Secure PHP Image Uploader
I put together this class to act as a one step, no hassle image processor for file uploads. After searching the web for a short while trying to find something which would not only check the errors HTML returns, but also deal with security vulnerabilities and resize the image, I eventually decided it would be easier for me to build one myself. And now that I have it working and fairly secure, I've decided to release it for anyone's use. I've tried to address all the security concerns I can think of, but if anyone spots any other security holes, please do let me know.
After including ImgUploader.class.php (found in the download at the bottom of the page) you simply construct an instance of the class for each image you're uploading, and then call upload() or upload_unscaled() for each location you want to save the image to. More detailed instructions and examples can also be found in the zip file.
<?php include 'imgUploader.class.'; // construct the object, based off an array from the $_FILES variable $img = new ImgUploader($_FILES['file']); // attempt to save a 400x400 version of the image if($name = $img->upload('path/to/save/to/', 'filename', 400,400)) echo '<img src="'.$name.'" alt="image" />'; else echo 'ERROR! '.$img->getError(); ?>
Mercurial Repository: ImgUpload