Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,068
    Thanks
    25
    Thanked 0 Times in 0 Posts

    Making sure Photos are unique?

    My website allows a user to upload a photo of him/herself, and then it creates a thumbnail which can be used for their Profile Thumbnail.

    Is there some way to make sure two different users don't upload the same image? (For example, I'm not crazy about the idea of having 20 users who all have Erin Andrews *bimbo* as their Profile Thumbnail - if you follow me?!)

    Oh, BTW, my "upload.php" script take a file, goes through numerous checks to ensure it is a valid photo (i.e. .jpeg, .gif, .png) and then uses GD to sanitize things further.

    Thanks,


    Debbie

  • #2
    Regular Coder patryk's Avatar
    Join Date
    Oct 2012
    Location
    /dev/couch
    Posts
    398
    Thanks
    2
    Thanked 64 Times in 64 Posts
    you could store hashes of uploaded files and then compare new upload's hash against stored set

  • #3
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,068
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by patryk View Post
    you could store hashes of uploaded files and then compare new upload's hash against stored set
    If I used hash_file(), what would I be using it on?


    Here is a snippet from my "upload.php" script...
    PHP Code:
        if (empty($errors)){
            
    // Valid Form Data.
            
    if (empty($_FILES['userPhoto']['tmp_name'])){
                
    // No File.
                
    $errors['upload'] = 'Choose a File.';

            }else{
                
    // File exists.
                
    $tempFile $_FILES['userPhoto']['tmp_name'];
            }

        }else{
            
    // Invalid Form Data.
            // Drop through to display Errors.

        
    }//End of CHECK FOR FILE 

    Would I want to use it on $_FILES['userPhoto']['tmp_name']??

    Or possibly on $_FILES['userPhoto']['name']??

    Or would I want to do it after I use GD to create the new Thumbnail here...
    PHP Code:
        // Create New Image.

        
    switch ($imageType){
            case 
    IMAGETYPE_GIF:
                
    $newPhoto = @imagegif($newTrueColorImage$newFilePath);
                break;

            case 
    IMAGETYPE_JPEG:
                
    $newPhoto = @imagejpeg($newTrueColorImage$newFilePath);
                break;

            case 
    IMAGETYPE_PNG:
                
    $newPhoto = @imagepng($newTrueColorImage$newFilePath);
                break;

            default:
                
    $newPhoto FALSE;
        } 

    Thanks,


    Debbie

  • #4
    Regular Coder patryk's Avatar
    Join Date
    Oct 2012
    Location
    /dev/couch
    Posts
    398
    Thanks
    2
    Thanked 64 Times in 64 Posts
    i would perform test on $_FILES['userPhoto']['tmp_name']
    afterall what's the point of converting image if it won't be accepted anyways

  • #5
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,068
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by patryk View Post
    i would perform test on $_FILES['userPhoto']['tmp_name']
    afterall what's the point of converting image if it won't be accepted anyways
    True.

    I guess I was more uncertain if I should hash this...

    $_FILES['userPhoto']['name']

    ...versus this...

    $_FILES['userPhoto']['tmp_name']??


    But I guess the Temp Name is the closest thing to what the User uploaded, right?


    Debbie

  • #6
    Regular Coder patryk's Avatar
    Join Date
    Oct 2012
    Location
    /dev/couch
    Posts
    398
    Thanks
    2
    Thanked 64 Times in 64 Posts
    of course this method won't be fool proof you know.
    jpg file will have different hash than the same image converted to png or simply resized.

  • #7
    Regular Coder patryk's Avatar
    Join Date
    Oct 2012
    Location
    /dev/couch
    Posts
    398
    Thanks
    2
    Thanked 64 Times in 64 Posts
    $_FILES['userPhoto']['tmp_name'] should contain path to actual file, so that's the thing you want to hash
    ...till you do move_uploaded_file() that is
    Last edited by patryk; 03-22-2013 at 10:41 PM.

  • #8
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,068
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by patryk View Post
    $_FILES['userPhoto']['tmp_name'] should contain path to actual file, so that's the thing you want to hash
    ...till you do move_uploaded_file() that is
    I'm not using move_uploaded_file() in my script.

    I didn't see any reason to move the Temporary File somewhere else, since I can validate it and use GD right where it is saved in "upload_tmp_dir"...


    The new image is created later in my script like this...
    PHP Code:
        // Create New Image.

        
    switch ($imageType){
            case 
    IMAGETYPE_GIF:
                
    $newPhoto = @imagegif($newTrueColorImage$newFilePath);
                break;

            case 
    IMAGETYPE_JPEG:
                
    $newPhoto = @imagejpeg($newTrueColorImage$newFilePath);
                break;

            case 
    IMAGETYPE_PNG:
                
    $newPhoto = @imagepng($newTrueColorImage$newFilePath);
                break;

            default:
                
    $newPhoto FALSE;
        } 
    Sincerely,


    Debbie

  • #9
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,068
    Thanks
    25
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by patryk View Post
    of course this method won't be fool proof you know.
    jpg file will have different hash than the same image converted to png or simply resized.
    Well, if the user just changed the file extension, then this new code I am writing should still catch it.

    But, yes, if someone was determined, then they could edit Erin Andrew's photo - maybe make her NOSE even bigger - and save it and then my code wouldn't be able to detect that a duplicate really exists.

    I still think this would be an improvement to my original code version.

    My goal is to promote a community of individuals with distinct profiles, not 100 profiles that all pray to Nike's logo or Erin Andrew's _____, if you follow?!


    Debbie


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •