Hello and welcome to our community! Is this your first visit?
Register
Results 1 to 10 of 10
  1. #1
    Regular Member

    Join Date
    Oct 2009
    Location
    . Hai
    Posts
    204

    PHP File uploading virus scanning.

    I am making a website to upload only video files, but how do i make sure that they are not viruses?
    [center:1anagt1t]NickWilsonMusic.NET[/center:1anagt1t]

  2. #2
    Veteran Enthusiast LeadingManNigel's Avatar


    Join Date
    May 2005
    Location
    New York City
    Posts
    6,213

    Re: PHP File uploading virus scanning.

    Learn more server side scripting languages?

  3. #3
    lucien is queen Hazzystan's Avatar

    Join Date
    Feb 2008
    Location
    Scotland
    Posts
    2,977

    Re: PHP File uploading virus scanning.

    Creating an array with allowed filetypes should stop any potential viruses.

    Code:
    $filetypes = array('.wmv','.mp4'); 
    $extension = substr($filename, strpos($filename,'.'), strlen($filename)-1);
    
      if(!in_array($extension,$filetypes)) {
    
           echo "Filetype is not allowed.";
        }
    Change the code to fit with your own, of course.
    what is homo love?

  4. #4
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: PHP File uploading virus scanning.

    Quote Originally Posted by Hazzystan
    Creating an array with allowed filetypes should stop any potential viruses.

    Code:
    $filetypes = array('.wmv','.mp4'); 
    $extension = substr($filename, strpos($filename,'.'), strlen($filename)-1);
    
      if(!in_array($extension,$filetypes)) {
    
           echo "Filetype is not allowed.";
        }
    Change the code to fit with your own, of course.
    It won't you can easily bypass that by adding any of those elements to the filename string.

    A few ways of locking down files you want are:-

    1. Check the extenstion, don't use in array like the example above. Explode on "." if count > 1, stop, else look at index 1, and verify the extenstion.

    2. Check the mime type.

    3. With htaccess you can lock down permission levels.

    There no solid guarantee it won't contain a virus though. Adding the above checks would make it harder for people to do so.

  5. #5
    Regular Member

    Join Date
    Oct 2009
    Location
    . Hai
    Posts
    204

    Re: PHP File uploading virus scanning.

    What i have so far:

    Code:
    <?php
    
    //properties of the uploaded file
    $name = $_FILES["myfile"]["name"];
    $type = $_FILES["myfile"]["type"];
    $size = $_FILES["myfile"]["size"];
    $temp = $_FILES["myfile"]["tmp_name"];
    $error = $_FILES["myfile"]["error"];
    
    if ($error > 0)
    	die("Error Uploading File! Code: $error.");
    	else
    {	
    	if ($type == "video/avi" || $size > 536870912) ;
    	{
    	move_uploaded_file($temp, "uploadedvideos/".$name);
    	echo "Upload Complete";
    	}
    	else
    	{
    	die("Incorrect format or file size!");	
    	}
    }
    
    ?>
    [center:1anagt1t]NickWilsonMusic.NET[/center:1anagt1t]

  6. #6
    lucien is queen Hazzystan's Avatar

    Join Date
    Feb 2008
    Location
    Scotland
    Posts
    2,977

    Re: PHP File uploading virus scanning.

    Quote Originally Posted by FirenIce
    What i have so far:

    Code:
    <?php
    
    
    	
    	if ($type == "video/avi" || $size > 536870912) ;
    You have to make the size smaller than (<), also I would change "||" to "&&".
    And why do you have a line break at the end of an if statement?
    what is homo love?

  7. #7
    Regular Member
    Join Date
    Jan 2010
    Posts
    245

    Re: PHP File uploading virus scanning.

    Probably just an error.

    Just a tip: You might want to include an index.php file in your uploadedvideos directory to redirect people back to the main page.
    [center:2lrplsjz][/center:2lrplsjz]

  8. #8
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: PHP File uploading virus scanning.

    ^ Htaccess is a better solution.

  9. #9
    Enthusiast Spitfire's Avatar

    Join Date
    Mar 2008
    Location
    Canada
    Posts
    1,005

    Re: PHP File uploading virus scanning.

    I recognize that code, from phpacademy. I used it originally too.

    I still have to work on my safety for the uploader. But so far the only way i've done that is adding to the :
    Code:
    if ($error > 0)
    {
      die("Error Uploading. Code: $error.");
    } 
          //Contditions For Uploading File
      
    else
    {
    
    if($type == "video/avi" || $type == "application/bat" || $type == "music/mp3" || $size > 500000 )
    
    {
      die ("Sorry Either The Format Is Not Supported Or The File Is Too Big.");
    }
    And Thats what i've been trying, but so far i can't get half of the filetype names correct like .bat files, and others.

    Either way adam knows what hes talking about, you should probably just look into it and try it. I probably will too.
    [center:1ztq707r]
    |Animations|Forum Rules|Purgatory - Inconvenience - Story|[/center:1ztq707r]

  10. #10
    Regular Member

    Join Date
    Feb 2007
    Location
    Ahaha! I got VIP!
    Posts
    126

    Re: PHP File uploading virus scanning.

    Quote Originally Posted by Spitfire
    I recognize that code, from phpacademy. I used it originally too.

    I still have to work on my safety for the uploader. But so far the only way i've done that is adding to the :
    Code:
    if ($error > 0)
    {
      die("Error Uploading. Code: $error.");
    } 
          //Contditions For Uploading File
      
    else
    {
    
    if($type == "video/avi" || $type == "application/bat" || $type == "music/mp3" || $size > 500000 )
    
    {
      die ("Sorry Either The Format Is Not Supported Or The File Is Too Big.");
    }
    And Thats what i've been trying, but so far i can't get half of the filetype names correct like .bat files, and others.

    Either way adam knows what hes talking about, you should probably just look into it and try it. I probably will too.
    Actually, application/bat as far as I can see is the correct MIME type for batch files. Still, you should block application/x-bat and application/x-msdos-program as well.

    In any case, have you looked into this? It says it scans your entire web server but you might be able to modify it to scan just your uploaded files directory with a cron job, or manually.


 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •