-1

I am trying to accomplish a script where a user uploads an image and inputs a piece of text where from this Imagick will overlay said text over said uploaded image then output the file as an image download. This is my first project with PHP, I have taken a base source and I am attempting to alter it to fit my needs, I believe I have most portions working including the download part. After diagnosing the issue I believe that the $new_image is not saving to the disk before the image download has taken place.

As of now its partially working, I will remove all instances of image files from the target directory, fill in the form and press submit, the PHP script takes place but the output file is corrupt (nothing), I will then go ahead and submit the form again and it will behave as intended, this leads me to believe that the file is not saving correctly.

<?php
function clean($name, $max) {
// Remove everything except letters numbers . and @ in the variable
preg_replace("/[^A-Za-z0-9.\-_@]/","",$name);

// Do not allow excessively long entries - length set in function call
// Could use a word wrap here - add a \\n after a certain amount of characters
$name = substr($name, 0, $max);
return $name;
}

// If the form has been submitted do this
if(isset($_FILES['filename']['tmp_name'])) {

// Temporary upload image name 
$original_image = $_FILES['filename']['tmp_name'];

// Name to save the image as - in this case the same as the original
// The same folder as the code
$new_image = $_FILES['filename']['name'];  

// Cleanup the text.
$text_submitted = clean ( $_POST['text_submitted'], 18 );

// Build the imagemagick command - using rgba so the opacity of the text can be set
$cmd = "$original_image -pointsize 50 -font /var/www/html/static/fonts/arial.ttf -fill rgba\(0,0,0,0.4\) ".
" -gravity center -annotate +0+0 \"$text_submitted\" ";

//save image
// I believe I need to save the file here????

//dl image
header("Content-type: image/jpeg");
header("Content-disposition: attachment; filename=\"".basename($new_image)."\"");
while (ob_get_level()) {
    ob_end_clean();
}
readfile($new_image);

// Coment out to display the command - good for debugging
//echo $cmd;

// Setup the array for the error reporting
$array = array();

// The array is to hold any errors you may get
// Coment out the if function after debugging
exec("convert $cmd  $new_image 2>&1", $array);
if ( !empty($array) ){
echo "<br >There were some errors during the Imagemagick conversion:<br >
<pre><br >".print_r($array)."<br>"; 
echo "</pre>";
}
            }                      
else { 
?>
MrBlobby
  • 71
  • 1
  • 6
  • Take a look at my answer here: https://stackoverflow.com/questions/38509334/full-secure-image-upload-script/38712921#38712921 As your script is right now, any visitor of your website could seriously damage your server. That's how insecure your code is. – icecub Dec 05 '17 at 03:44
  • Im well aware bud, this current piece of code is not for production. I checked out your answer and ill give it a look over when I have the intended script functioning. – MrBlobby Dec 05 '17 at 03:49

1 Answers1

0

Resolved, I moved the download file portion;

//dl image
header("Content-type: image/jpeg");
header("Content-disposition: attachment; filename=\"".basename($new_image)."\"");
while (ob_get_level()) {
    ob_end_clean();
}
readfile($new_image);

Under where it saves the image;

exec("convert $cmd  $new_image 2>&1", $array);
if ( !empty($array) ){
echo "<br >There were some errors during the Imagemagick conversion:<br >
<pre><br >".print_r($array)."<br>"; 
echo "</pre>";
}

I am retarded, thanks anyway.

MrBlobby
  • 71
  • 1
  • 6