Posts: 314
Threads: 41
Joined: Aug 2012
Udah lama ane g share dimari. Untuk pak Admin kalo ane repost silakan ente delete aja. :v
Okeh mungkin sederhana, tapi sedikit membantu, dimana form upload foto atau gambar biasanya dimanfaatkan oleh si attacker, Nah g jarang kan ente para attacker and defender mencoba buat upload shell berektensi php, asp, dan apa aja ke web orang :v . ane share sedikit script php untuk membuat semua file yang tidak berekstensi jpg, png, atau semua yang berhubungan dengan gambar menjadi berekstensi gambar, jadi dirubah secara paksa saat uploadnya :v. (Tidak berlaku untuk image shell ya)
baik ini scriptnya
Quote:define ("UPLOAD_DIR", "../gambar/");
$fileupload = $_FILES['gsoal'];
$namagambar=$_FILES['gsoal']['name'];
$name = preg_replace("/[^A-Z0-9._-]/i", "_", $fileupload['name']);
$parts = pathinfo($name);
if (isset($parts['extension'])) {
$ext = $parts['extension'];
if ($ext !== 'jpg' && $ext !== 'gif' && $ext !== 'png')
$ext = "jpg";
$name = $parts['filename'] . '.' . $ext;
}
else {
$ext = 'jpg';
$name = $parts['filename'] . '.jpg';
}
move_uploaded_file($fileupload['tmp_name'], UPLOAD_DIR . $name);
Nah itu ditaruh saat mau disimpen .
Terimakasih, semoga bermanfaat :v
Posts: 635
Threads: 53
Joined: Nov 2012
ane pelajarin dulu om 
thanks share nya
Posts: 7
Threads: 0
Joined: Feb 2013
sip om,, ane ikutan belajar
Posts: 117
Threads: 6
Joined: Jan 2012
kalau buat multi ektension gimana kk..?misal yg diallow jpg, doc gitu,.? maksih
Every one Have Superiority that you don't know..
Posts: 314
Threads: 41
Joined: Aug 2012
(08-21-2014, 10:47 PM)wahyuardan Wrote: kalau buat multi ektension gimana kk..?misal yg diallow jpg, doc gitu,.? maksih
Tambahin di kondisi nya om ..
jadi jika dia bukan jpg, png, or doc maka not allowed, and rubah extensi ..
seperti disini :
if ($ext !== 'jpg' && $ext !== 'gif' && $ext !== 'png' && $ext !== 'doc')
Posts: 2,544
Threads: 56
Joined: Jun 2011
owh ini dipake di app gudangnya ya om? mantab nih, cendol sent
btw gsoal itu apa ya?
Posts: 314
Threads: 41
Joined: Aug 2012
(08-26-2014, 01:57 AM)iKONspirasi Wrote: owh ini dipake di app gudangnya ya om? mantab nih, cendol sent
btw gsoal itu apa ya?
terimakasih om .. hehehe . Alhamdulillah nambah cendolnya .
gsoal itu nama obyeknya om .. obyek di web yang menyatakan file
Posts: 7
Threads: 1
Joined: Jan 2014
makasih scriptnya om , ijin coba ya
Posts: 44
Threads: 0
Joined: Aug 2015
gagal paham >.< ini script apaan om?
Posts: 77
Threads: 2
Joined: May 2011
Mungkin bisa aya tammbahkan, yng ini diambi ldari w3school bro yang mungkin fungsunya lengkap . Silahkan di comot :v
Code: <?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
echo "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
echo "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
echo "Sorry, file already exists.";
$uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
echo "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
echo "Sorry, there was an error uploading your file.";
}
}
?>
|
