-3

I want give permission to my users to upload jpg/png type photo using simple method.. is this dangerous for website.. can someone hack or damage my website with this. i am using PHP in serverside.

Rishi
  • 123
  • 10
  • It's always a risk, letting users upload files to your website. But you can mitigate it to a great extent depending on your code. There's no way to say whether your method is safe or not without seeing how you're dealing with it, though. – andrewsi Oct 23 '13 at 16:12
  • This isn't a question. And it isn't dangerous if you do it right. –  Oct 23 '13 at 16:12
  • which `simple method` do you use? – Black Sheep Oct 23 '13 at 16:16
  • simply with php to check photo format and size and pixel.. – Rishi Oct 23 '13 at 16:25

1 Answers1

5

It's dangerous if you don't know what you're doing.

If you don't check that it really is an image, a potential hacker could upload a fully working C99 script, and totally wreck your site, even your server.

Basically, what you need to (at minimum), is to use getimagesize to check that the uploaded file really is an image.

There's plenty of questions about this at stackoverflow, here's quick and dirty:

if (!getimagesize($_FILES['your_image']['tmp_name'])){
    die('Not an image');
}

Some excellent advices from @deceze here.

If you trust user input, you're eventually going to regret it. Mime-type is easy to fake, I don't even bother to say anything about file extensions.

Some basic rules:

  • Never, ever trust user input
  • Always sanitize your inputs
  • If you really need to allow users to upload images, there's scripts already for this, which are much more secure than you can every accomplish.

If you really want to try your luck, for god sake, at least disable php in your upload directory and all subdirectories in it.

You can do it by adding a .htaccess file in your upload directory containing this.

php_flag engine off
Community
  • 1
  • 1
  • 1
    *"and totally wreck your site, even your server"* - it's true, and this is why you must never run you PHP script in Apache mod_php (run as Apache's user) but rather as CGI/FCGId wrapper (run as virtual server owner). Then even if it happens you will put in danger only the current web-server and neither other users' accounts nor server itself. – Ilia Ross Oct 30 '13 at 10:01
  • @IliaRostovtsev I can agree with that, but it's not always possible (some webhosts). Basically user with access to that script can gain superuser on the server and do anything. –  Oct 30 '13 at 11:06
  • If you mean *mod_php*, then yes, it's true. In case of *CGI/FCGId* wrappers it wouldn't matter. – Ilia Ross Oct 30 '13 at 11:14