I've made a basic looking PHP file load system, so far I can upload any file type, I haven't add any parameters just yet.
But what I want to know is with the method I'm using, what steps should I take to make the system secure? Is there another, more secure way of doing things, and any guides, tips or suggestions that may help with this system?
This is my code so far:
$upload_to = "img/company_logos/";
if($_POST)
{
if(!empty($_POST['upload']))
{
$upload_to = $upload_to . $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], $upload_to);
echo "Uploaded!";
}
}
?>
<html>
<body>
<form method="post" enctype="multipart/form-data">
<input type="hidden" id="upload" name="upload" value="1" />
<input type="file" id="file" name="file" />
<input type="submit" value="Submit" />
</form>
</body>
</html>
One of the major things I've seen is the upload directory permissions are set to 777 this means anyone can read/write/execute this dir.
Thanks for the help.
http://php.about.com/od/advancedphp/qt/upload_security.htm
And see this one PHP Upload file enhance security