Tweet
I am creating a site that would allow registered users to upload videos, flash files, pictures, text files and music to a section of the site. I want the script to, first of all, be safe. I am *very* unsure how to pull this off. What sort of precautions would you recommend? Also, I want the file upload to be able to auto detect what type of media is being uploaded (video, flash, picture, music, text files). How could this be pulled off? Again, I am very much worried about security, so an emphasis on that would be great! Thanks to all.
-
-
I'll focus more on detecting the type of file being p***ed.
Since the mime-type may not be p***ed, or can be forged easily, you'll need to rely on checking the data.
Text files: ASCII encoded files use a maximum of 7-bits for each byte. So p***ing each byte of the file through a filter to check if the bytes are greater than 127 numerically will tell you if the file is text.
Flash: Uses a fairly specific file structure, you should probably download the Flash SDK from Macromedia
Video: You'll need to find the file format specs for each of the formats you wish to allow, and detect them.
Pictures: you may be able to use getimagesize(), if the images you wish to allow are supported by PHP's core. Otherwise, you'll need to get the file format specs. A great resource is Encyclopedia of Graphics File Formats
Music: Just like video, you'll need to look up the file format specs.
you can find the Flash format spec here: http://www.macromedia.com/software/f...ng/fileformat/
Text file filter
<?php
function is_text_file($filename)
{
if(!is_readable($filename)) return false;
$data = file_get_contents($filename);
$bad = false;
for($x = 0, $y = strlen($data); !$bad && $x < $y; $x++)
{
$bad = ( ord($data{$x}) > 127 );
}
return !$bad;
}
?> -
Get more information
i think that if you got profiles with good information about the users than it would be less likely to post a virus, thanksComment
-
Check .exe files
i think it would also be a good idea to block any executable files from being p***ed as these are most likely to cotain virusesComment
-
This script will allow you to upload files from your browser to your hosting, using PHP. The first thing we need to do is create an HTML form that allows people to choose the file they want to upload.
<form enctype="multipart/form-data" action="upload.php" method="POST">
Please choose a file: <input name="uploaded" type="file" /><br />
<input type="submit" value="Upload" />
</form>
This form sends data to the file "upload.php", which is what we will be creating next to actually upload the file.Comment
-
Thanks for give me a impotent information regarding browser hosting script.Comment
Comment