Author Topic: My own exchange (Read 4512 times)

Zylstra · « **on:** August 15, 2006, 12:31:57 AM »

I am adding an exchangeserver to my site right now.
To do so, I am using a simple form upload.
I would like to know how to block certain file types from being uploaded, and would like to know how I can limit file size...

How can I do this?

Information will be provided on request.

Rob Pomeroy · « **Reply #1 on:** August 15, 2006, 10:07:12 AM »

What do you mean by "exchangeserver"?

Content checking is very important for uploads. I think we have already discussed placement of uploads? Certainly you must never let a user directly upload a file to an accessible location within your web tree, since this could theoretically make it possible for them to upload malicious code and execute it remotely.

The content checking depends on what sort of file you expect to receive. If you're expecting an image, you can use the GD library functions to see if the file really is an image, for example.

Bit more info please?

Zylstra · « **Reply #2 on:** August 15, 2006, 01:49:19 PM »

Yes, this topic of uploads was discussed. But you never told me how.

I think I am going to make this exchange file thing from scratch.

What do I mean by "exchangeserver"? Just more of a folder in my site, set as a sub-domain, that allows a user to upload an audio or image file.
But I want to only allow audio and image. I need to block .exe, .php, .php3, .html, and anything else that can execute on a web server.

Rob Pomeroy · « **Reply #3 on:** August 16, 2006, 05:16:16 AM »

Okay. You know how to upload a file?

After the file is uploaded, you run a script that:

renames the file (use some sort of randomiser, and check for conflicts)
puts the original filename, plus any description into a database, along with the new name.
optionally runs a GD library function to test if the file really is an image, or you could use the id3 funtions for limited testing of MP3s

You never tell the end user the actual name of the file, and you keep it out of the web tree. It is retrieved using another script.

Alternatively hold all uploads in a "moderation queue" and only release them when the contents are approved.

You WON'T be able to do this satisfactorily and safely without a database.

Zylstra · « **Reply #4 on:** August 16, 2006, 01:28:40 PM »

Hmm, well, I guess I will just hold this one off until I can think of something better.

...

Rob Pomeroy · « **Reply #5 on:** August 16, 2006, 04:11:33 PM »

You just need to learn the skills. You'll find it very satisfying in the end, to make it all yourself.

Computer Hope Forum

News:

Author Topic: My own exchange (Read 4512 times)

Zylstra

My own exchange

Rob Pomeroy

Re: My own exchange

Zylstra

Re: My own exchange

Rob Pomeroy

Re: My own exchange

Zylstra

Re: My own exchange

Rob Pomeroy

Re: My own exchange