Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    New Coder
    Join Date
    Aug 2005
    Location
    canada
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts

    any ideas on how to make this more secure?

    hey guys, I am not so good in php, so can you tell me of more ways I can make this uploading script I wrote more secure?

    uploading script: http://share.codelove.org/G-man-8vqX3ug0.html
    html form: http://share.codelove.org/G-man-3R0m7Pt6.html

    thanks in return.
    The G-man

  • #2
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    From looking at the code I'm guessing all it does is allow users to create files by uploading them. How will these files be displayed? I think you should use htmlentities. I don't know if I would use an upload form like this one if I were you. What is to stop someone from creating a php file and then navigating to it. This php file could compromise your server. I think if anything you would set the type to .txt so it couldn't be excecuted as .php.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #3
    New Coder
    Join Date
    Aug 2005
    Location
    canada
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by _Aerospace_Eng_ View Post
    From looking at the code I'm guessing all it does is allow users to create files by uploading them. How will these files be displayed? I think you should use htmlentities. I don't know if I would use an upload form like this one if I were you. What is to stop someone from creating a php file and then navigating to it. This php file could compromise your server. I think if anything you would set the type to .txt so it couldn't be excecuted as .php.
    Good Idea, and then I will include() the txt.

    any ideas on how to allow users to make their own usernames\passes without the aid of mysql?
    The G-man

  • #4
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Just do some searching for a "Flat File Membership System". I don't really recommend this as flat files can get very large in file size if you have a lot of users. Why don't you want to use a database for this? It would be much more efficient.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #5
    Senior Coder
    Join Date
    Jan 2007
    Posts
    1,648
    Thanks
    1
    Thanked 58 Times in 54 Posts
    Good Idea, and then I will include() the txt.
    It would be even safer to use file_get_contents(), as the contents wouldn't be parsed for PHP then.

  • #6
    Regular Coder
    Join Date
    Sep 2006
    Location
    Colorado
    Posts
    132
    Thanks
    7
    Thanked 1 Time in 1 Post
    To validate that images they upload are actually images I recommend checking using something similar to this:

    PHP Code:
    <?php

    list($width$height$type$attr) = getimagesize("image_name.jpg");

    echo 
    "Image width " .$width;
    echo 
    "<BR>";
    echo 
    "Image height " .$height;
    echo 
    "<BR>";
    echo 
    "Image type " .$type;
    echo 
    "<BR>";
    echo 
    "Attribute " .$attr;

    ?>

    If the file isnt a valid image it shouldnt have a width or a height.
    -bubbles

  • #7
    New Coder
    Join Date
    Aug 2005
    Location
    canada
    Posts
    40
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks alot guys.

    I preffer not to use mysql because I know nothing about it, I have it installed and all, I just don't know how to use it (yet)
    Last edited by Do'h!; 06-13-2007 at 11:39 PM.
    The G-man


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •