Image Uploading Script

[Jumpy09]

Me and a friend are working on a nice secure Image Upload Script.

 

The Upload Class

<?php
class imageUploader
{
public $image; // [name], [type], [tmp_name], [error], [size]

public $maxFileSize;

public $imageExtension;

public function __construct($image, $max_file_size)
{
	$this->image = $image;

	$this->maxFileSize = $max_file_size;
}

public function isValidImage()
{
	$validExts = array("gif" => "image/gif", "jpeg" => "image/jpeg", "png" => "image/png");

	if(in_array(strtolower($this->image["type"]), $validExts) == true)
	{
		foreach($validExts as $name => $value)
		{
			if(strtolower($this->image["type"]) == $value)
			{
				$this->imageExtension = $name;

				break;	
			}
		}

		return true;
	}
	else
	{
		return false;
	}
}

public function isValidSize()
{
	if($this->image["size"] > $this->maxFileSize)
	{
		return false;	
	}
	else
	{
		return true;	
	}
}

public function uploadImage()
{
	if($this->image["error"] > 0)
	{
		$errors[] = "An error has occurred";
	}
	elseif($this->isValidImage() == false)
	{
		$errors[] = "Invalid file type. Only use JPG, GIF or PNG";
	}
	elseif($this->isValidSize() == false)
	{
		$errors[] = "Max file size exceeded.";	
	}

	if(count((array) $errors) == 0)
	{
		move_uploaded_file($this->image["tmp_name"], "Images/" . $this->generateName(rand(10, 15)) . time() . "." . $this->imageExtension);
	}
	else
	{
		echo implode("<br />", $errors);
	}
}

public function createThumbnails()
{

}

public function resizeImage($size_y, $size_x)
{

}

public function generateName($length)
{
	$randstr = "";
        
	for ($i = 0; $i < $length; $i++)
	{
		$randnum = mt_rand(0, 61);
            
		if ($randnum < 10)
		{
			$randstr .= chr($randnum + 48);
		}
		elseif ($randnum < 36)
		{
			$randstr .= chr($randnum + 55);
		}
		else
		{
			$randstr .= chr($randnum + 61);
		}
	}
	return $randstr;
}
}
?>

 

The Everyday HTML

<form action="" method="post" enctype="multipart/form-data">	
<table>
	<tr>
		<td>Image</td>
		<td><input type="file" name="file" id="file" /></td>
		<td><input type="submit" name="submit" value="Submit" /></td>
	</tr>
</table>
</form>

 

My friend did most of the work, but had to go to sleep.  My problem is I have a deadline to finish this in under 3 hours for use on my website.

 

What I need it to do is create thumbnails in a /Thumbnail/ sub-folder, with thumbnails being cropped to 100px x 100px.

If the full image is larger than 600px x 600px they would have to be resized down to nothing more than 600px for the longest side.  I wouldn't mind if they were 300px x 600px, just nothing larger than 600px.

 

I'm willing to pay for this to be completed, I only have roughly $50 though.  I know this isn't a freelance area, but it kind of suits this area too with a freelance option.

 

After the upload script is done, I have to work on a php system to get the images and display them, so that I'm not directly linking images.

 

So anyone got some spare time to help out?

[litebearer]

perhaps...

 

http://www.nstoia.com/toh/imageresize.php

[Jumpy09]

I do believe that will do!  I'll give it a shot and try it out ^.^  Thanks.

[Jumpy09]

Sweet works perfectly!  Now, uhm!

 

Once I get it to insert the information into the Database.. such as Filename, File Extension, with the user's id and Album that it belongs into.

 

I found this for the reading of the images:  Came from a blog about .gifs being used to execute php.

 

$file = 'image.gif.php';

Header('Content-Type: image/gif');

readfile('images/'.basename($file));

 

Is that all I would need or, should I use more to make it even more secure?

 

I mean technically I would be pulling this from the database anyway!

 

$fileName = $row['fileName'];
$fileExt = $row['fileExt'];

Header('Content-Type: image/' . $fileExt);

readfile('images/'.$fileName);

 

I f I understand that correctly, the entire script should reduce the chances of malicious use of my Uploader.

 

Can anyone see any security risks that could arise?

[litebearer]

One method of 'sanitizing' uploaded images is to convert them to a BMP then convert the BMP back to the original format. ie jpg to bmp to jpg

[Jumpy09]

That would work with jpeg and png, but it would really mess up gifs.  Some people like to make morphing images and such, but I'm not entirely sure on how to prevent the gif security risk, without sanitizing it with that method.

[Jumpy09]

I have a slight problem with the read file!  It's in some weird encrypted thing.

 

Ó Üš/¦…IIôM$„ƒª`ö„ˆ`Ô! %Â:¹%¶¢NȡдÅÄÌšœA1ÖnHÐ[à´"0! Q@€š‡Ž+ Pw `÷ðeÓèÌÐë]IsbêtZÌ‘ªø]8‘/ÎILÕ):¤HƸ+:EIáj@Na¢!ç†(‚”»;":sã X bF°ÄÊ5rÎìFÍ-¹%c\;’Fé&‘¼—™É] )PÔ:PZ•.FAì9¬´¶6í…‚¡Ìè¹ÙuA9Œ| rºŠ%V´ànsUJbÔz ºu7/Ísp LBaT=‚&‚ê€h#…aKÁ‰¼Dô&™`t'°8°Ÿ”¤'ëØËvžÕÎ䉒/ZFéܽ·ßâ$Š%!2»ãˆkÃ,` ]|MØÃÝ’úZmØ6-Ä‚ÉÙœº¡6¥aÞ†d³IÇn ¼â¸_¬°P:çn-b"ç°63K€¡$è@ `©’-¦]"!†zCpÈ!3wL¸(0Å€P5ml%÷}ð&€dL

 

Due to the way I have coded my site I can't use the Header(); to see if that will fix it!

 

Anyone have a suggestion to get this to read the file properly?

[Jumpy09]

Okay so I just figured out that I may have to call an external file such as

 

<img src="photofile.php?thisdoesnt=verysafe">  of course thisdoesnt as filename, and verysafe as the actual name.

 

 

The way I have it coded currently, it reads the file with html headers already sent.

 

I'd really love to find a way that doesn't involve trusting a user to not mess with the images...  granted my image names are rather random.

 

I'd still have to pass the user id through, but I guess what I have is decently secure.

 

Anyone see a problem/security risk with

 

<img src="readImage.php?user=1&filename=4j3k2l3io324ioj2io3uios908739082klj&fileext=png">

[Jumpy09]

I was waiting to see if anyone would recognize that humongous security risk.  I guess it's just too late in the day to play, who's a good coder.

 

Well the problem with that for anyone who doesn't know was something like this!

 

https://www.domain.com/Test/readFile.php?directory=1&fileName=../../../../../01&fileExt=jpg

 

BUT ALAS!  After searching and searching and finding absolutely nothing on Google about this particular risk, I have come up with a great solution!

 

$directory= preg_replace("/[^A-Za-z0-9]/","",$_GET['directory']);
$fileName = preg_replace("/[^A-Za-z0-9]/","",$_GET['fileName']);
$fileExt = preg_replace("/[^A-Za-z0-9]/","",$_GET['fileExt']);

if($_GET['fileExt'] == 'gif' || $_GET['fileExt'] == 'jpg' || $_GET['fileExt'] == 'png') {
if(file_exists('../../Images/User/' . $directory. '/Thumbnails/' . $fileName . '.' . $fileExt)) {
Header('Content-Type: image/' . $fileExt);
readfile('../../Images/User/' . $directory. '/Thumbnails/' . $fileName . '.' . $fileExt);
} else {
echo '<img src="hackAttempt.png" height="100" width="100" alt="hackAttempt" />';
}
} else {
echo '<img src="hackAttempt.png" height="100" width="100" alt="hackAttempt" />';
}

 

So no matter what they try to do, it'll only do Alphanumeric stripping away all the lovely little ../../../../ things which are not needed through this system.

 

Oh Yeah, I am patting myself on the back for this one.

So running some tests this would be the output!

 

Input: https://www.domain.com/Test/readFile.php?directory=1&fileName=../../../../../01&fileExt=jpg
OutPut: $directory = '1';   $fileName = '01'  $fileExt = 'jpg'

 

So I've got that security risk taken care of!  If they change it to html, or php.. it'll display my lovely image I made.  If they try to throw in any Up a Level things.. it'll strip them away!  And well.. they have to get the original directory right anyway... or it just isn't going to work.

 

So other than the GIF PHP Inclusion which I can't test because I have no idea how to embed PHP into a GIF Image.  I think I have fixed / taken into consideration almost every security flaw for Image Uploads.

 

Can anyone think of anymore?  Each website I visit displays different ones, and it's amusing to see how many security risks most of them invoke on their crowd by trying to eliminate risks.

 

 

[Jumpy09]

So I really like the script litebearer suggested, but it doesn't seem to work good for cropping.

 

public function resizeImage($save,$file,$t_w,$t_h,$s_path,$o_path)
{

	$s_path = trim($s_path);
	$o_path = trim($o_path);
	$save = $s_path . $save;
	$file = $o_path . $file;
	$ext = strtolower(end(explode('.',$save)));
	list($width, $height) = getimagesize($file) ; 
	if(($width>$t_w) OR ($height>$t_h)) {
		$r1 = $t_w/$width;
		$r2 = $t_h/$height;
		if($r1<$r2) {
		  $size = $t_w/$width;
		}else{
		  $size = $t_h/$height;
		}
	}else{
		$size=1;
	}
	$modwidth = $width * $size; 
	$modheight = $height * $size; 
	$tn = imagecreatetruecolor($modwidth, $modheight) ; 
	switch ($ext) {
		case 'jpg':
		case 'jpeg':
					$image = imagecreatefromjpeg($file) ; 
		break;
		case 'gif':
					$image = imagecreatefromgif($file) ; 
		break;
		case 'png':
					$image = imagecreatefrompng($file) ; 
		break;
	}
	imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
	imagejpeg($tn, $save, 100) ; 
	return;

}

 

I'm trying to get the images to be 100px by 100px for Thumbnails, but they keep coming out stretched or looking funny.

 

This is pretty far out of my league of expertise, could anyone offer advise, suggestions, or a possible fix?