Secure File Upload

[eluser]Firestorm ZERO[/eluser]
I'm adding the ability for users to upload images that can be later be view by others. I see CI already has file upload class so that makes things easier. This is my first doing this. And I would like to do this as secure as possible. So if anyone can give me a quick run down and see if I'm doing it right.

Here's my plan...
- the file upload class to restrict to just images
- the directory of the folder will be set to 755
- the images will have a hash for their filenames
- the DB will hold unique_id and the file hash and original file name
- have an image-view script to call the DB by the unique_id to get the file

[eluser]obobo[/eluser]
I'm really new to all of this .... What is the advantage in creating a unique id in db for each image rather than just using the hash and accessing the files directly? Is it a serious security risk to not store the image in a db and access by file name?

[eluser]Firestorm ZERO[/eluser]
From what I read, they say you shouldn't access the files directly and have a script to pull the data instead. And well a hash using microtime should be technically not collide but I guess that 1 in a billion chance it can. But I am reading like either old or conflicting tutorials off google.

[eluser]xwero[/eluser]
I'm not sure what you're exactly after. the topic title is secure file upload but in the topic itself you are speaking about protecting the files (images) against downloading?

[eluser]Firestorm ZERO[/eluser]
I guess I should of said the best way to safely have users upload files (specifically images) and display them on the website.

Because I been reading like malformed JPGs to get around checks and such that have php scripts in them. Or am I just get getting overly paranoid over nothing @_@

[eluser]xwero[/eluser]
This is what you are after

Code:

switch ($_FILES['namefromform']['type']) {
    case 'image/png':
    case 'image/x-png':
        $img = @imagecreatefrompng($_FILES['namefromform']['tmp_name']);
        break;
    case 'image/jpeg':
    case 'image/pjpeg':
    case 'image/jpg':
        $img = @imagecreatefromjpeg($_FILES['namefromform']['tmp_name']);
        break;
    case 'image/gif':
        $img = @imagecreatefromgif($_FILES['namefromform']['tmp_name']);
        break;
    default:
        $img = false;
}

if (!$img) {
    //  error
} else {
    imagedestroy($img);
}

The mime type only checks the file header so it's a flawed security check but on the other hand not all image files can be created with the gd library and it takes more time in the overall upload procedure.

[eluser]louis w[/eluser]
Never saw imagedestroy before, should it be a big worry that memory gets tied up when uploading images?

[eluser]xwero[/eluser]
It's always best to keep as much memory free as possible. If you rely too much on the garbage collector you will get memory exhausted errors faster.

[eluser]louis w[/eluser]
Thanks xwero, glad i stumbled upon this.

[quote author="xwero" date="1208470257"]It's always best to keep as much memory free as possible. If you rely too much on the garbage collector you will get memory exhausted errors faster.[/quote]

[eluser]xwero[/eluser]
For all clarity the imagedestroy function is because of the imagecreatefromX functions not because of the uploading of the images. That data is stored in a temporary directory until you move the file or when the limit of the directory is exceeded.