Indonesian Back|Track Team
Share Image Upload Validation - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: General Zone (https://www.indonesianbacktrack.or.id/forum/forum-172.html)
+--- Forum: Programming (https://www.indonesianbacktrack.or.id/forum/forum-95.html)
+---- Forum: PHP (https://www.indonesianbacktrack.or.id/forum/forum-112.html)
+---- Thread: Share Image Upload Validation (/thread-5967.html)

Pages: 1 2

Image Upload Validation - ino_ot - 08-19-2014

Udah lama ane g share dimari. Untuk pak Admin kalo ane repost silakan ente delete aja. :v
Okeh mungkin sederhana, tapi sedikit membantu, dimana form upload foto atau gambar biasanya dimanfaatkan oleh si attacker, Nah g jarang kan ente para attacker and defender mencoba buat upload shell berektensi php, asp, dan apa aja ke web orang :v . ane share sedikit script php untuk membuat semua file yang tidak berekstensi jpg, png, atau semua yang berhubungan dengan gambar menjadi berekstensi gambar, jadi dirubah secara paksa saat uploadnya :v. (Tidak berlaku untuk image shell ya)
baik ini scriptnya

Quote:define ("UPLOAD_DIR", "../gambar/");
$fileupload = $_FILES['gsoal'];
$namagambar=$_FILES['gsoal']['name'];
$name = preg_replace("/[^A-Z0-9._-]/i", "_", $fileupload['name']);
$parts = pathinfo($name);
if (isset($parts['extension'])) {
$ext = $parts['extension'];
if ($ext !== 'jpg' && $ext !== 'gif' && $ext !== 'png')
$ext = "jpg";
$name = $parts['filename'] . '.' . $ext;
}
else {
$ext = 'jpg';
$name = $parts['filename'] . '.jpg';
}
move_uploaded_file($fileupload['tmp_name'], UPLOAD_DIR . $name);

Nah itu ditaruh saat mau disimpen .
Terimakasih, semoga bermanfaat :v

RE: Image Upload Validation - abdilahrf - 08-19-2014

ane pelajarin dulu om Big Grin
thanks share nya

RE: Image Upload Validation - Sekai92 - 08-19-2014

sip om,, ane ikutan belajar Big Grin

RE: Image Upload Validation - wahyuardan - 08-21-2014

kalau buat multi ektension gimana kk..?misal yg diallow jpg, doc gitu,.? maksih Big Grin

RE: Image Upload Validation - ino_ot - 08-25-2014

(08-21-2014, 10:47 PM)wahyuardan Wrote: kalau buat multi ektension gimana kk..?misal yg diallow jpg, doc gitu,.? maksih Big Grin

Tambahin di kondisi nya om ..
jadi jika dia bukan jpg, png, or doc maka not allowed, and rubah extensi ..

seperti disini :
if ($ext !== 'jpg' && $ext !== 'gif' && $ext !== 'png' && $ext !== 'doc')

RE: Image Upload Validation - iKONspirasi - 08-26-2014

owh ini dipake di app gudangnya ya om? mantab nih, cendol sent Big Grin
btw gsoal itu apa ya?

RE: Image Upload Validation - ino_ot - 09-06-2014

(08-26-2014, 01:57 AM)iKONspirasi Wrote: owh ini dipake di app gudangnya ya om? mantab nih, cendol sent Big Grin
btw gsoal itu apa ya?

terimakasih om .. hehehe . Alhamdulillah nambah cendolnya .
gsoal itu nama obyeknya om .. obyek di web yang menyatakan file

RE: Image Upload Validation - ./exsucks - 09-10-2014

makasih scriptnya om , ijin coba ya Big Grin

RE: Image Upload Validation - yudha24 - 08-29-2015

gagal paham >.< ini script apaan om?

RE: Image Upload Validation - falcon - 09-01-2015

Mungkin bisa aya tammbahkan, yng ini diambi ldari w3school bro yang mungkin fungsunya lengkap . Silahkan di comot :v

Code:
<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
    $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
    if($check !== false) {
        echo "File is an image - " . $check["mime"] . ".";
        $uploadOk = 1;
    } else {
        echo "File is not an image.";
        $uploadOk = 0;
    }
}
// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
    echo "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
        echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>