I am trying to allow users to upload files through a PHP website. Since all files are stored in one folder on the server, it is conceivable (although presumably with a low probability) that two separate users can upload two files, which, being different, are called exactly the same. Or perhaps this is the exact same file.
In both cases, I would like to use exec("openssl md5 " . $file['upload']['tmp_name'])
to determine the hash of the MD5 file immediately after downloading it. Then I will check the database for any identical MD5 hash, and if it is found, I just wonβt complete the download.
However, in the documentation for move_uploaded_file
I found this comment:
A warning. If you save the hash of the md5_file file in the database to save a record of the downloaded files, which is useful to prevent users from downloading the same file twice, keep in mind that after using move_uploaded_file the hash of the md5_file file changes! And you cannot find the corresponding hash and delete it in the database when the file is deleted.
Is this really so? Will the MD5 hash of the file in the tmp directory change after moving it to a permanent location? I do not understand why this will happen. And regardless, is there a different, better way to ensure that the same file is not downloaded to the file system several times?
source share