Rommeo Posted December 24, 2010 Share Posted December 24, 2010 I have users becoming members and allowed them to upload their own photos. But when they try to upload 5MB photos, it takes time to upload the photo, and sometimes server gives a timeout error. I have searched and found javascripts that uploads to the server but I have noticed that it has security problems. So how do you let users to upload photos ? Quote Link to comment Share on other sites More sharing options...
johnny86 Posted December 24, 2010 Share Posted December 24, 2010 You should use AJAX for uploading, if you have relatively big files to transfer. That way you can show a nice progressbar or just "Uploading..." status for the client untill it's finished. For that you have to create a JavaScript to send the HTTP request and data, that's not a problem. But before you load the page you allow your users to upload, you should create some kind of hash in PHP and attach it to the site JavaScript. Then when a user makes his request to upload file, you have that hash stored in an session and you compare it to the one the user sent. Now you can start the transfer. Before starting the transfer, you should set_time_limit(int time_in_seconds) to allow the script be active for example 2 minutes and after that show an error message. There might also be some concern about the REAL file type being uploaded. You cannot just blindly trust the MIME type of the header or the file extension. For that I don't have a specific solution. You could try to find some class that could verify a proper photo format reading the file itself, but I think that is pretty far fetched. I think you could for example try to install ImageMagick http://www.imagemagick.org/script/identify.php on the server. And upon upload, check the temp file with the program and according to results -> do actions. When that is done, you are safe to save your image and return the response. Which you really don't have to do since when PHP finishes the respond is sent. And in JavaScript you just for response ready state for 200. If that appears, the transfer was completed and now you can let the user do some more stuff. Quote Link to comment Share on other sites More sharing options...
the182guy Posted December 24, 2010 Share Posted December 24, 2010 I'm not exactly sure what you're asking as the title suggests how to secure an image upload but your actual post suggests you want to avoid the timeout error. An AJAX upload is no more secure than a traditional form upload. AJAX will only improve the user experience. If you're worried about eavesdropping then the best solution is to aquire an SSL certificate and use HTTPS. Quote Link to comment Share on other sites More sharing options...
noXstyle Posted December 25, 2010 Share Posted December 25, 2010 Like the182guy said using ssl is the most secure option.. anyhow, on most sites checking the file type is sufficient solution.. and what comes to the timeout problem: you should pump up the max_input_time and max_execution_time php.ini confs... max_input defaults to 60 and max_exec defaults to 30... if people have slow connections it just isnt enough time to upload a 5mb file... Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted December 25, 2010 Share Posted December 25, 2010 Or as noXstyle said, but instead of doing it in php.ini, you can do it for just that particular script if would like. Place this top of your code in your upload script. This is roughly 5 minutes. set_time_limit(300); max_execution_time(300); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.