All geek questions in one place

Creating a PHP downloader for gif / jpg / png / pdf / doc, wmv files, maybe, or should I buy something?

I have a Mac server and am creating PHP code that allows users to upload images, documents, and even video files. The study of this, of course, made me nervous, I want the downloaded content to be free.

Is building something a huge problem? Will you do this, or will you find some OS or OTS product? (And do you know what you can recommend)?

+3
source share
8 answers

Conceptually, what you're talking about is pretty simple. Receiving and processing downloads is quite simple, this is definitely not what I think you need to worry about buying a pre-built solution.

In fact, things like images and videos really cannot have “viruses” (if the viewer application really doesn’t work and allows them to somehow run the code, also known as “Internet Explorer”), but actually it’s not very difficult to check for viruses they are all the same if you want. Just find a command line scanner that can run on the server (something like Clam AV ), and whenever the file is downloaded, run it through the scanner and reject the download (and register the event) if it does not pass the test.

+22

, Flash/, , . SWFUpload - .

ClamAV, - PHP:


$out = '';
$int = -1;
exec('/usr/local/bin/clamscan --stdout /path/to/file.ext', $out, $int);

if ($int == 0)
{
  print('No virus!');
}

/*
Return codes from clamscan:
 0 : No virus found.

       1 : Virus(es) found.

       40: Unknown option passed.

       50: Database initialization error.

       52: Not supported file type.

       53: Can't open directory.

       54: Can't open file. (ofm)

       55: Error reading file. (ofm)

       56: Can't stat input file / directory.

       57: Can't get absolute path name of current working directory.

       58: I/O error, please check your file system.

       59: Can't get information about current user from /etc/passwd.

       60: Can't get information about user '' from /etc/passwd.

       61: Can't fork.

       62: Can't initialize logger.

       63: Can't create temporary files/directories (check permissions).

       64: Can't write to temporary directory (please specify another one).

       70: Can't allocate memory (calloc).

       71: Can't allocate memory (malloc).

*/
+5

: . , , .

: , , . , , . *, , .



(* , , , , . , .;)

+4

- , FancyUpload digitarald Mootools 1.2.1

: http://localhost/fancyupload/showcase/photoqueue/, , .

, , Flash ( GET/POST! .) .

. youtube .

, , , ImageMagick, , Ghostscript. Imagemagick PDF !

+1

" - ?" . , , , , , , - php script: . , , , php- . , :

  • .
  • , , .
  • is_uploaded_file move_uploaded_file LFI.
  • $_FILES ( ), RFI.
  • , $_FILES, , browswer.
  • , , mime, , , (.. GIF8 image/gif, php script)
  • , .
  • apache, .htaccess, php (.. txt)..

, , , :)

, , AV.

+1

, :

foreach ($_FILES as $file) {
  if (!$file['error']) {
    move_uploaded_file ($file['tmp_name'], 'uploads/'. $file['name']);
  } elseif (4 != $file['error']) {
    $error_is = $file['error'];
    // do something with the error :-)
  }
}

header ('Location: ...'); // go to the updated page, like, with the new files
die;
0

, , . ( )

: Gmail, , Norton, Yahoo! Mail, , McAfee.

0

script.

clamdscan clamscan. clamdscan clamd (clamav daemon), clamscan , , , .

Alternatively, you can also try clamuko (this gives you access to scan), so you can simply drop the files into the directory watched by clamuko.

There is also FUSE-based ClamFS, which could probably be the best solution if you cannot insert modules into the kernel.

0
source

Source: https://habr.com/ru/post/1704858/

More articles:


All Articles