Can Anyone Check This Image Upload Code In Laravel? - laravel

I wrote this Code For Image Upload but I do not know if it is secure, or not. Is There any issue or vulnerability in this code??
if($request->hasFile('image')){
$AllowedImages = ['jpeg', 'jpg', 'png'];
$AllowedImageTypes = ['image/jpeg', 'image/png'];
$image = $request->image;
$ImageNameWithExtension = $image->getClientOriginalName();
$ImageName = pathinfo($ImageNameWithExtension, PATHINFO_FILENAME);
$ImageExtension = $image->getClientOriginalExtension();
$ImageType = $image->getMimeType();
$ImageLocalPath = $image->getPathName();
$ImageSize = $image->getSize();
$ImageError = $image->getError();
$ImageNewName = sha1(md5($ImageName)).''.sha1(time()).'.'.$ImageExtension;
if(in_array($ImageType, $AllowedImageTypes) && in_array($ImageExtension, $AllowedImages) && getimagesize($ImageLocalPath) && ($ImageError === 0) && ($ImageSize <= 2000000)){
if($ImageType == 'image/jpeg' && ( $ImageExtension == 'jpeg' || $ImageExtension == 'jpg')){
$img = imagecreatefromjpeg($ImageLocalPath);
imagejpeg( $img, $ImageNewName, 100);
}
elseif($ImageType == 'image/png' && $ImageExtension == 'png'){
$img = imagecreatefrompng($ImageLocalPath);
imagepng( $img, $ImageNewName, 9);
}
imagedestroy($img);
try
{
$StoreImage = $image->storeAs('public/Upload/', $ImageNewName);
if(!$StoreImage){
throw new customException('File Upload Failed');
}
}
catch(customException $e){
session()->flash('File_Error', $e->errorMessage());
return back();
}
}
else{
session()->flash('File_Error', 'Image Validation Error Found');
return back();
}
}
else{
return back();
}

Consider this refactor for your code, it will help make your code cleaner.
public function store(Request $request)
{
$record = Model::create( $this->validateRequest() ); // this can insert other data into your database. In the db table, initially set the image related fields to nullable
$this->storeFile($record); // this will check if the request has a file and update the image related fields accordingly, else it will remain blank as it is nullable by default
return 'all data is saved';
}
private function validateRequest(){
return request()->validate([
'type' => 'nullable',
'image'=> request()->hasFile('image') ? 'mimes:jpeg,jpg,png|max:2000' : 'nullable', // 2000 means a maximum of 2MB
'other_field_1' => 'required',
'other_field_2' => 'required',
'other_field_3' => 'required'
]);
}
private function storeFile($record){
if( request()->hasFile('image') ){
$record->update([
'type' => request()->file->extension(),
'image' => request()->file->store('uploads/files', 'public') // The file will be hashed by default. public is used as second argument so you can access the uploaded file via your public folder
]);
}
}
This is check for file in the request, validate the file and other data, upload the file into storage folder.

You can use this code, for upload image :
In Request file :
public function rules()
{
return [
'image' => 'required|mimes:jpeg,jpg,png|max:50000'
],
}
And in your controller :
public function uploadImage(YourRequestClass $request){
$image = $request->file('image');
try{
$order=new Order();
if (!file_exists('upload/' . $image)) {
$currentDate = Carbon::now()->toDateString();
$imageName = $currentDate . '-' . uniqid() . '.' . $image->getClientOriginalExtension();
if (!file_exists('upload/')) {
mkdir('upload/', 0777, true);
}
$image->move('upload/', $imageName);
$order->image = $imageName;
}
$order->save();
return back();
} catche(\Exception $e){
Log::error($e);
return back();
}
}

Related

send file to an api using guzzle http client

after uploading an image in web system a i want to push the image to another web system b.i am using guzzle http client to push and save the image in system b.i have been able to save the image in system a but when it reaches the part to push and save to system b an error that i have set to show when there is an error on uploading the image.here is my function to save the image on system a
public function productSavePicture(Request $request)
{
try {
$validation = Validator::make($request->all(), [
'product_id' => 'required',
]);
if ($validation->fails()) {
throw new \Exception("validation_error", 19);
}
$product_details = product::where('systemid', $request->product_id)->first();
if (!$product_details) {
throw new \Exception('product_not_found', 25);
}
if ($request->hasfile('file')) {
$file = $request->file('file');
$extension = $file->getClientOriginalExtension(); // getting image extension
$company_id = Auth::user()->staff->company_id;
if (!in_array($extension, array(
'jpg', 'JPG', 'png', 'PNG', 'jpeg', 'JPEG', 'gif', 'GIF', 'bmp', 'BMP', 'tiff', 'TIFF'))) {
return abort(403);
}
$filename = ('p' . sprintf("%010d", $product_details->id)) . '-m' . sprintf("%010d", $company_id) . rand(1000, 9999) . '.' . $extension;
$product_id = $product_details->id;
$this->check_location("/images/product/$product_id/");
$file->move(public_path() . ("/images/product/$product_id/"), $filename);
$this->check_location("/images/product/$product_id/thumb/");
$thumb = new thumb();
$dest = public_path() . "/images/product/$product_id/thumb/thumb_" . $filename;
$thumb->createThumbnail(
public_path() . "/images/product/$product_id/" . $filename,
$dest,
200);
$systemid = $request->product_id;
$product_details->photo_1 = $filename;
$product_details->thumbnail_1 = 'thumb_' . $filename;
$product_details->save();
// push image to system on saving
$client = new \GuzzleHttp\Client();
$url = "http://systemb/api/push_image";
$response = $client->request('POST',$url,[
'headers' => [ ],
'multipart' => [
[
'name' => $filename,
'contents' => file_get_contents($product_details->getPath()),
],
],
]);
} else {
return abort(403);
}
} catch (\Exception $e) {
if ($e->getMessage() == 'validation_error') {
return '';
}
if ($e->getMessage() == 'product_not_found') {
$msg = "Error occured while uploading, Invalid product selected";
}
{
$msg = "Error occured while uploading picture";
}
$data = view('layouts.dialog', compact('msg'));
}
return $data;
}
i am getting the error "Error occured while uploading picture" but the error is saved in systema but its unabe to be pushed in systemb..i havent understood where i have gone wrong with my code base but i guess that part on guzzle isnt being executed because the data is being saved in systema but its unable to be pushed to systemb.what might be the issue here
Your class Product doesnt have the method getPath() declared
file_get_contents($product_details->getPath())
Change it so it uses the path you used above that line
file_get_contents(public_path() . "/images/product/$product_id/".$filename)

Validation can not updating value in database

I am uses validation for gst and adhar but when its error free i am updating value but value can not updating. I am giving updating code in else part. what is mistake done by me? need a solution. In if part i am checking validation and in else part if error is not coming, i am updating value from table but i can not work.
public function profile_update(Request $req,$id)
{
$mytime = Carbon::now();
$fullname = $req->input('fullname');
$email = $req->input('email');
$mobile = $req->input('mobile');
$gender = $req->input('gender');
$gstnumber = $req->input('gst_number');
$adharnumber = $req->input('aadhar_number');
$password = $req->input('password');
$cpassword = $req->input('c_password');
$updated_at = $mytime->toDateTimeString();
$created_at = $mytime->toDateTimeString();
$validator = Validator::make($req->all(), [
'email' => 'email|unique:users,email',
'aadhar_number' => 'unique:users,aadhar_number' ,
'gst_number' => 'regex:^[0-9]{2}[A-Z]{5}[0-9]{4}[A-Z]{1}[1-9A-Z]{1}Z[0-9A-Z]{1}$^|unique:users,gst_number'
]);
if($validator->fails())
{
//dd("hello");
$messages = $validator->messages();
//return Redirect::to('/customer')->with('message', 'Register Failed');
return redirect('/profile')
->withErrors($validator)
->withInput();
}
else
{
if ($req->hasFile('update_image'))
{
$image = $req->file('update_image');
$filename = $image->getClientOriginalName();
$destinationPath = public_path('/images/users_profile/');
$image->move($destinationPath, $filename);
DB::update(
'update users set name = ?,email = ?,mobile = ?,image = ?,gender = ?,gst_number=?,aadhar_number=?,password = ?,cpassword = ? where id = ?',
[$fullname, $email, $mobile, $filename, $gender, $gstnumber, $adharnumber, $password, $cpassword, $id]
);
}
else
{
DB::update(
'update users set name = ?,email = ?,mobile = ?,gender = ?,gst_number=?,aadhar_number=?,password = ?,cpassword = ? where id = ?',
[$fullname, $email, $mobile, $gender, $gstnumber, $adharnumber, $password, $cpassword, $id]
);
}
return redirect('/profile');
}
}
you dont need the if else statement
$req->validate([
'email' => 'email|unique:users,email',
'aadhar_number' => 'unique:users,aadhar_number' ,
'gst_number' => 'regex:^[0-9]{2}[A-Z]{5}[0-9]{4}[A-Z]{1}[1-9A-Z]{1}Z[0-9A-Z]{1}$^|unique:users,gst_number'
// continue your update code here
]);
Simply do this and it will do the needfull for you
if your conditions are not met by the values it will return to the previous view and if the conditions are met, it will continue to run the codes.
for updating the data
$data = user::find(id);
$data->name = $name;
$data->email = $email;
.
.
.
.
//update all the fields
$data->save();

How to image upload into databae using laravel?

I am trying to upload an image into the database but unfortunately not inserting an image into the database how to fix it, please help me thanks.
database table
https://ibb.co/3sT7C2N
controller
public function Add_slider(Request $request)
{
$this->validate($request, [
'select_image' => 'required'
]);
$content = new Sliders;
if($request->file('select_image')) {
$content->slider_image = Storage::disk('')->putFile('slider', $request->select_image);
}
$check = Sliders::create(
$request->only(['slider_image' => $content])
);
return back()
->with('success', 'Image Uploaded Successfully')
->with('path', $check);
}
You should do with the following way:
public function Add_slider(Request $request)
{
$this->validate($request, [
'select_image' => 'required'
]);
$image = $request->file('select_image');
$extension = $image->getClientOriginalExtension();
Storage::disk('public')->put($image->getFilename().'.'.$extension, File::get($image));
$content = new Sliders;
if($request->file('select_image'))
{
$content->slider_image = $image->getFilename().'.'.$extension;;
$content->save();
$check = Sliders::where('id', $content->id)->select('slider_image')->get();
return back()->with('success', 'Image Uploaded Successfully')->with('path',$check);
}
}
And in view blade file:
<img src="{{url($path[0]->slider_image)}}" alt="{{$path[0]->slider_image}}">
This returns only the filename:
Storage::disk('')->putFile('slider', $request->select_image);
Use this instead:
Sliders::create([
'slider_image' => $request->file('select_image')->get(),
]);
Make sure the column type from database is binary/blob.

getting an error Undefined property: stdClass::$id

I've issue with my CMS whenever I tried to Add new page with the following line of code
<?php echo form_open_multipart('admin/page/edit/'. $page->id); ?>
it gives me error
A PHP Error was encountered
Severity: Notice
Message: Undefined property: stdClass::$id
Filename: page/edit.php
Line Number: 5
my edit function is this which perform add & update functionality
public function edit($id = NULL) {
//Fetch a page or set new one
if ($id) {
$this->data['page'] = $this->page_m->get($id);
count($this->data['page']) || $this->data['errors'][] = 'Page Could not be found';
} else {
$this->data['page'] = $this->page_m->get_new();
}
$id == NULL || $this->data['page'] = $this->page_m->get($id);
//Pages for dropdown
$this->data['pages_no_parents'] = $this->page_m->get_no_parents();
//dump($this->data['pages_no_parents']);
//Setup form
$rules = $this->page_m->rules;
$this->form_validation->set_rules($rules);
//Process the form
if ($this->form_validation->run() == TRUE) {
$data = $this->page_m->array_from_post(array(
'title',
'slug',
'order',
'body',
'template',
'parent_id',
'filename'
));
/* * ***********WORKING FOR IMAGE UPLOAD AND SAVE PATH TO DATABASE*************** */
if (!empty($_FILES['filename'])) {
$fdata = $this->do_upload('filename'); /// you are passing the parameter here
$data['filename'] = base_url() . 'uploads/' . $fdata;
}
$this->page_m->save($data, $id);
// echo '<pre>' . $this->db->last_query() . '</pre>';
redirect('admin/page');
}
//Load the view
$this->data['subview'] = 'admin/page/edit';
$this->load->view('admin/_layout_main', $this->data);
}
public function do_upload($field_name) { // but not retriveing here do this
$field_name = 'filename';
$config = array(
'allowed_types' => '*',
'max_size' => '1024',
'max_width' => '1024',
'max_height' => '768',
'upload_path' => './uploads/'
);
$this->load->library('upload');
$this->upload->initialize($config);
if (!$this->upload->do_upload($field_name)) {
echo $this->upload->display_errors();
die();
$this->data['error'] = array('error' => $this->upload->display_errors());
//$this->data['subview'] = 'admin/page/edit';
//$this->load->view('admin/_layout_main', $this->data);
} else {
$fInfo = $this->upload->data();
//return $fInfo['file_path'].$fInfo['file_name'];
// $this->filename = $fInfo;
return $fInfo['file_name'];
}
}
<?php echo form_open_multipart('admin/page/edit/'. ((isset($page->id)) ? $page->id : '')); ?>
As I mentioned in my comment, if you are creating a new record (I assume:) your page object will not have an id yet, so you just have to do a quick check to make sure it exists and if not output an empty string.

Varien_File_Uploader is not uploading files in custom module in magento

I am trying to save the images in my module but the images are not saving from the form.
$uploader = new Varien_File_Uploader('image'); this code is not working I dont know why. The loop breaks on this line and the control get out of the loop from here. How can I save the images.
Here is my save function in the controller
public function saveAction()
{
if ($this->getRequest()->getPost())
{
try
{
$postData = $this->getRequest()->getPost();
//echo "<pre>";print_r($postData); exit;
$articleModel = Mage::getModel('blog/article');
$imgFilename = NULL;
if($_FILES['image']['name'] != '')
{//echo "<pre>"; echo count($_FILES['image']['name']);
foreach($_FILES['image']['name'] as $_FILES['image']['name'])
{
//print_r($_FILES['image']['name']);
try
{ echo "1";
$uploader = new Varien_File_Uploader('image'); echo "hi";
//print_r($uploader);exit;
$uploader->setAllowedExtensions(array('jpg','jpeg','gif','png','flv'));
$uploader->setAllowRenameFiles(false);
$uploader->setFilesDispersion(false);
$uploader->setAllowCreateFolders(true);
// Set media as the upload dir
$media_path = Mage::getBaseDir('media') . DS . 'blog' . DS;
$imgFilename = time() . $postData['image'];
// Upload the image
//$uploader->save($media_path, $_FILES['image']['name']);echo "4";
$uploader->save($media_path, $imgFilename);
}
catch (Exception $e)
{
Mage::log($e);
$this->_redirectError(502);
}
$data['image'] = $imgFilename;
}
}
else
{
if(isset($data['image']['delete']) && $data['image']['delete'] == 1)
$data['image'] = '';
else
unset($data['image']);
}
//echo "out"; exit;
if( $this->getRequest()->getParam('id') <= 0 )
$articleModel->setCreatedTime(
Mage::getSingleton('core/date')
->gmtDate());
$articleModel
->addData($postData)
->setUpdatedTime(
Mage::getSingleton('core/date')
->gmtDate())
->setId($this->getRequest()->getParam('id'))
->save();
$lastid = $articleModel->getId();
if($data['image'] != '')
{
foreach($data['image'] as $img)
{
$imageModel=Mage::getModel('blog/image');
$imageModel->setArticleId($lastid)->setImage($data['image'])->save();
}
}
Mage::getSingleton('adminhtml/session')
->addSuccess('successfully saved');
Mage::getSingleton('adminhtml/session')
->setarticleData(false);
$this->_redirect('*/*/');
//return;
if ($this->getRequest()->getParam('back'))
{
$this->_redirect('*/*/edit',array('id' => $articleModel->getId()));
return;
}
}
catch (Exception $e)
{
Mage::getSingleton('adminhtml/session')
->addError($e->getMessage());
Mage::getSingleton('adminhtml/session')
->setarticleData($this->getRequest()
->getPost());
$this->_redirect('*/*/edit',
array('id' => $this->getRequest()
->getParam('id')));
return;
}
}
$this->_redirect('*/*/');
}
and here is my form for the image
<?php
class Vertax_Blog_Block_Adminhtml_Article_Edit_Tab_Image extends Mage_Adminhtml_Block_Widget_Form
{
protected function _prepareForm()
{
$form = new Varien_Data_Form();
$this->setForm($form);
$fieldset = $form->addFieldset('image_form',
array('legend'=>'image'));
//$fieldset->addType('image', Mage::getConfig()->getBlockClassName('blog/adminhtml_article_helper_image'));
$fieldset->addType('image', 'Vertax_Blog_Block_Adminhtml_Article_Helper_Image');
$fieldset->addField('image', 'image', array(
'label' => 'Image',
'required' => false,
'name' => 'image[]',
'multiple' => 'multiple',
'mulitple' => true,
));
if (Mage::getSingleton('adminhtml/session')->getBlogPostData()) {
$form->setValues(Mage::getSingleton('adminhtml/session')->getBlogPostData());
Mage::getSingleton('adminhtml/session')->setBlogPostData(null);
} elseif (Mage::registry('article_data')) {
$form->setValues(Mage::registry('article_data')->getData());
}
return parent::_prepareForm();
}
}
?>
$uploader = new Mage_Core_Model_File_Uploader(
array(
'name' => $_FILES['galleryImage']['name'][$i],
'type' => $_FILES['galleryImage']['type'][$i],
'tmp_name' => $_FILES['galleryImage']['tmp_name'][$i],
'error' => $_FILES['galleryImage']['error'][$i],
'size' => $_FILES['galleryImage']['size'][$i]
));
Waseem,please try code for upload image..
$uploader = new Mage_Core_Model_File_Uploader('image');
$uploader->setAllowedExtensions(array('jpg', 'jpeg', 'gif', 'png'));
$uploader->setFilesDispersion(true);
$media_path = Mage::getBaseDir('media') . DS . 'blog' . DS;
$imgFilename = time() . $postData['image'];
// Upload the image
//$uploader->save($media_path, $_FILES['image']['name']);echo "4";
$uploader->save($media_path, $imgFilename);
there was a problem in your code while adding fieldset
$fieldset->addField('image', 'image', array(
'label' => 'Image',
'required' => false,
'name' => 'image[]',
'multiple' => 'multiple',
'mulitple' => true,
));
here you had set the name to image[] which in turn will return the array as $_FILES['image][name][], $_FILES['image][tmp_name][].
If you want to upload single file then set 'name' = 'image' or see this question
Try to use
$uploader = new Varien_File_Uploader($_FILES['image']);
instead of what you use currently.

Resources