/    Sign up×
Community /Pin to ProfileBookmark

Unique identifier for uploaded images

Copy linkTweet thisAlerts:
Jun 25.2009

I have an image upload script that takes a large picture and resizes it to a web-friendly size, then saves it to the ./../pgallery/ folder. The script then creates a thumbnail image of this resized picture and saves it to the ./../pgallery/thumbs/ folder. The image is ultimately saved as $imagepath in the folders. I’m not sure what part the $source is playing.

The pictures are placed in a folder on the server, and the image name and sizes of the big picture and thumbnail are put into a database table.

The script works well, but I need to make the images unique to the user. I’d like to be able to assign the user’s user_id to the image. The user_id is in a session variable:

[code=php]$_SESSION[‘user_id’][/code]

How can I do this? I’ve tried several things but nothing has worked.

I need the images in the folders to match the name that’s put into the database. Ideally, it would look like this – 12_car.jpg where 12 is the user’s user_id. user_id + an underscore + image.jpg.

The script starts out by taking the image name from the form and if it isn’t empty, converts it to all lower characters and checks the database to see if that name is already in use. If that image name is already in the database an error message is returned telling them to either change the image name or select another picture.

If the image isn’t already in the database it gets processed.

[code=php]$new_image = $_FILES[‘new_image’][‘name’];
if ($new_image != ”)
{
$new_image = strtolower($new_image);

// Make sure the image image_name isn’t already in the database.
$query = “SELECT id FROM ads WHERE image_name=’$new_image'”;
$result = mysql_query ($query) or die(mysql_error());
if (mysql_num_rows($result) == 0)
{

if(isset($_POST[‘submit’])){
if (isset ($_FILES[‘new_image’])){
$imagename = $_FILES[‘new_image’][‘name’];
$imagename = strtolower(“$imagename”);
$source = $_FILES[‘new_image’][‘tmp_name’];
$target = “./../pgallery/”.$imagename;
move_uploaded_file($source, $target);

$imagepath = $imagename;
$save = “./../pgallery/” . $imagepath; //This is the new file you saving
$file = “./../pgallery/” . $imagepath; //This is the original file[/code]

Any help would be appreciated.

Thanks
Alan P

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@SyCoJun 25.2009 — [code=php]$imagename = $_SESSION['userid'].'_'.strtolower($_FILES['new_image']['name']);[/code]

If the same user uploads 2 images with different names then it'll overwrite. A timestamp would be OK if you're only uploading one image at a time. If you're storing any image data in adatabase you can get the last inserted id associated with the uploaded image and add that to the image name instead. Then is you needed the user id you could explode it off the front of the image name and look it up.

[code=php]$imagename = $_SESSION['userid'].'_'.time().'_'.strtolower($_FILES['new_image']['name']);[/code]


Uploading files to a server opens a up a potential huge security hole. With user uploaded files you should white listing allowed extensions, uploading to a folder outside the webroot, storing the image details in a database, renaming the file to a non executable file format like 123.xyz and serving the file using a PHP script to put it all back together. That way you image will have it's original name and your server won't get totally owned.
Copy linkTweet thisAlerts:
@Alan_PauthorJun 26.2009 — Uploading files to a server opens a up a potential huge security hole. With user uploaded files you should [B]white listing allowed extensions[/B], uploading to a folder outside the webroot, storing the image details in a database, [B]renaming the file to a non executable file format like 123.xyz [/B]and [B]serving the file using a PHP script to put it all back together[/B]. That way you image will have it's original name and your server won't get totally owned.[/QUOTE]
Sounds great, but over my head. I can't even append the user_id to the image, much less all these things you suggested.

File type testing would be nice, as would making the file non-executable.
Copy linkTweet thisAlerts:
@JunkMaleJun 26.2009 — This site has 100's of examples of this, search the php forum threads for whitelists and chmod to change the level of access a file has and so on.
×

Success!

Help @Alan_P spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.9,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...