[El Forum]

[eluser]LuckyFella73[/eluser]
@cyberjunkie
Yes I use callbacks that way and it works. It's like CroNiX posted.
If you set a callback function when setting rules for form validation
the validation is just listening for a TRUE or FALSE returned by your
callback function. In your callback funtion itself you can have all
kind of php code including $_FILE operations. Only the "normal"
validation rules are meant to validate $_POST data.

You said there are no error messages - how do you display them?
Can you post your view file?

[El Forum]

[eluser]boltsabre[/eluser]

@boltsabre, thanks for the warning! I thought that the Codeignter upload library handled all the security issues.

To be honest, I'm not sure, I've never used the CI image uploader library, or looked at the code, or looked at the documentation.

Still, I think it would be prudent to gain/research the knowledge about file upload vulnerabilities and check them against what/how CI handles them. I'm sure the library handles some of it, but I doubt it handles it all!

For example you should rename file names, that way if someone does somehow manage to get a bit of bad code (aka file) into your system, they cannot just call/execute it by typing its name into the url bar (aka www.mydomain/images/my_bad_file_lets_hack_this_site.php.jpg), because you've changed it to something random like www.mydomain/images/fdal45kss4sle843s.php.jpg - the hacker wont have any idea of what the file name is anymore

[El Forum]

[eluser]cyberjunkie[/eluser]
Ok I finally got it to work, here is the full code. I'm also re-sizing the uploaded file. Note: I changed the name of my file input to entry_image so I had to add that in the function argument

Code:

$this->upload->do_upload('entry_upload')

Code:

function create()
{
  $this->form_validation->set_rules('content', 'Entry', 'trim|required|xss_clean');    
  $this->form_validation->set_rules('entry_upload', 'Image', 'callback__file_validation');
  
  if ($this->form_validation->run() == FALSE)
  {
   //Load View
  }
  else
  {
   $entry_image = NULL; //leave NULL if no file uploaded
  
   if ($_FILES['entry_upload']['error'] == 0) //There is no error, the file uploaded with success.
   {
    $entry_image = $this->upload->file_name; //set to file name
   }
      
  
   $data = array (
    'user_id' => $this->tank_auth->get_user_id(),
    'content' => $this->input->post('content'),
    'entry_image' => $entry_image
   );
  
   $this->Entries_model->create_entry($data);
  
   $this->session->set_flashdata('success', 'Entry added!');
   //redirect
  }  
  
}

Callback. First I'm checking to see if a file was selected before validating. This is handy of you don;t want file uploads to be required.

Code:

function _file_validation()
{
  if ($_FILES['entry_upload']['error'] !== 4) //if file selected
  {
   $user_id = $this->tank_auth->get_user_id();
  
   $config['upload_path'] = "./uploads/entries/{$user_id}";
   $config['allowed_types'] = 'jpg|png';
   $config['encrypt_name'] = TRUE;
   $config['overwrite'] = FALSE;
   $config['max_size'] = '800'; //in KB
  
   $this->load->library('upload', $config);
  
   if (! $this->upload->do_upload('entry_upload'))
   {
    //set file errors
    $this->form_validation->set_message('_file_validation', $this->upload->display_errors('', ''));
    return FALSE;
   }
   else
   {
    //Resize Image
    $config['image_library'] = 'gd2';
    $config['source_image'] = $this->upload->upload_path.$this->upload->file_name;
    $config['create_thumb'] = TRUE;
    $config['maintain_ratio'] = TRUE;
    $config['width'] = 120;
    $config['height'] = 120;
    
    $this->load->library('image_lib', $config);
    
    if (! $this->image_lib->resize())
    {
     //set file errors
     $this->form_validation->set_message('_file_validation', $this->image_lib->display_errors('', ''));
     return FALSE;
    }
  
    return TRUE;
   }
  }
  
  return TRUE;
}