PHP secure Image uploader, with a nice API
Clone or download
Latest commit 4e48553 Jun 24, 2018

README.md

BULLETPROOF Build Status

Latest Stable Version Total Downloads Scrutinizer Code Quality Gitter chat License

Bulletproof is a single-class library to upload images in PHP with security.

Install

Using git

$ git clone https://github.com/samayo/bulletproof.git

Or composer

$ composer require samayo/bulletproof:4.0.*

Or download it manually based on the archived version of release-cycles.

Usage

Create an HTML form like this.

<form method="POST" enctype="multipart/form-data">
  <input type="hidden" name="MAX_FILE_SIZE" value="1000000"/>
  <input type="file" name="pictures" accept="image/*"/>
  <input type="submit" value="upload"/>
</form>

And copy & paste the following code to upload the image

require_once  "path/to/bulletproof.php";

$image = new Bulletproof\Image($_FILES);

if($image["pictures"]){
  $upload = $image->upload(); 

  if($upload){
    echo $upload->getFullPath(); // uploads/cat.gif
  }else{
    echo $image->getError(); 
  }
}

To use the full potential of bulletproof, check the following codes & examples.

Configs

Setting Properties

Before uploading, you can use these methods to restrict the image size, dimensions, mime types, location...

// Pass a custom name, or leave it if you want it to be auto-generated
$image->setName($name); 

// define the min/max image upload size (size in bytes) 
$image->setSize($min, $max); 

// define allowed mime types to upload
$image->setMime(array('jpeg', 'gif'));  

// set the max width/height limit of images to upload (limit in pixels)
$image->setDimension($width, $height); 

// pass name (and optional chmod) to create folder for storage
$image->setLocation($folderName, $optionalPermission);  

Getting Properties

Methods for getting image info before/after upload.

// get the provided or auto-generated image name
$image->getName();

// get the image size (in bytes)
$image->getSize();

// get the image mime (extension)
$image->getMime();

// get the image width in pixels
$image->getWidth();

// get the image height in pixels
$image->getHeight();

// get image location (folder where images are uploaded)
$image->getLocation();

// get the full image path. ex 'images/logo.jpg'
$image->getFullPath();

// get the json format value of all the above information
$image->getJson();

Slightly more customized ways to upload

To set and get image info, before or after image upload, use as:

$image = new Bulletproof\Image($_FILES);

$image->setName("samayo")
      ->setMime(["gif"])
      ->setLocation(__DIR__ . "/avatars");

if($image["pictures"]){
  if($image->upload()){
    echo $image->getName(); // samayo
    echo $image->getMime(); // gif
    echo $image->getLocation(); // avatars
    echo $image->getFullPath(); // avatars/samayo.gif
  }
}
Image Manipulation

If you want to crop, resize or watermark images, use the functions in the separate folder: src/utils

Creating your own custom errors

To create your own errors and responses, instead of the default error messages, use exceptions:

if($image['pics']){

  try {
    if($image->getMime() !== 'png'){
      throw new \Exception('Only PNG image types are allowed');
    }

    // do the same to check size, dimension ...

    if(!$upload = $image->upload()){
      throw new \Exception($image->getError());
    } else {
      echo $image->getFullPath();
    }
    
  } catch (\Exception $e){
    echo "Error " . $e->getMessage();
  }
}

What makes this secure?

  • Uses exif_imagetype() to get the true image mime (.extension)
  • Uses getimagesize() to check if image has a valid height / width in pixels.
  • Sanitized images names, strict folder permissions and more...

License: MIT