Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




4571 posts

Uber Geek

Trusted

#257464 4-Oct-2019 14:32
Send private message

Kia ora team, just a general question for the developer types out there.

 

We have a little custom calendar 'app' we use to manage our civil teams who aren't, obviously, office-bound with easy PC access. It's HTML (with bootstrap for styling/responsiveness) with a PHP & MySQL back-end. The whole thing is behind a log-in.

 

I'm knocking together a basic web form they can use for near miss reporting so they can just jump on their phones and fill this out. I'd like to include a file upload field so they can take a photo and upload if required. I just wanted to sound off what I plan on doing and see if it's the "right" thing to do....

 

- User submit forms
- PHP to check file type, and if it's actually an image (apparently getimagesize() can be used to do that?)
- If file OK, rename with a unique ID (to avoid conflicting file names) and dump in to a folder in the web directory
- Create a DB entry (probably just do a separate table for them i guess?) with the UID/filename, and other appropriate info to index against the correct 'near miss report'

 

From there a "manager" will just get a notification a new report has been submitted, and they can jump on to a view a list of the reports and export a PDF of the report if required - hence the need to store the image.

 

Does that all sound OK? Anything else I should verify before letting the file to be uploaded to the script?

 

This isn't a "mission critical" type application. It runs on a VM that gets backed up daily, so I'm not overly concerned with security, but also don't want the pain of having to rebuild it just because of some dodgy file upload.


Create new topic
Webhead
2521 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #2329652 4-Oct-2019 14:45
Send private message

You should make sure its not possible to execute PHP and other script languages in the folder you store the images.

 

I would also make sure that its not easy to go through the images, thats to say that you don´t store them as imageID.jpg (thats to say, image01.jpg, image02.jpg etc). If its easy to increase the number and find the attachments that might be a problem in that the images would be easily available for people that shouldn´t see them.

 

 

 

This discussion on Stackoverflow seems a good one on the topic.


BDFL - Memuneh
67914 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #2329667 4-Oct-2019 15:34
Send private message

That's pretty much what I've done on Geekzone with image uploads.





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure 


 
 
 
 




4571 posts

Uber Geek

Trusted

  #2329686 4-Oct-2019 16:49
Send private message

That Stackoverflow link is excellent!

 

Looks like I had the right idea. Didn't think about using htaccess to stop PHP running in that folder - great plan. Now also understand how getimagesize can work too.


Create new topic




News »

Pre-orders for Huawei MateBook 13 open now
Posted 14-Aug-2020 14:26


Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.