PHP secure Image uploader, with a nice API
Latest commit 9fa0646 Jun 29, 2016 @samayo committed on GitHub fix failing test due to reversed params passed to `setDimention()`
With fix #54 unit testing was failing since tests expected the old `setDimension(height, width);` values


Latest Stable Version Scrutinizer Code Quality

Bulletproof is a single-class library to securely upload images in PHP.

To watermark, resize, crop images checkout src/utils


Using git

$ git clone

Using composer

$ php composer.phar require samayo/bulletproof:2.0.*

Or download it manually based on the archived version of release-cycles.


Create an HTML form like this.

<form method="POST" enctype="multipart/form-data">
    <input type="hidden" name="MAX_FILE_SIZE" value="1000000"/>
    <input type="file" name="ikea"/>
    <input type="submit" value="upload"/>

And simply require the class to upload

require_once  "path/to/bulletproof.php";

$image = new Bulletproof\Image($_FILES);

    $upload = $image->upload(); 

        // OK
        echo $image["error"]; 
Setting Properties

Methods for defining allowed size, dimensions, mime types, location and image name

// call if you want to set new image name manually

// define min/max size limits for upload (size in bytes) 
$image->setSize($min, $max); 

// define acceptable mime types
$image->setMime(array($jpeg, $gif));  

// set max width/height limits (in pixels)
$image->setDimension($width, $height); 

// pass name (and optional chmod) to create folder for storage
$image->setLocation($folderName, $optionalPermission);  
Getting Properties

Methods for getting image info before and / or after upload.

// get the provided or auto-generated image name

// get the image size (in bytes)

// get the image mime (extension)

// get the image width in pixels

// get the image height in pixels

// get image location (folder where images are uploaded)

// get the full image path. ex 'images/logo.jpg'

// get the json format value of all the above information
Setting and Getting values, ..

To set and get image info, before or after image upload, use as:

$image = new Bulletproof\Image($_FILES);


        echo $image->getName(); // samayo
        echo $image->getMime(); // gif
        echo $image->getLocation(); // avatars
        echo $image->getFullPath(); // avatars/samayo.gif
Image Manipulation

Bulletproof is upload-ONLY library, so image manipulation features are placed in a seperate folder src/utils.

This example shows how to crop an image to 80x56, after uploading.

require "src/bulletproof.php";
require "src/utils/func.image-crop.php"; // crop function

$image = new Bulletproof\Image($_FILES);
        $crop = Bulletproof\crop(

Uploaded image is now cropped to 80x56, For more examples, check src/utils

Creating custom responses

To create your own errors and responses, instead of the default error messages, use exceptions:


   if($image->getMime() !== "png"){
      throw new \Exception(" Image should be a 'png' type ");

   if($image->getSize() < 1000){
      throw new \Exception(" Image size too small ");

      // OK
     throw new \Exception($image["error"]);

 }catch(\Exception $e){
      echo $e->getMessage(); 
What makes this secure?
  • Uses exif_imagetype() to get the true image mime (.extension)
  • Uses getimagesize() to check if image has a valid height / width in pixels.
  • Sanitized images names, strict folder permissions and more...
License: MIT