I am thinking of letting users upload files to my website. I already have a php script to allow this which will be the back-end of a flash GUI. I have made the .swf which would allow the browser to find files with only the specified file-types for the download to begin. The checks and balances in the actionscript would check file size and extension value. And not upload if these two are not in compliance with both. The php script takes the the file extension and will not upload if the file extension is not one of the checks. the script also takes three random values in the data of the tmp file and md5 hashes them to make the file name and then the extension is appended to the file name which is then put into a database with the original file name. heres a quick summary of the flash and php file functions.
- checks file extension
- checks file size
- checks if file has been uploaded to temp if yes then
- splits file name into array and pops of the last array and checks if the file extension is allowed if yes then
- Checks file size so not to exceed php.ini limit if yes then
- goes through tmp file and selects three random to md5 hash and add extension
- checks database to see if the file has already been uploaded
- inserts values into database
- a bunch of elses for error codes
Should I save these files without the extension and add the extension only when called?
I eventually want my users to view these files in flash so I will probably print up an XML.
now my questions are :
Should I put these uploaded files in my cgi-bin?
If so lets say I have videos or some sort of other file type will I be able to stream from my cgi-bin?
How does someone make a file with a friendly extension and use it with a different scripting
language? ( I don't really want to know how to do it just the factors so I can safeguard against it)
Now I know their is no 100% safe upload script, but such as life their is no perfect just to strive for perfection. Any input would help.