Web Space Management System - File Upload - Part 1

This blog post will be the first part of a series of blog posts through which I will share my experience while working on the course work for my second semester – a web space management system.

I will be splitting up the course work into the following parts

• User authentication – User registration and login functionality
• File upload – File upload functionality
• File management – create/delete directories, move/delete files.

This first post will focus on the file upload functionality; we will only be working on 2 files, the index.html which will contain the file input form where the user selects the files to upload and the uploadFile.php which contains the backend PHP code to handle the actual file upload.

Index.html

 The index page contains a simple html form as used in the previous blog post. Since the form will be handling files the enctpye attribute has been set to multipart/form-data and the input field type attribute has been set to file, this will allow the user to select files located on the local machine to be uploaded. The above script will post the form to the uploadFile.php page.

On chrome the above html page will be rendered as follows

 When the user clicks the choose file button an explorer window is opened for selection.

uploadFile.php

 This script takes care of the file upload process, it moved the uploaded file to the uploads/ directory and prompts the user when successful

The example above simple demonstrates the functionality that PHP offers to handle file uploads and although it works should not be used without further validations and restrictions.

Some vulnerability with this setup

• Full directory listing of the upload directory is available to everyone navigating to http://localhost/phpFileUpload/uploads/

•  Users can execute PHP code on the server by uploading .php files and loading them from the browser as explained below.

1. Upload hack.php file containing the following text <?php echo "PHP code executed on server... " ?>
2. Load http://localhost/phpFileUpload/uploads/hack.php

As you can se from the above screenshot, the PHP code was executed.

In the next blog post I will go though the authentication system as well as how to secure the application against malicious attacks such as the one shown above.