i was thinking this would be a step up in learning php, if i can get my own upload thingy workin than i think i can say i know php, although i have been doign some reserch in the past i found (just thinking this out in my head) that it wouldn't be to difficult to make. So i was just wondering if their was anything i needed to know before i start this, such as security risks i should code for and stuff.
1. Never assume that the file being uploaded has an accurate extension. Don't even trust the MIME type; it can be spoofed.
2. Uploads are first put in a safe directory with a pseudorandom name that you can find from PHP environment variables. After you've verified that the file is ok, you have to copy it elsewhere, otherwise it will be erased once the user's session expires.
2. Uploads are first put in a safe directory with a pseudorandom name that you can find from PHP environment variables. After you've verified that the file is ok, you have to copy it elsewhere, otherwise it will be erased once the user's session expires.
I append an md5 (based on time, and some other things that the user shouldn't be able to figure out) to the filename of a file. I then put this into a folder with a blank index.html file (so that the server doesn't list files in that directory. I also have the script email me when a file is uploaded with a link to it. That way you can validate it and put it into the correct place. Checking extensions is always a very good idea too.
Visit my site at http://nerdyproductions.sobertillnoon.com
PokéGen on Sourceforge:
http://www.sourceforge.net/projects/pokegen
ticalc profile
PokéGen on Sourceforge:
http://www.sourceforge.net/projects/pokegen
ticalc profile
well i havn't started work on this yet, but i have been thinking of it. Thanks for your ideas, i was also considering the use of the md5 function for the filename, but if i don't factor some other things in ppl could easily get tons of files from users who want things kept hidden.
Just use a two-column table in a MySQL db to equate virtual plaintext filenames and actual hashed filenames. You can also add columns for user, ip, # of dls, whatever.
i opened up one of those pre-built ones to look @ the code and then compare it to mine. i was missing a few things, and mostly important things. So ive been re-doing everything but its still not working to nice. I guess this will the topic i post my updates in. right now im planning on putting this out for September 1st, maybe a lil before that
well i started this and it isn't going very well lol
so what i did do to just get a system up nad working was take the pre-built one and i re-wrote some things. soo idk what im going to do, its freeware so i can do what ever. Schools almost here, it has alrdy started for some of you, so i might just use the modded version until i get some time to fix mine. i didn't have anyway to generate tumbnails, seperate by type, vaidate, and a way to hide the downloads from being viewed in the listfist();
so what i did do to just get a system up nad working was take the pre-built one and i re-wrote some things. soo idk what im going to do, its freeware so i can do what ever. Schools almost here, it has alrdy started for some of you, so i might just use the modded version until i get some time to fix mine. i didn't have anyway to generate tumbnails, seperate by type, vaidate, and a way to hide the downloads from being viewed in the listfist();
Register to Join the Conversation
Have your own thoughts to add to this or any other topic? Want to ask a question, offer a suggestion, share your own programs and projects, upload a file to the file archives, get help with calculator and computer programming, or simply chat with like-minded coders and tech and calculator enthusiasts via the site-wide AJAX SAX widget? Registration for a free Cemetech account only takes a minute.
» Go to Registration page
» Go to Registration page
Page 1 of 1
» All times are UTC - 5 Hours
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Advertisement