I am trying to upload an image to a directory on a server. i'm using the tutorial found at http://www.reconn.us/content/view/30/51/.
First, is that a good method for uploading images using PHP?
Second, I'm also going to store the info in a MySQL database. What is a good way to deal with images that have the same name that the user uploads? For example, if a user uploads a file 'test.png' 2x in a row, what should happen to the second filename? From the script above, both will get a unique filename, but how would I as the user access that image again? I couldn't just query because the only name I know was the duplicate name I gave it, and I definitely don't know the unique name the server gave it using the upload time...
Third, what is a good max file size for images?
You can report the unique URL back to the user after the upload so that the user will know where to find the image. So, the first test.png could be http://www.example.com/images/fjdklagjsdl.jpg and the second could be http://www.example.com/images/jklfsdlkj.jpg
You can also provide some kind of interface for users to view images they've uploaded. If you display a thumbnail of the uploaded image next to the image's unique filename, it will be easy for the user to identify which image is which.
This is the method I use:
Users upload images
Server saves the image with a unique (GUID or something) filename and stores - both - the unique generated filename and the original uploaded filename in a database
Images are linked to using either the original_filename, unique_filename or primary_key for the images table.
The images are taken from the server, and served using the original filename stored in the database. This way you avoid chances of conflicting filenames and you preserve the image's original filename. In addition, this allows you to build a search on the original_filename column for the user to use.
With this method, unique filenames never have to be exposed to the user, instead they're used to locate the image associated with a specific id or original_filename in the 'images` table.
Of course, if you don't care about giving the original filename to the image when it's displayed, you can just generate a unique filename whenever you want to store it.
Related
My web application is really simple. There are two buttons: one called "save" and the other called "show my images".
Basically, the user can save images from the Facebook API and store them in the server folder called "backup" (to back up their images on the server so if they deleted their FB or image from FB they will have backup).
When the user clicks "save", the images will be stored in two locations. The image URL will be stored in SQL database, but it will also be saved on server folder called "backup"
When they click "show images", it will retrieve the image's URL from the database and display the image. However when checkImage() is called, it will check if the image URL is valid. If it's invalid, it will retrieve the same image from the server folder "backup".
I don't want the admin to access the backup folder and be able to see all the user's images.
Before the images get saved in the backup folder on server I want to encode the user images and when they request the image it will decode and be displayed.
Is this possible?
The reason that I want to do this is because I'm worried that the FB image URL will be broken and thus the image will not show on the website.
function checkImage($url) {
if (#getimagesize($url)) {
echo "image exists ";
} else {
echo "image does not exist";
}
}
Yes it is possible and it is good thing to do
I have worked already on these kind of system, i have worked on sites similar to google drive or dropbox , and the security/ privacy for user's files comes at first and the point you are making is very much valid and reasonable.
Let me explain you what you can do to make this possible so even if admin / anyone have ftp access to the folder he / she will not be able to see the images at all.
When you save the images to your database , and you save also the link of facebook to check if it's valid or not , save also the following informations from the image to use them later on for decryption of images.
File size
Image type
Image extension
Image Original name
Image encrypted name
Image path
Image user
User path
Now let me explain you what these columns would mean to your system.
File size would be obviously the size of the image you are saving to your server in case you need the informations for insights of your server.
Image type should be the type of file which is like : image/jpeg or image/png
Image extension Should be the extension of image , which you will need to use for decrypting the image inside your system.
Image original name should be also used for system to decrypt the image to show the original image name
let say image original name + image extension will be used inside headers function for php.
Image encrypted name , this will be a random string without file extension for example :
let say you have a image named : myimage.jpeg , now what you will do is save the original file name and extension into database , then while using the move_uploaded function of php to move the file into folder of user (folder can be also unique random string for every user), then just rename the file inside upload process to something like 823982j3kkj2hjh3j2h323hj2h3jh23jh just a random string without extension inside a random string named folder which is associated to the user which even user doesn't know and save this random string name along with image 's other details and later on you will need to to identify the image and rename it to original one with extension.
Image path should be the complete path to the image folder , you need this to identify the folder where you stored the image
Image user this is obviosuly a user's id
User path this is a random string named folder where image will be stored
in this way , you will encrypt the image and it will be only visible to the user only from the system's functionality, even admins will not be able to identify the folder or files that are conncted to the users and files will be saved without extension and without original name , so only system will be able to decrypt it.
i hope i have given you an idea on how you can do it.
I want users to be able to upload multiple images at a time.
Then the image will be resized and stored in the file system and a link to the image will be stored in the database (MySQL).
I could possibly retrieve the images like this:
Route::post('upload', function(){
$files = Input::file('files');
foreach($files as $file) {
$file->move('uploads/');
}
});
Then I'd get the links and store them in an array.
What would be the best way to store these links in the database?
I was working on a project that required uploading an image and resizing/cropping it to various sizes. The best way I found was to take the uploaded image and use Image manipulation library package in laravel to resize it. You can easily manipulate images with this without having to deal with PHP graphic library directly. Then I hashed the current timestamp and the user id of the user together to get a unique name for the file system. After that I stored all the resized and original images in the file system with the unique name but appended small_, big_ and orig_ in front of the files. I stored only the unique name hash in the database. And each time I had to access the images I just appended whichever size I wanted and fetched it from the system.
i would like to make a simple avatar system for my users.
Usage is simple, every uploaded avatar image is named by user, for example:
<a>...$username.'.jpg';..</a>
so there is really no need for database.
When user is logged in, I just append the filetype to the already (from database) required username.
What concerns me here is the default image, which is used before user sets his own image. What is the best way to handle this? Is there a possiblity to create / copy default image to users avatar folder when user account is created?
I know that I can achieve this using database (default value) or checking if user image is set etc. but i want to keep it as simple as possible.
Thanks in advance :)
Very simple example of what the file would do. I'd suggest making it more secure of course.
$filename = $_GET["avatar"];
$path = 'path/to/your/files';
if (!file_exists($path.$filename.'.jpg'))
{
$filename = "default";
}
Header('Content-type: image/jpg');
readfile($path.$filename.'.jpg');
Check if the user's profile picture exists on the file system:
If it exists: display it.
If it doesn't: display the default image that is stored in one single place. No need to copy it.
I recommend saving the image name in the database, with its extension. People may want to upload a PNG or GIF image, rather than the classical JPG.
A simple example of what you are trying to do could be...
When a user registers in your site, he or she can upload or not an image.
Make a validation in the process to know if there is an image to be uploaded or not. Also, if there is a file in the process, validate it's extension (declare and array with the extensions you want to allow and compare with the incomming file).
If the user that is registering doesn't upload an image, in your server, create a default image for example: "users/default.jpg". So in the insert to you db, you must put in your imaginary "image_name" column: default and in your "image_ext" column: .jpg
If the user that is registering uploads an image in the process, in your server (when you validated the extension and size) create for example: "users/1.jpg" which "1" is the userid, and also in your insert to the db put in your imaginary "image_name" column: 1 and in your "image_ext" column: .jpg
To retrieve the image, just do a kind of select * from of the userid you want and just put in your html: echo "<img src='users/".$row['image_name'].$row['image_ext']."'/>"; and that's all, you are done.
On my website I let users upload images.
I save the images under some hashed (based on name + timestamp) name.
I store both the original name as the hashed name in the database.
I would like to display the image on my page using the original name.
CASE
user uploads test.jpg
image is saved as /img/6eabd22d35b4132cc58e4dff75e466cc1e444d93053ca80087b12ff620bd3451 on the server
both original and hashed names are stored in database
display the image on a page using the original name (<img src="/img/test.jpg" alt="" title="">) which actually is /img/6eabd22d35b4132cc58e4dff75e466cc1e444d93053ca80087b12ff620bd3451
Is this possible?
Yeah, that's definitely possible. It's actually quite easy, you have to:
Rewrite all requests that conform to that pattern to a (PHP) script using the Apache module mod_rewrite;
In that script fetch the real name from the database and display the image. Don't forget to also send the correct header, otherwise it won't work.
Edit
I would suggest making a relational table which holds your hash to filename. When you do the query you can return an array of both results, one used for the image source, and the other used for the name.
OK. What I wanted to do is simply not possible.
i just wanna ask on how to make a simple gallery for my website wherein the images used to display are from database and will automatically display on the gallery? so that when i have to update the images i won't enormously create thumbnails..??
I would recommend against keeping the image data in a database, it's almost always a bad idea.
I would recommend storing metadata about the images in the database and then including a pointer to the file (the image's path on the local filesystem). If you need to make thumbnails create them as the images are added, store them on the filesystem too and store the path to them in the table too.
Another approach is to have the filename of the image and thumbnail as a function of the image ID. E.g. store it on the server at /some/directory/images/123.jpg and /some/directory/images/123_thumbnail.jpg where 123 is the id of the image.
use mysql BLOB storage - Example: http://www.anyexample.com/programming/php/php_mysql_example__image_gallery_%28blob_storage%29.xml
You can create the thumbnails and update the database when the images are uploaded to a directory within your http path. A simple php routine can extract the picture names from the db and include them in your gallery.