
return $headers;
}
}