jquery - php delete from sql and directory form -


i have resolved issue of warning going if(!file_exists($file_to_delete)(as know in folder images needed user not other directories) have made check on id numeric & exists in db , sanitised query's believe please have though new code below , see if ok or if , further problems exist

many thanks

heres code 

<?php  // include databse  include ("common.php");    // varibles	  $delete = $_post['delete'];  $id = $_post['id'];  $filename = $_post['filename'];  $ext = end(explode('.',$filename));    // check if form has been submitted  if (isset ($delete))  {  // check filename not empty  if(empty($filename)) {      $status = "please enter filename" ;  	$error = true;  	$filecheck = false;  }    else {  	$filecheck = true;  }    if ($filecheck)  {  //check user stays in correct directory & check image ext  if(!preg_match('/^\/?[\w\s-_]+\.(jpe?g|gif|png|bmp)$/',strtolower($filename)))   {  	$error = true;  	$status = "please check filename";  }     else {      $file_to_delete = 'images/' . $filename;  }    // check file_to_delete set  if ($file_to_delete)  {  // checks file exists  if(!file_exists($file_to_delete))  {  $status = "file not found please check filename";  $error = true;  $idcheck = false;  }    else   {  $idcheck = true;	  }  }    // check $idcheck set  if($idcheck)  {  // check id not empty  if(empty($id)) {      $status = "please enter id " ;  	$error = true;  	$filecheck = false;  }    //check if id not numeric  else if(!is_numeric($id))  {  	$error = true;  	$status = "please check id";  }    else  {  // check id exists in database  $query = "select id `test` `id` = :id" ;  $stmt = $db->prepare($query);  $stmt->bindparam(":id", $id);  $stmt->execute();    //if id exists.  if($stmt->rowcount() > 0)  {  	$error = false;  }    else {  	$error = true;  	$status = "please check id";  }    }  }  }    if (!$error)  {  // run query & delete file information database  $query = "delete `test` `id` = :id" ;  try {           $stmt = $db->prepare($query);  		$stmt->bindparam(':id', $id);          $stmt->execute();       }       catch(pdoexception $ex)       {            die("failed delete image: please report issue admin");       }  	  // delete file directory  unlink($file_to_delete);      $status = "file deleted";    }  }  ?>    <?php   $query = "select id,photo test";          try    {   // run query show current data in database          $stmt = $db->prepare($query);           $stmt->execute();       }       catch(pdoexception $ex)       {             die("failed run query: please report issue admin");       }              $rows = $stmt->fetchall();   ?>    <!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">  <html xmlns="http://www.w3.org/1999/xhtml">  <head>  <meta http-equiv="content-type" content="text/html; charset=utf-8" />  <title>delete image</title>  <style type="text/css">  .table {  	text-align: center;  }  .table {  	font-weight: bold;  }  </style>  </head>    <body>  <form action="delete.php" method="post" enctype="multipart/form-data" class="table">  please enter filename , id of image wish delete    <table width="178" align="center">      <tr class="table">        <td width="144" class="table">filename</td>        <td width="30" class="table">id </td>      </tr>      <tr>        <td><input name="filename" type="text" value="<?php echo $filename; ?>" />      </td>        <td><input name="id" type="text" id="id" value="<?php echo $id; ?>" size="3" maxlength="4" />      </td>      </tr>    </table>    <p><?php echo $status; ?><br />      <input type="submit" value="delete selected image" name="delete" />    </p>    <p>image details </p>    <table width="400" align="center" class="table">      <tr>        <th width="61">id</th>        <th width="185">filename</th>        <th width="138">image</th>      </tr>    </table>    <table width="400" align="center" class="table">       <?php foreach($rows $row): ?>           <tr>               <td width="61"><?php echo $row['id']; ?></td>                <td width="185"><?php echo $row['photo']; ?></td>              <td width="138" height="138">  <img src="images/<?php echo $row['photo'] ; ?>" width="138" height="138" /></td>           </tr>      <?php endforeach; ?>   </table> </p>    <p><br />    <br />    </p>  </form>  </body>  </html>

there various options, , if you're concerned security, shouldn't let end users specify filename @ all. instead, may want hand out randomly generated md5 strings or alike. can store mapping between such md5 string , filename in database, seem using.

if have have users specify actual filenames, make sure contain characters consider safe. fewer characters allow, better. example, if can restrict filenames a-z, a-z, 0-9, _ , - plus file extension, validate follows:

if (! preg_match("/^[a-za-z0-9_\-]+\.[a-za-z0-9]+$/", $filename)) {   throw new exception("invalid filename pattern"); }

this way users cannot specify filename crosses directory bounds.

to restrict filenames extension, use this:

if (! preg_match("/\.(jpe?g|png|gif)$/i", $filename)) {   throw new exception("invalid file extension"); }

you can additionally check directory name of assembled filename , raise error if directory name not expect:

if (dirname("images/" . $filename) !== "images") {   throw new exception("cannot leave directory"); }

when concerned security , deleting wrong files, should worried sql injection. script vulnerable, because you're inserting user-specified value sql query unchecked:

$query = "delete `test` `id` = $id" ;

what happen if user posts id value of 1 or true? right, images deleted database!


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more