I am building a PHP app which will be distributed to hundreds or thousands of users as a SugarCRM module. The functionality I am working on allows users to upload images from a remote URL.
StackOverflow has this same functionality, shown in the image at the bottom.
I mention this being on other servers because my upload function needs to be very reliable across many server configurations and web hosts!
To help make it more reliable in fetching and downloading remote images, I have some checks in my fetch_image($image_url) function like...
ini_get('allow_url_fopen') to see if they allow file_get_contents() to use URLs instead of file paths.
I use function_exists('curl_init') to see if CURL is installed.
Besides getting the remote image using several methods. I now also need to ensure that the file returned or built from the remote server is actually a legit image file and not some sort of malicious file!
Most servers at least have GD image processor installed so perhaps it could be used somehow on my image to make sure it is an image?
My code so far is below...
Any help appreciated in checking to ensure image is image!
The sockets method seems to actually generate a file saved in the server temp folder. Other methods just return the string of the image.
<?php
class GrabAndSave {
public $imageName;
public $imageFolderPath = 'remote-uploads/'; // Folder to Cache Amazon Images in
public $remote_image_url;
public $local_image_url;
public $temp_file = '';
public $temp_file_prefix = 'tmp';
public function __construct(){
//
}
public function fetch_image($image_url) {
// check if CURL is installed
if (function_exists('curl_init')){
return $this->curl_fetch_image($image_url);
// Check if PHP allows file_get_contents to use URL instead of file paths
}elseif(ini_get('allow_url_fopen')){
return $this->fopen_fetch_image($image_url);
// Try Sockets
}else{
return $this->sockets_fetch_image($image_url);
}
}
public function curl_fetch_image($image_url) {
if (function_exists('curl_init')) {
//Initialize a new resource for curl
$ch = curl_init();
//Set the url the retrieve
curl_setopt($ch, CURLOPT_URL, $image_url);
//Return the value instead of outputting to the browser
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$image = curl_exec($ch);
curl_close($ch);
if ($image) {
//Do stuff with the image
return $image;
} else {
//Show error message
}
}else{
die('cURL is not enabled on this server.');
}
}
public function fopen_fetch_image($url) {
$image = file_get_contents($url, false, $context);
return $image;
}
public function sockets_fetch_image($image_url)
{
if($this->temp_file)
{
throw new Exception('Resource has been downloaded already.');
}
$this->temp_file = tempnam(sys_get_temp_dir(), $this->temp_file_prefix);
$srcResource = fopen($image_url, 'r');
$destResource = fopen($this->temp_file, 'w+');
stream_copy_to_stream($srcResource, $destResource);
return $this->temp_file;
}
public function save_image($image_filename, $raw_image_string){
$local_image_file = fopen($this->imageFolderPath . $image_filename, 'w+');
chmod($this->imageFolderPath . $image_filename, 0755);
fwrite($local_image_file, $raw_image_string);
fclose($local_image_file);
}
}
Preview of the StackOverflow image dialog using remote URL image upload...
You can