Image uploading

Question

kaizokupuffball 0 Light Poster

12 Years Ago

Hi!

I got this image uploading script for my website, but i don't know if it's gonna work or not. I just wanted to ask if someone could take a look at it, and tell me if the code looks okay and ready to go. Thx in advance.

<?php

include 'db_connect.php';
$uploadSubmit = mysql_real_escape_string($_POST['imageSubmit']);

if ($uploadSubmit)
{
	if ($_FILES['image'])
	{
		$contents = file_get_contents($_FILES['image']['tmp_name']);
		
		if (stristr($contents, "<?php") || stristr($contents, "system(") || stristr($contents, "exec(") ||
		stristr($contents, "mysql") || stristr($contents, "include(") || stristr($contents, "require(") ||
		stristr($contents, "include_once(") || stristr($contents, "require_once(") || stristr($contents, "echo'") || stristr($contents, 'echo"'))
		{
			echo 'Are you really trying to hack this site? Enjoy your upload b&.';
			$sql = "INSERT INTO banned (ip) VALUES ('".$_SERVER['REMOTE_ADDR']."')";
			$result = mysql_query($sql) or trigger_error(mysql_error()."".$sql);
			die();
		}
	}
	
	else
	{
		$sql = "SELECT * FROM banned WHERE ip='".$_SERVER['REMOTE_ADDR']."'";
		$result = mysql_query($sql) or trigger_error(mysql_error()."".$sql);
		$num_rows = mysql_fetch_row($result);
		
		if ($num_rows[0] == 0)
		{
			function getExtension($str)
			{
				$i = strrpos($str,".");
				
				if (!$i)
				{
					return "";
				}
				
				$I = strlen($str) - $i;
				$ext = substr($str,$i+1,$I);
				return $ext;
			}
			
			define ("MAX_SIZE","5000");
			$error = 0;
			$file = $_FILES['image']['name'];
			
			if ($file == '')
			{
				echo 'You didn\'t select an image to upload.';
				$error = 1;
			}
			
			else
			{
				$filename = stripslashes($file);
				$extension = getExtension($filename);
				$extension = strtolower($extension);
				
				if (($extension != 'jpg') && ($extension != 'jpeg') && ($extension != 'png'))
				{
					echo 'Only JPG, JPEG and PNG are allowed image types.';
					$error = 1;
				}
				
				else
				{
					$size = filesize($_FILES['image']['tmp_name']);
					
					if ($size > MAX_SIZE*1024)
					{
						echo 'The max allowed filesize is 5MB.';
						$error = 1;
					}
					
					$time = time();
					$newImageName = 'wally-'.$time.'.'.$extension.'';
					$imageFullPath = 'images/'.$newImageName.'';
					
					if (!$errors)
					{
						if (!move_uploaded_file($_FILES['image']['tmp_name'], $imageFullPath))
						{
							$error = 1;
						}
					}
					
					if ($uploadSubmit && !$error)
					{
						include 'class.imageResizer.php';
						$work = new ImgResizer($imageFullPath);
						$work -> resize(125, "thumbs/".$newImageName."");
						
						$uploader = $_SESSION['username'];
						$sql = "INSERT INTO images (image, uploader, validated) VALUES ('$newImageName','$uploader','0')";
						$result = mysql_query($sql) or trigger_error(mysql_error()."".$sql);
						
						echo 'Your image has been uploaded and awaiting validation.';
						echo 'The page will redirect in 2 seconds.';
						echo '<meta http-equiv="Refresh" content="2;url=http://www.wallpapers.puffys.net">';
						
					}
				}
			}
		}
		
		else
		{
			die("You are banned from uploading.");
		}
	}
}

?>

image php

2 Contributors
3 Replies
141 Views
6 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by diafol

diafol

12 Years Ago

I got this image uploading script for my website, but i don't know if it's gonna work or not.

So you haven't tried it?

Edited 12 Years Ago by diafol because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

kaizokupuffball 0 Light Poster · Answer 1 · 2011-11-19T17:33:13+00:00

Just tried it, and i get "You didn't select an image to upload.".

diafol · Answer 2 · 2011-11-19T18:03:07+00:00

Is this your code? If not try the Configuring Ready Made Scripts forum or the site from where you got it.