Home/ Questions/Q 1030207
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T12:39:51+00:00

In my upload photo script, at the processing part, when it moves the upload

  • 0

In my upload photo script, at the processing part, when it moves the upload file to the uploaded_files:

@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
    or error('receiving directory insuffiecient permission', $uploadForm);

Before this I added a function:

makeThumbnail($_FILES[$fieldname]['type'], $_FILES[$fieldname]['name'], $_FILES[$fieldname]['size'], $_FILES[$fieldname]['tmp_name'], 100);

that makes it a thumbnail. I wish to have the original image and a thumbnail of it, but somehow it only works if I either remove the makeThumbnail() or move_uploaded_file(), and then I can’t get both the image and the thumbnail…

I think it’s because the tmp_name gets removed after one of these have been executed, so what do I do to keep it for the both?

My thumb function:

function makeThumbnail($type, $name, $size, $tmp_name, $thumbSize) {
    $path_thumbs = "uploaded_files/";       
    $img_thumb_width = $thumbSize; // 
    $extlimit = "yes"; //Limit allowed extensions? (no for all extensions allowed)

    //List of allowed extensions if extlimit = yes
    $limitedext = array(".gif",".jpg",".png",".jpeg",".bmp");

    //the image -> variables
    $file_type = $type;
    $file_name = $name;
    $file_size = $size; 
    $file_tmp = $tmp_name;

    //check if you have selected a file.
    if(!is_uploaded_file($file_tmp)){
        echo "Error: Please select a file to upload!. <br>--<a href=\"$_SERVER[PHP_SELF]\">back</a>";
        exit(); //exit the script and don't process the rest of it!
    }

    //check the file's extension
    $ext = strrchr($file_name,'.');
    $ext = strtolower($ext);

    //uh-oh! the file extension is not allowed!
    if (($extlimit == "yes") && (!in_array($ext,$limitedext))) {
        echo "Wrong file extension.  <br>--<a href=\"$_SERVER[PHP_SELF]\">back</a>";
        exit();
    }

    //so, whats the file's extension?
    $getExt = explode ('.', $file_name);
    $file_ext = $getExt[count($getExt)-1];

    //create a random file name
    $rand_name = md5(time());
    $rand_name= rand(0,999999999);

    //the new width variable
    $ThumbWidth = $img_thumb_width;

    /////////////////////////////////
    // CREATE THE THUMBNAIL //
    ////////////////////////////////

    //keep image type
    if($file_size){
        if($file_type == "image/pjpeg" || $file_type == "image/jpeg"){
            $new_img = imagecreatefromjpeg($file_tmp);
        }elseif($file_type == "image/x-png" || $file_type == "image/png"){
            $new_img = imagecreatefrompng($file_tmp);
        }elseif($file_type == "image/gif"){
            $new_img = imagecreatefromgif($file_tmp);
        }

        //list the width and height and keep the height ratio.
        list($width, $height) = getimagesize($file_tmp);

        //calculate the image ratio
        $imgratio=$width/$height;

        if ($imgratio>1){
            $newwidth = $ThumbWidth;
            $newheight = $ThumbWidth/$imgratio;
        }else{
            $newheight = $ThumbWidth;
            $newwidth = $ThumbWidth*$imgratio;
        }

        //function for resize image.
        if (function_exists(imagecreatetruecolor)){
            $resized_img = imagecreatetruecolor($newwidth,$newheight);
        }else{
            die("Error: Please make sure you have GD library ver 2+");
        }

        //the resizing is going on here!
        imagecopyresampled($resized_img, $new_img, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);

        //finally, save the image
        ImageJpeg ($resized_img,"$path_thumbs/$rand_name.$file_ext", 100);
        ImageDestroy ($resized_img);
        ImageDestroy ($new_img);
    }

    //ok copy the finished file to the thumbnail directory
    // move_uploaded_file ($file_tmp, "$path_big/$rand_name.$file_ext");

    exit();
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Unless you’ve defined the makeThumbnail() function take parameters passed by reference, there’s no way anything inside that function could remove the original data in the $_FILES array.

    However, if you are running the move_uploaded_files() before you build the thumbnail, then there’s your problem. It literally moves the file from its temporary storage location, as specified in $_FILES[...]['tmp_name'] to the destination filename. Then there’ll be nothing left for your thumbnail generator to work on.

    Make it generate the thumbnail first and things should work better.

    As a security tip, don’t trust the ['type'] parameter in the $_FILES array. That’s set by the client, and can be forged. Best to determine what kind of image you’ve got with getimagesize() or fileinfo(), which work purely server-side.

    followup:

    Man that’s some ugly code. Some problems:

    1. You extract the file extension twice, but are using the filename as supplied by the user, which is insecure.
    2. You check for the existence of the ‘gd’ library AFTER you’ve already used gd functions, so the check is absolutely useless.
    3. You pass in various parts of the $_FILES array to the function, but then simply reassign the paramters to other variables, in at least one case twice
    4. You generate a random file name, but it’s only an up-to-9 digit number, and don’t check for collisions, so at some point, you’ll overwrite an older image with the new upload.
    5. You don’t return this random file name, so how will you be able to associate the randomly named thumbnail with the original image?
    6. You’re not checking if the upload completed properly. Checking the ['size'] parameter isn’t enough. A partial upload will still have a ['size'] but the file will be truncated and corrupted.
    7. You have a basic “allowed types” filter, but what if you turn it off and the user uploads a .pdf, or random garbage, or a .exe, or even an image type that GD doesn’t support?

    So, to fix this, change your function call to this:

    makeThumbnail($_FILE[$fieldname], 100);

    There’s no reason to pass in all those parameters manually when they’re already nicely grouped in an array for you. Now that we have all the available data passed in, we can start doing stuff:

    function makeThumbnail($file, $thumbSize = 100) {
    if ($file['error'] !== UPLOAD_ERR_OK) {
        // something blew up
        // so handle error condition
        // 
        // error codes documentation: http://php.net/manual/en/features.file-upload.errors.php
        die();
    }

    $path_thumbs = "uploaded_files/";
    $allowed_types = array('image/jpeg', 'image/jpg', 'image/bmp', 'image/png', 'image/gif');

    $imageinfo = getimagesize($file['tmp_name']); // get image info

    if ($imageinfo === FALSE) {
        die("Uhoh. Unable to read uploaded file");
    }

    if (!in_array($imageinfo['mime'], $allowed_types)) {
        die("Sorry, images of type {$imageinfo['mime']} not allowed");
    }

    $rand_name = rand(0, 999999999); // this isn't particularly well done, but ...

    // create thumbnail
    switch($imageinfo['mime']) {
        case 'image/jpeg':
        case 'image/jpg':
            $new_img = imagecreatefromjpeg($file['tmp_name']);
            $file_ext = '.jpg';
            break;
        case 'image/gif':
            $new_img = imagecreatefromgif($file['tmp_name']);
            $file_ext = '.gif';
            break;
        case 'image/png':
            $new_img = imagecreatefrompng($file['tmp_name');
            $file_ext = '.png';
            break;
        default:
            die("Uhoh. How did we get here? Unsupported image type"):
    }

    $imgratio = $imageinfo['height'] / $imageinfo['width'];
    if ($imgratio > 1) {
        $newwidth = $thumbSize;
        $newheight = $thumbSize / $imgratio;
    } else {
        $newheight = $thumbSize;
        $newwidth = $thumbSize * $imgratio;
    }

    $resized_img = imagecreatefromtruecolor($newwidth, $newheight);
    imagecopyresampled($resized_img, $new_img, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);

    $thumb_name = $rand_name . $file_ext;
    $thumb_path = $path_thumbs . '/' . $rand_name;
    imagejpeg($resized_img, $thumb_path);

    imagedestroy($resized_img);
    imagedestroy($new_img);

    return($thumb_name);
}

    This is, of course, untested, just going from your original code and off the top of my head, but it should get you started on road to something that works better.

    • 0