Menu
Community /Pin to ProfileBookmark
@NogDogApr 29.2019 — #
Well, you'd lose me as a potential developer for this right here, if I were actually in the market to do it.
You should tell the developer the functional requirement, not how to code it, IMHO. What if they know a better way? (Ditto for Requirement 10.)
Frankly, you'd probably need to use some 3rd-party library -- not necessarily PHP, even -- if you want to check for malicious software, since it's possible to put such code into video and other non-programming files.
What Php Functions To Use To Build A Secure File Upload Form ?
Php Folks,
I want to allow my website members to login to their accounts and upload files to my server so other members can view them. Files such as text files, image files, audio files and video files. But not program files or executable files.
Now, what features must my File Upload Form have ?
I need a complete list of Php features it must have. I need you to give me a complete list of Php Functions the File Upload Form must make use of.
Kindly list as many Php features and functions you can think of that my File Upload Form must have in order for it to be a Secure File Upload Form so no one can upload malicious files (virus, programs, etc.).
I am going to get the File Upload Form developed by a paid programmer. I need to give the programmer a list of features the File Upload Form must have. Here is my list of REQUIREMENTS so far:
REQUIREMENT 1:
Php 7 code must be procedural style. No OOP.
REQUIREMENT 2:
The current web form is a single file uploading form. You can upload only 1 “video file” at a time.
You must add multiple upload feature by adding 3 more fields where on one field you can upload “img” file only and on another field you can upload “audio” file only and on another field you can upload “text” file only.
Uploading Form should be in:
Html5, CSS (latest version), Responsive Design (for both Computer, Mobile, Tablets, iPhone, etc. users) with Captcha facility and contain Hidden Field/s to foil bots.
Must be sql injection proof, hacking proof, bot uploading proof and malicious file (virus, etc.) uploading proof.
Current form looks like this:
[code]
<form METHOD=”POST” ACTION=”” enctype=”multipart/form-data”>
<fieldset>
<p align=”left”><h3><?php $site_name ?> ID Video Verification Form</h3></p>
<div class=”form-group”>
<p align=”left”<label>Video File: </label>
<input type=”file” name=”id_verification_video_file” id=”id_verification_video_file” value=”uploaded ‘Id Verification Video File.'”></p>
</div>
</fieldset>
<p align=”left”><button type=”submit” class=”btn btn-default” name=”id_verification_video_file_submit”>Submit!</button></p>
</form>
You can make the file uploading webform look something like the following. It is only a rough idea about what fields it should contain. And not a rough idea about what the webform design should look like. Frankly, I do not like the webform design and so change it to look good and cool. Show me a few web form templates and I will descide which design I want.
[code]
<form METHOD=”POST” ACTION=”” enctype=”multipart/form-data”>
<fieldset>
<p align=”left”><h3><?php $site_name ?> ID Video Verification Form</h3></p>
<div class=”form-group”>
<p align=”left”<label>Video File: </label>
<input type=”file” name=”id_verification_video_file” id=”id_verification_video_file” value=”uploaded ‘Id Verification Video File.'”></p>
</div>
<div class=”form-group”>
<p align=”left”<label>Audio File: </label>
<input type=”file” name=”id_verification_audio_file” id=”id_verification_audio_file” value=”uploaded ‘Id Verification Video File.'”></p>
</div>
<div class=”form-group”>
<p align=”left”<label>Text File: </label>
<input type=”file” name=”id_verification_text_file” id=”id_verification_text_file” value=”uploaded ‘Id Verification Video File.'”></p>
</div>
<div class=”form-group”>
<p align=”left”<label>Image File: </label>
<input type=”file” name=”id_verification_image_file” id=”id_verification_image_file” value=”uploaded ‘Id Verification Video File.'”></p>
</div>
</fieldset>
<p align=”left”><button type=”submit” class=”btn btn-default” name=”id_verification_video_file_submit”>Submit!</button></p>
</form>
REQUIREMENT 3:
Add filters and sanitizations so malicious files cannot be uploaded. Nor can sql injections can be made.
REQUIREMENT 4:
Only file types from White-List should be uploaded. Any File Types not listed on this White-List should be discarded and not uploaded. Error should be given that this type of file is not allowed to be uploaded.
REQUIREMENT 5:
Uploaded File should not be more than 100MB. Echo error if File Sizes exceed limit & halt script.
MUST check File Size with function: file_size():
REQUIREMENT 6:
Set a maximum name length and maximum file size – Make sure to set a maximum name length and file size in order to prevent a Denial of Service attack.
If you do not know what I am talking about then read number “6” on the following link:
REQUIREMENT 7:
MUST make use php of function getimagesize() for security purpose.
REQUIREMENT 8:
Write to the file when you store it to include a header that makes it non-executable.
If you do not understand what I am talking about then read the line on the following link that comes just after the CONCLUSION section.
REQUIREMENT 9:
MUST STORE all errors and DISPLAY all errors using traditional:
“Errors[] = “”;.
On my script, fix my error coding mistakes related to the following format as I have no clue how to fix all that to store errors and display them.
“Errors[] = “”;.
REQUIREMENT 10:
To detect File Details, should use php functions:
file_info() & mime_content_type():
Script Files (executable files) should not be uploadable. Only text files (.txt, .doc, .pdf, etc.), image files (.giff, .jpeg, etc.), audio files (.mp3, etc.) and video files (.mp4, .wav, etc.).
REQUIREMENT 11:
Script should check whether file upload was successful or not.
MUST check with upload with function: is_uploaded_file().
NOTE: After the check, user must get notified whether file has been uploaded successfully or not.
REQUIREMENT 12:
Uploaded File should be renamed to “$user” before getting saved to permanent destination directory: $directory_path_and_user_dir/$user.
MUST Rename File using function: rename():
Eg. If file name is “my_vid.MP4” or “12345.WAV” and User’s username ($user) is “tom” then File Name should be renamed to: “tom_id_verification.MP4″/”tom_id_verification.WAV”.
REQUIREMENT 13:
You may make use of any other php functions, not mentioned in my REQUIREMENTS LIST, should you deem making use of these are necessary to make the php script more safe & secure to upload files. On the quote, you will have to provide me a list of extra functions and features you are thiniking of adding to make the php script secure. If you deem more functions are needed to be used then speak-up. Because, if you do not speakup and others speakup the list of php functions further needed to make the php script safe & secure to upload files then I will assume you have no experience in building these File Uploading scripts and they do. Or, why else you failed to provide me the list and kept quiet ?
END OF REQUIREMENTS
Sign in
to post a comment4 Comments(s) ↴
0
@NogDogApr 29.2019 — #>@site-developer#1603170 REQUIREMENT 1:
> Php 7 code must be procedural style. No OOP.
Well, you'd lose me as a potential developer for this right here, if I were actually in the market to do it.
>REQUIREMENT 7:
>MUST make use php of function getimagesize() for security purpose.
You should tell the developer the functional requirement, not how to code it, IMHO. What if they know a better way? (Ditto for Requirement 10.)
Frankly, you'd probably need to use some 3rd-party library -- not necessarily PHP, even -- if you want to check for malicious software, since it's possible to put such code into video and other non-programming files.