PHP Secure Image Upload

Secure Image Upload is important for website security. If you have user based website then you should use image upload feature for users because of normally users upload their profile picture in the user-based website. Then you should allow user image upload feature in your website. You should use a script for upload image. Think yourself is it secure file upload? If you think your file uploader is not safe for the website then you should search for secure file upload php scrip. In this tutorial, I am going to discuss on Secure File Upload with PHP

Why Secure Image Upload?

If you ask me, why secure image upload? Then I will reply you, you should secure your web sites image upload system for only your websites security. Most of the hackers hack websites by uploading shell into a server. So, you should add security to your website upload system.

How To Ensure PHP Secure Image Upload?

If you allow image upload via user then you should confirm that any hacker couldn't miss using this feature and they couldn't upload shell in your server. You should ensure that uploaded file is only .jpeg, .jpg , .png , .gif then your system allow to upload this file otherwise deny upload. Here we write a PHP script. Follow these instructions step by step. First, create a file for process upload. We created a PHP file name as upload.class.php and write down this code bellow.

upload.class.php

<?php 
class uploader{
private $type = array("jpg","jpeg","gif","png"),$width = 250,$height = 250,$info = '',$error='';
 function __construct($file,$dir,$newfile){
 $this->file = $file;
 $this->dir = $dir;
 $this->newfile = $newfile;
 @error_reporting(0);
 }
 public function upload(){
 $ext = explode(".",$this->file['name']);
 $ext = strtolower(end($ext));
 
 if(file_exists($this->dir.$this->file['name'])){
 $this->error .= "<div class='text-center'><b>Filename alredy exist!</b></div>";
 return false;
 }
 if (!in_array($ext,$this->type)){
 $this->error .= "<div class='text-center'><b>File Format not supported</b></div>";
 return false;
 }
 list($imwidth,$imheight) = @getimagesize($this->file['tmp_name']);
 
 $hx = (100 / ($imwidth / $this->width)) * .01;
 $hx = round ($imheight * $hx);
 
 if ($hx < $this->height) {
 $this->height = (100 / ($imwidth / $this->width)) * .01;
 $this->height = round ($imheight * $this->height);
 } else {
 $this->width = (100 / ($imheight / $this->height)) * .01;
 $this->width = round ($imwidth * $this->width);
 }
 $image = @imagecreatetruecolor($this->width, $this->height);
 if($ext == "jpg" || $ext == "jpeg") {
 $im = @imagecreatefromjpeg ($this->file['tmp_name']);
 } else if($ext == "gif") {
 $im = @imagecreatefromgif ($this->file['tmp_name']);
 } else if($ext == "png") {
 $im = @imagecreatefrompng ($this->file['tmp_name']);
 }
 
 if(@imagecopyresampled($image, $im, 0, 0, 0, 0, $this->width, $this->height, $imwidth, $imheight)){
 $this->info .= "<div class='text-center'><b>Image uploded successfully!</b></div>";
 }

 if($ext == "jpg" || $ext == "jpeg") {
 @imagejpeg($image, $this->dir.$this->newfile, 100);
 } else if($ext == "gif") {
 @imagegif ($image, $this->dir.$this->newfile);
 } else if($ext == "png") {
 @imagepng ($image, $this->dir.$this->newfile, 0);
 }
 
 @imagedestroy($im);
 return $im;
 
 }
 
 public function getInfo(){
 return $this->info;
 }
 
 public function getError(){
 if(empty($this->error))
 {$this->error = "<div class='text-center'><b>Unknown error! Your request cannot complete now!</b></div>";}
 return $this->error;
 }
 
 public static function e($e)
 {
 echo $e;
 }
 
}
?>

We have written code for image upload. This script has some special feature and security system. This code will upload an image with resizing. You can config uploaded image height , width, and resolution. This script security system is also strong. This script filter file extension and this also accept image files. Some hackers try to upload malware to a server using image uploading system. They rename malware as image name and image upload to server and they change image name using HTTP header plugin. This script has an advanced security system because this script creates a new image from uploaded image. This script can only create an image from valid images otherwise not. So if any hacker tries to upload malware then the script will deny this. Isn't it interesting? I think this is interesting and secure also. Now we are going to create our upload from and where full image uploading system will process. Create a PHP file name as index.php and write down this code bellow.
index.php 

<?php
require_once "upload.class.php"; 
if(isset($_FILES['file'])) {
$origname = $_FILES['file']['name'];
$ext = explode(".", $origname);
$extension = end($ext);
$md5 = md5(time()).md5($origname);
$uplaodfile = md5($md5).'.'.$extension;

$dir = "upload";
if (!is_dir($dir))
{
 mkdir($dir, 0755);
}
$uploader = new uploader($_FILES['file'],$dir.'/',$uplaodfile);
$uploader->upload();
$ok = $uploader->getInfo();
if(!empty($ok))
{
$avatar = $dir . '/' . $uplaodfile;
$uploaded= $uploader->getInfo();
uploader::e($uploaded);
}
else
{
$uploaded = $uploader->getError();
uploader::e($uploaded);
}
}
else
{
?>
<form method="post" enctype="multipart/form-data">
 Select image to upload:
 <input type="file" name="file" >
 <input type="submit" value="Upload Image" name="submit">
</form>

<?php
}
?>

Our index.php file also ready. Here is an image upload form and when anyone uploads a new image then this file will process this upload. You should config directory name where the uploaded image will save. If you create this into your selected server then this all right otherwise this script will create destination directory and upload the image to this directory.

This the script is fully ready to use and you can use this for your project. If you want to use directly then download the attached file and use this. You can also re-config this if you want. I hope you understand this. If you have any question or comment about PHP Secure Image Upload article please don't be hesitate to do that, please comment your question in comment section.