Tutorial: How to make an Image Upload and Thumbnailer Script PHP

2. Simple. So lets continue. Check the added code!

 0){
				$maxsize = $_POST['maxdimensions'];
			} else {
				$maxsize = 100;
			}

			$tmppath = '/var/www/thumbtute/tmp/';
			$thumbspath = '/var/www/thumbtute/thumbs/';
			$urltothumbs = 'http://www.jotlab.com/thumbtute/';
			$filename = strtolower(md5((rand() * time()).$_SERVER['REMOTE_ADDR']).strrchr($_FILES['srcimage']['name'], '.'));
			move_uploaded_file($_FILES['srcimage']['tmp_name'], $tmppath.$filename);
		} else {
			echo 'File is not an image! Don\'t waste my time!';
		}
	}
?>

In this section we have added the file handling functions. Whenever you upload a file via a browser, the webserver software, i.e. apache, litespeed etc. will catch it, then dump it in a “secure” temporary directly, way way outside of the working website directory. Sounds nice, pitty we can’t do much to it there. So what we need to do is get that file back into our working folder scheme and edit it.

The first line if(round($_POST['maxdimensions']) > 0){“ looks to see if the value set in the max dimensions field on our form was set properly. We round it off, so it can only be an integer, if words are set then thats a no no If the value is over 0 then the value has been set, so it will drop down to the next line, where it simply stores the value in the form into a variable in PHP, which we will access later. The $maxsize = 100; line simply sets a default value if an incorrect value was entered or if no value was entered at all.

$tmppath = '/var/www/thumbtute/tmp/';
			$thumbspath = '/var/www/thumbtute/thumbs/';
			$urltothumbs = 'http://www.jotlab.com/thumbtute/';

These lines simply set up paths to where our files are. If you are on a linux server, it will probably something like /var/www/newsineydirectory or if you are on a shared server it will probably be /home/username/public_html/newshineydirectory. So set your paths up correctly. if you don’t know what’s going on, phone a friend, or make a new file called info.php. Dump it on your webserver and put this text in it then view it:

We have run into a problem. Imagine this. You have an image with the file called pet.jpg. Its a photo of your favour dog of all time. You take him to the park everyday, play fetch, share ice creams etc. You upload your file and show all your friends, you even link it to forums and think it will stay there for life, just like your love for your dog. But then one of your friends comes along, and uploads a photo, called pet.jpg which just happened to be a photo of him and his girlfriend doing things with collars on…… Get the picture? Your loveable dog image has been overwritten by some nastily surprise.

To avoid this, we use this line:

$filename = strtolower(md5((rand() * time()).$_SERVER['REMOTE_ADDR']).strrchr($_FILES['srcimage']['name'], '.'));

This gets a random number, multiplies it by the time, then encrypts that string of numbers along with their IP address, then adds on the file extension to the end of it. This way the chances of your dog being overwritten are pretty much 0. If you want to make it below 0, then use sessions, maybe a bit of biometrics. And no, php doesn’t do biometrics.

Next we have the move_uploaded_file($_FILES['srcimage']['tmp_name'], $tmppath.$filename); line. This simply moves the temporary file to the path we set with the filename as the random weird one.