This is my first Question on Stackoverflow.
I spend my many hour on google to find what is the most secure way to upload file in PHP. there i found some techniques like check file extension, rename file or many other, so kindly tell me if there are any other options for same.
This question is already asked here. but you can use my own code for same it is simple and secure.
function hc_upload($f,$username='',$verify_type=1,$size=2048)
{
$f=$_FILES[$f];
$file_name=strtolower($f['name']);
$file_type=strtolower($f['type']);
$file_size=strtolower($f['size']);
$file_extenstion =end(explode('.',$file_name));
$file_extenstion2=strtolower(pathinfo(basename($file_name),PATHINFO_EXTENSION));
if($file_extenstion2!=$file_extenstion){
$err["error"]=true;
$err["message"]="Invalid file extension.";
return $err;
}
if($file_size > $size*1000){
$err["error"]=true;
$err["message"]="File is too large.";
return $err;
}
$ext_verify=0;
if(gettype($verify_type)!='array')
{
$verify_type=(string)$verify_type;
if((strpos($verify_type,"1") > -1 || $verify_type=="*") && $ext_verify==0)
{
$mimes['ext']=array("jpg","jpeg","gif","png");
$mimes['mime']=array("image/jpg","image/jpeg","image/gif","image/png");
if(in_array($file_extenstion,$mimes['ext']) && in_array($file_type,$mimes['mime'])){$ext_verify=1;}
}
if((strpos($verify_type,"2") > -1 || $verify_type=="*") && $ext_verify==0)
{
$mimes['ext']=array("doc","docx","pdf","xls","xlsx","ppt","pptx");
if(in_array($file_extenstion,$mimes['ext'])){$ext_verify=1;}
}
if((strpos($verify_type,"3") > -1 || $verify_type=="*") && $ext_verify==0)
{
$mimes['ext']=array("mp3","wav","weba","3gp","mp4","mov","mpeg","avi");
$mimes['mime']=array("audio/mpeg","audio/wav","audio/webm","audio/3gpp","video/3gpp","video/mp4","video/quicktime","video/mpeg","video/x-msvideo");
if(in_array($file_extenstion,$mimes['ext']) && in_array($file_type,$mimes['mime'])){$ext_verify=1;}
}
}
else
{
if(array_key_exists("mime",$verify_type) && array_key_exists("ext",$verify_type)){
if(in_array($file_extenstion,$verify_type['ext']) && in_array($file_type,$verify_type['mime'])){$ext_verify=1;}
}
elseif(array_key_exists("ext",$verify_type)){
if(in_array($file_extenstion,$verify_type['ext'])){$ext_verify=1;}
}
elseif(array_key_exists("mime",$verify_type)){
if(in_array($file_type,$verify_type['mime'])){$ext_verify=1;}
}
else{
if(in_array($file_extenstion,$verify_type)){$ext_verify=1;}
}
}
if($ext_verify==0){
$err["error"]=true;
$err["message"]="Seems your file is not valid";
return $err;
}
$upload_dir='upload/'.$username.'/';
if(!is_dir($upload_dir)){
if(!mkdir($upload_dir,0777,true)){
$err["error"]=true;
$err["message"]="Unknown error, kindly contact admin";
return $err;
}
}
$upload_file=$upload_dir.sha1_file($f['tmp_name']);
if(!file_exists($upload_file)){
if(!move_uploaded_file($f['tmp_name'], $upload_file)){
$err["error"]=true;
$err["message"]="Unknown error, kindly contact admin";
return $err;
}
}
$err["error"]=true;
$err["message"]="SUCCESS";
$err["dir"]=$upload_file;
return $err;
}
And HTML Sample Code is
<form action="upload.php" method="post" enctype="multipart/form-data">
Select image to upload:
<input type="file" name="fileToUpload" id="fileToUpload">
<input type="submit" value="Upload Image" name="submit">
</form>
So simply call this function in php
hc_upload('fileToUpload','',123)
you can create folder for each username by giving value two second parameter
and third parameter two check for file is image or document or audio/video media and also can pass array of extensions for manually check
