Security issues and parsing data iPhone to Server

Question

I have an iPhone that uploads jpg images to folder 'uploads' on a remote server. This is done using a asynchronous method on the iOS, which connects to a PHP script. The PHP script then handles the image. The PHP script is simple and looks as follows :

$uploaddir = './uploads/';
$file = basename($_FILES['userfile']['name']);
$uploadfile = $uploaddir . $file;

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
        echo "http://iphone.zcentric.com/uploads/{$file}";
}

How can I improve the security to know that it is the correct iPhone that is connecting to the PHP script?. Also, how can I create a folder that has an unique name to the iphone device so the images are stored inside it, rather than in the 'uploads' server?. e.g. the iPhone connects to the PHP Script, the script verifies the iPhone and gets an unique identifier (i'm not sure what that unique identifier can be, perhaps imei?), and creates a folder e.g. M234SFDFS/image.jpg

Answer 1

You can get a bunch of data from individual phones (with just a couple of lines of code)

Add them as URL variables when you access the PHP page.

I am looking at a more elegant way to do this myself, and I am stuck using php. I had to go to script variables, but I think I am going to have to move to something a bit more advanced like websockets.

~ Dan

Answer 2

If you have any kind of user management on the server side you can go with a simple HTTP Basic Authentication to check the user credentials and increase the security.

Moreover I would suggest to send a unique id from your iOS app to the server to identify the same iOS device. To do this check the thread How to create a GUID/UUID using the iPhone SDK which shows you how to create your own unique id instead of using the device id (which is deprecated).