CodeIgniter Forums
best way to upload and rename an image - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived General Discussion (https://forum.codeigniter.com/forum-21.html)
+--- Thread: best way to upload and rename an image (/thread-3818.html)

Pages: 1 2 3


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]FuzzyJared[/eluser]
So here is my situation, which I don't think is all that uncommon. I am uploading an image and then creating 3 different sizes of the image through imag_library GD2 and then inserting this information into my database. I have done this much successfully.

What I would like to add into this, is renaming the uploaded image to something unique to ensure that no other image is being overwritten. In the past with other web apps I simply do a time() or other unique id generator and use that in place of the original file name.

Any suggestions on how I would accomplish this, as I don't believe that there is a new_image or new_name setting within the upload library. But as I am fairly new to this framework I could be wrong.


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]Rick Jolly[/eluser]
You could:
1) upload to your server's temp directory (so you won't have to delete this source image later)
2) get the image info that you want to insert into your database from $this->upload->data();
3) insert that data into your database, then if you are using auto-increment, you can get the unique id using $this->db->insert_id();
4) copy/resize your image to the directory of your choice using the upload data 'full_path' as your 'source_image' and add the unique id from the database as the new image name (or at least part of it, appending any constant you like to the name). Example: uploads/img_1.jpg, uploads/img_1_thumb.jpg, etc.

Let me know if that doesn't make sense.


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]llbbl[/eluser]
Read this:

secure file uploading

how rick jolly suggests to do it, is a bad idea.


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]ELRafael[/eluser]
use md5 or other hash method!


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]FuzzyJared[/eluser]
that does make sense. I have found an interesting piece that I did not notice happening. Basically as long as the overwrite is set to false the image will be saved with a number extended onto the end of it. What I didn't realize is that durring my insertion of data into the db was that if it was renamed then the final name was being inserted into the db.

As an example, if I upload my_image.jpg twice, I will have 2 physical images (my_image.jpg and my_image1.jpg). And within my insert, it is recognizing the actual name of the my_image1.jpg so I don't have to change the name.

Code:
$config['upload_path'] = realpath(BASEPATH.'../product_images/');
                $config['allowed_types'] = 'gif|jpg|png';
                $config['max_size']    = '100';
                $config['max_width']  = '1024';
                $config['max_height']  = '768';
                $now = time();
                
                
                $this->load->library('upload', $config);
                $this->upload->initialize($config);
                if ( ! $this->upload->do_upload())
                {
                    if ($_POST) {
                        
                        $data['error'].= ''.$this->upload->display_errors();
                    }
                }    
                else
                {
                    
                    $data .= array('upload_data' => $this->upload->data());
                    $upload_data = $this->upload->data();
                    $image_path = $upload_data['full_path'];
                    $extension = $upload_data['file_ext'];
                    $uploaded_image_name = $upload_data['raw_name'];
                    
                    $some_new_image_path = realpath(BASEPATH.'product_images/');
                    
                    $config['image_library'] = 'GD2';
                    $config['source_image'] = $image_path;
                    $config['new_image'] = './system/product_images/m/'.$uploaded_image_name . $extension;
                    $config['maintain_ratio'] = TRUE;
                    $config['width'] = 640;
                    $config['height'] = 400;
                    
                    $this->load->library('image_lib'); // load the image library
                    $this->image_lib->initialize($config);
                    if ( ! $this->image_lib->resize())
                    {
                       // error
                    }
                    
                    
                    $config['new_image'] = './system/product_images/t/'.$uploaded_image_name . $extension;
                    $config['width'] = 125;
                    $config['height'] = 125;
                    
                    $this->image_lib->clear(); // clear the old config data
                    $this->image_lib->initialize($config);
                    if ( ! $this->image_lib->resize())
                    {
                       // error
                    }
                    $uploaded_image_name = $upload_data['raw_name'].$upload_data['file_ext'];    
                }



best way to upload and rename an image - El Forum - 10-23-2007

[eluser]Rick Jolly[/eluser]
[quote author="llbbl" date="1193189767"]Read this:

secure file uploading

how rick jolly suggests to do it, is a bad idea.[/quote]

What part?


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]llbbl[/eluser]
[quote author="FuzzyJared" date="1193190081"]that does make sense.
[/quote]

if you want your server hacked use FuzzyJared's code.

Basically what you want to do is:

1) don't let the user access the images via the same name or similar name as the original file name.
2) upload the images outside the web root
3) use a php script to view the images

If you can't do 2 or 3 than:

4) check for file extensions
5) use GD to verify it is an image
6) upload the images to a subdomain with php and cgi disabled


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]llbbl[/eluser]
[quote author="Rick Jolly" date="1193190496"][quote author="llbbl" date="1193189767"]Read this:

secure file uploading

how rick jolly suggests to do it, is a bad idea.[/quote]

What part?[/quote]

If you don't know I suggest reading the pdf also.


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]FuzzyJared[/eluser]
Thank you for the pdf. I will read it. I didn't include all the validation that I am using for the file that is being uploaded.

The second part is that I am allowing this image to uploaded within the admin section only.

So although lighter than it could be, I not trusting the user or the file type before I am performing any uploads.


best way to upload and rename an image - El Forum - 10-23-2007

[eluser]Rick Jolly[/eluser]
[quote author="llbbl" date="1193190836"][quote author="FuzzyJared" date="1193190081"]that does make sense.
[/quote]

if you want your server hacked use that code.

1) don't let the user access the images via the same name or similar name as the original file name.
2) upload the images outside the web root
3) use a php script to view the images

If you can't do 2 or 3 than:

4) check for file extensions
5) use GD to verify it is an image
6) upload the images to a subdomain with php and cgi disabled[/quote]

llbbl, don't attack me for answering the question. Upload security was not part of the question and that would have made a very long answer.
1) how is img_1.jpg in any way similar to the original file name?
2) "tmp/" IS outside the web root and I intentionally didn't specify where "uploads/" was. It could, and in most cases should, be outside the web root, but that is up to FuzzyJared.
3) See #2.

Final thought:
Posting a link to file security, although important, does nothing to answer FuzzyJared's question. For all you know from what has been said, FuzzyJared and I co-wrote that article.