stop people trying to hack my form

**jabie5** · 03-21-2011, 10:58 PM

hi guys
people are always trying to hack my form, they upload files like xxxx.php.jpeg etc.

reading old posts by navaldesign he said

You need to use a code like

$upload_Name1 = $_FILES[$file_key]['name'];
$upload_Name = $prefix.str_replace(" ", "_", $upload_Name1);
$upload_Size = ($_FILES[$file_key]['size']);
$upload_Temp = ($_FILES[$file_key]['tmp_name']);
$upload_Type = ($_FILES[$file_key]['type']);
if($upload_Type != "image/gif" AND $upload_Type != "image/pjpeg" AND $upload_Type != "image/jpeg" AND $upload_Type != "image/png" AND $upload_Type != "image/tiff" AND $upload_Type != "image/bmp"){
$error1 = "$file_key file type is '$upload_Type' which is not allowed! \n";
// Add here a "include" command to include an error page
}

my question is, where and how to insert this code in BV form processor
and will this still work if the uploaded file is named xxxxxx.php.jpeg.

If there is a newer way to avoid these files please enlighten me as these posts where from 2005

thanks
johnny

**navaldesign** · 03-22-2011, 04:17 PM

Unfortunately you can't insert code in the standard BV built in form processor.

You can uncheck the "Use built in form processor" in the form properties, and insert the code (the same as the one the processor would add) adding your own custom code.

If you wish, post the code you now have, from your built in form processor, and I will modify it for you .

**jabie5** · 03-22-2011, 10:09 PM

thanks for the help i thought i had used bv but i think i used wysiwyg but here is the code off one off my form, i have three forms is it possible for you to highlite the changes in red so i can alter my other forms

<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
if (isset($_POST['captcha_code'],$_SESSION['random_txt']) && md5($_POST['captcha_code']) == $_SESSION['random_txt'])
{
unset($_POST['captcha_code'],$_SESSION['random_txt']);
}
else
{
$errorcode = file_get_contents('./error.html');
$replace = "##error##";
$errorcode = str_replace($replace, 'The entered code was wrong.', $errorcode);
echo $errorcode;
exit;
}
}
?>
<?php
function ValidateEmail($email)
{
$pattern = '/^([0-9a-z]([-.\w]*[0-9a-z])*@(([0-9a-z])+([-\w]*[0-9a-z])*\.)+[a-z]{2,6})$/i';
return preg_match($pattern, $email);
}
function RecursiveMkdir($path)
{
if (!file_exists($path))
{
RecursiveMkdir(dirname($path));
mkdir($path, 0777);
}
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$mailto = 'info@sameasiteverwas.co.uk';
$mailfrom = isset($_POST['email']) ? $_POST['email'] : $mailto;
$subject = 'Contact Information';
$message = 'Values submitted from web site form:';
$success_url = './success.html';
$error_url = './error.html';
$error = '';
$eol = "\n";
$max_filesize = isset($_POST['filesize']) ? $_POST['filesize'] * 1024 : 1024000;
$upload_folder = "upload";
$upload_folder = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])."/".$upload_folder;
$boundary = md5(uniqid(time()));
$header = 'From: '.$mailfrom.$eol;
$header .= 'Reply-To: '.$mailfrom.$eol;
$header .= 'MIME-Version: 1.0'.$eol;
$header .= 'Content-Type: multipart/mixed; boundary="'.$boundary.'"'.$eol;
$header .= 'X-Mailer: PHP v'.phpversion().$eol;
if (!ValidateEmail($mailfrom))
{
$error .= "The specified email address is invalid!\n<br>";
}
$prefix = rand(111111, 999999);
$i = 0;
while (list ($key, $val) = each ($_FILES))
{
if ($_FILES[$key]['name'] != "" and file_exists($_FILES[$key]['tmp_name']) and $_FILES[$key]['size'] > 0)
{
$upload_DstName[$i] = $prefix . "_" . str_replace(" ", "_", $_FILES[$key]['name']);
$upload_SrcName[$i] = $_FILES[$key]['name'];
$upload_Size[$i] = ($_FILES[$key]['size']);
$upload_Temp[$i] = ($_FILES[$key]['tmp_name']);
$upload_Type[$i] = ($_FILES[$key]['type']);
$uploadlink[$i] = "$upload_folder/$upload_DstName[$i]";
$upload_fieldname[$i] = $key;
$upload_fieldname_final[$i] = ucwords(str_replace("_", " ", $key));
$fieldvalue[$i] = $uploadlink[$i];
$i++;
}
if ($upload_Size[$i] >= $max_filesize)
{
$error .= "The size of $key (file: $upload_SrcName[$i]) is bigger than the allowed " . $max_filesize/1024 . " Kbytes!\n";
}
}
if (!empty($error))
{
$errorcode = file_get_contents($error_url);
$replace = "##error##";
$errorcode = str_replace($replace, $error, $errorcode);
echo $errorcode;
exit;
}
$uploadfolder = basename($upload_folder);
for ($i = 0; $i < count($upload_DstName); $i++)
{
$uploadFile = $uploadfolder . "/" . $upload_DstName[$i];
if (!is_dir(dirname($uploadFile)))
{
RecursiveMkdir(dirname($uploadFile));
}
else
{
chmod(dirname($uploadFile), 0777);
}
move_uploaded_file($upload_Temp[$i] , $uploadFile);
chmod($uploadFile, 0644);
}
$internalfields = array ("submit", "reset", "send", "captcha_code");
$message .= $eol;
$message .= "IP Address : ";
$message .= $_SERVER['REMOTE_ADDR'];
$message .= $eol;
foreach ($_POST as $key => $value)
{
if (!in_array(strtolower($key), $internalfields))
{
if (!is_array($value))
{
$message .= ucwords(str_replace("_", " ", $key)) . " : " . $value . $eol;
}
else
{
$message .= ucwords(str_replace("_", " ", $key)) . " : " . implode(",", $value) . $eol;
}
}
}
if (count($upload_SrcName) > 0)
{
$message .= "\nThe following files have been uploaded:\n";
for ($i = 0; $i < count($upload_SrcName); $i++)
{
$message .= $upload_SrcName[$i] . " Link: " . $uploadlink[$i] . "\n";
}
}
$body = 'This is a multi-part message in MIME format.'.$eol.$eol;
$body .= '--'.$boundary.$eol;
$body .= 'Content-Type: text/plain; charset=ISO-8859-1'.$eol;
$body .= 'Content-Transfer-Encoding: 8bit'.$eol;
$body .= $eol.stripslashes($message).$eol;
$body .= '--'.$boundary.'--'.$eol;
mail($mailto, $subject, $body, $header);
header('Location: '.$success_url);
exit;
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Upload form.</title>
<meta name="description" content="We often receive photographs in poor condition; we use the latest software and repair techniques to provide the best possible service. We offer photo restoration, colourisation and photo printing.">
<meta name="keywords" content="restoration, colourisation, manipulation, missing corners, speckles, tears, rips, discolouration, water damage, creases, cracks, mould, fading">
<meta name="author" content="jmbwebdesign">
<meta name="categories" content="photo restoration">
<meta name="generator" content="JMB Webdesign.co.uk">
<style type="text/css">
div#container
{
width: 800px;
position: relative;
margin-top: 0px;
margin-left: auto;
margin-right: auto;
text-align: left;
}
</style>
<style type="text/css">
body
{
text-align: center;
margin: 0;
background-color: #FFFFFF;
color: #000000;
}
</style>
<style type="text/css">
h2
{
font-family: Arial;
font-size: 27px;
font-weight: bold;
font-style: normal;
text-decoration: none;
color: #000000;
margin: 0 0 0 0;
padding: 0 0 0 0;
display: inline;
}
a
{
color: #000000;
}
a:hover
{
color: #0000FF;
}
</style>
<script type="text/javascript">

</script>
</head>
<body>
<div id="container">
<div id="wb_ImageMap1" style="margin:0;padding:0;position:absolute;left:0 px;top:0px;width:800px;height:150px;text-align:left;z-index:29;">
<img src="images/header_03.jpg" id="ImageMap1" alt="same as it ever was" usemap="#ImageMapImageMap0" border="0" title="Menu" style="width:800px;height:150px;">
<map name="ImageMapImageMap0">
<area shape="rect" coords="4,119,112,141" href="./index.html" target="" alt="home" title="home">
<area shape="rect" coords="116,113,226,146" href="./restoration.html" target="" alt="restoration" title="restoration">
<area shape="rect" coords="229,119,340,144" href="./colourisation.html" target="" alt="colourisation" title="colourisation">
<area shape="rect" coords="344,114,451,147" href="./manipulation.html" target="" alt="manipulation" title="manipulation">
<area shape="rect" coords="457,111,567,147" href="" target="" alt="upload photos" title="upload photos">
<area shape="rect" coords="572,113,682,147" href="./faq_s.html" target="" alt="faqs and prices" title="faqs and prices">
<area shape="rect" coords="685,113,798,148" href="./contact_us.html" target="" alt="contact_us" title="contact_us">
</map>
</div>
<div id="wb_Text1" style="margin:0;padding:0;position:absolute;left:1 15px;top:167px;width:683px;height:47px;text-align:center;z-index:30;">
<h2>Upload form.<br>
</h2></div>
<div id="wb_ImageMap2" style="margin:0;padding:0;position:absolute;left:0 px;top:147px;width:115px;height:659px;text-align:left;z-index:31;">
<img src="images/left-menu.jpg" id="ImageMap2" alt="left menu" usemap="#ImageMapImageMap1" border="0" title="left_menu" style="width:115px;height:659px;">
<map name="ImageMapImageMap1">
<area shape="rect" coords="3,3,112,163" href="./large_prints.html" target="" alt="large prints" title="large prints">
<area shape="rect" coords="2,171,112,329" href="./slides.html" target="" alt="slides and negatives" title="slides and negatives">
<area shape="rect" coords="6,334,113,491" href="./canvas_prints.html" target="" alt="canvas prints" title="canvas prints">
<area shape="rect" coords="4,497,109,654" href="./memory_cards.html" target="" alt="data recovery" title="data recovery">
</map>
</div>
<div id="wb_Text3" style="margin:0;padding:0;position:absolute;left:9 5px;top:1059px;width:682px;height:19px;text-align:center;z-index:32;">
<font style="font-size:16px" color="#000000" face="Times New Roman"><a href="http://www.jmbwebdesign.co.uk">Copyright© by JMBWEBDESIGN<u> </a></u></font></div>
<div id="wb_Form2" style="position:absolute;left:191px;top:210px;widt h:525px;height:806px;z-index:33">
<form name="upload_form" method="post" action="<?php echo basename(__FILE__); ?>" enctype="multipart/form-data" id="Form2" onsubmit="return Validateupload_form(this)">
<div id="wb_Captcha1" style="margin:0;padding:0;position:absolute;left:1 41px;top:697px;width:257px;height:41px;text-align:left;z-index:0;">
<img src="captcha1.php" alt="Click for new image" title="Click for new image" style="cursor:pointer;width:115px;height:38px;" onclick="this.src='captcha1.php?'+Math.random()">
<input type="text" id="Captcha1Edit" style="position:absolute;left:120px;top:18px;width :142px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;" name="captcha_code" value=""></div>
<input type="text" id="Editbox1" style="position:absolute;left:141px;top:42px;width :255px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:1" name="name" value="">
<input type="text" id="Editbox2" style="position:absolute;left:141px;top:67px;width :255px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:2" name="address1" value="">
<input type="text" id="Editbox5" style="position:absolute;left:141px;top:91px;width :256px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:3" name="address2" value="">
<input type="text" id="Editbox11" style="position:absolute;left:141px;top:115px;widt h:256px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:4" name="address3" value="">
<input type="text" id="Editbox3" style="position:absolute;left:141px;top:140px;widt h:256px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:5" name="city" value="">
<input type="text" id="Editbox4" style="position:absolute;left:141px;top:165px;widt h:256px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:6" name="postcode" value="">
<input type="text" id="Editbox12" style="position:absolute;left:142px;top:190px;widt h:256px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:7" name="phone" value="">
<input type="text" id="Editbox9" style="position:absolute;left:141px;top:215px;widt h:256px;height:18px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:8" name="email" value="">
<div style="position:absolute;left:141px;top:261px;widt h:256px;height:20px;border:1px #C0C0C0 solid;z-index:9">
<select name="required service" size="1" id="Combobox1" style="position:absolute; left:0px;top:0px;width:100%;height:100%;border-width:0px;font-family:Arial;font-size:13px;">
<option></option>
<option value="restoration">restoration</option>
<option value="colourisation">colourisation</option>
<option value="manipulation">manipulation</option>
<option value="quote">quote</option>
<option value="not sure">not sure</option>
</select>
</div>
<div style="position:absolute;left:141px;top:287px;widt h:256px;height:20px;border:1px #C0C0C0 solid;z-index:10">
<select name="return format" size="1" id="Combobox2" style="position:absolute; left:0px;top:0px;width:100%;height:100%;border-width:0px;font-family:Arial;font-size:13px;">
<option value="Email + free P&P">Email + free P&P</option>
<option value="CD + £2.99 Includes P&P (UK)">CD + £2.99 Includes P&P (UK)</option>
<option value="Photograph 6x4 inches + £4.99 Includes P&P (UK)">Photograph 6x4 inches + £4.99 Includes P&P (UK)</option>
<option value="Photograph 8x5 inches + £6.99 Includes P&P (UK)">Photograph 8x5 inches + £6.99 Includes P&P (UK)</option>
</select>
</div>
<textarea name="Comments or Suggestions" id="TextArea1" style="position:absolute;left:141px;top:527px;widt h:256px;height:98px;border:1px #C0C0C0 solid;font-family:Courier New;font-size:13px;z-index:11" rows="5" cols="27"></textarea>
<div id="wb_Text5" style="margin:0;padding:0;position:absolute;left:1 0px;top:216px;width:130px;height:18px;text-align:left;z-index:12;">
<font style="font-size:16px" color="#000000" face="Arial">Email</font><font style="font-size:11px" color="#000000" face="Arial">: </font><font style="font-size:11px" color="#FF0000" face="Arial">*</font></div>
<div id="wb_Text4" style="margin:0;padding:0;position:absolute;left:1 1px;top:42px;width:68px;height:18px;text-align:left;z-index:13;">
<font style="font-size:16px" color="#000000" face="Arial">Name</font><font style="font-size:11px" color="#000000" face="Arial">:</font><font style="font-size:11px" color="#FF0000" face="Arial">*</font></div>
<div id="wb_Text6" style="margin:0;padding:0;position:absolute;left:1 2px;top:68px;width:130px;height:18px;text-align:left;z-index:14;">
<font style="font-size:16px" color="#000000" face="Arial">Address:</font><font style="font-size:16px" color="#FF0000" face="Arial">*</font></div>
<div id="wb_Text7" style="margin:0;padding:0;position:absolute;left:1 0px;top:141px;width:128px;height:18px;text-align:left;z-index:15;">
<font style="font-size:16px" color="#000000" face="Arial">City:</font><font style="font-size:16px" color="#FF0000" face="Arial">*</font></div>
<div id="wb_Text2" style="margin:0;padding:0;position:absolute;left:9 px;top:192px;width:130px;height:18px;text-align:left;z-index:16;">
<font style="font-size:16px" color="#000000" face="Arial">Phone</font><font style="font-size:11px" color="#000000" face="Arial">:</font><font style="font-size:11px" color="#FF0000" face="Arial">*</font></div>
<div id="wb_Text8" style="margin:0;padding:0;position:absolute;left:1 0px;top:262px;width:128px;height:18px;text-align:left;z-index:17;">
<font style="font-size:16px" color="#000000" face="Arial">Required service</font></div>
<div id="wb_Text10" style="margin:0;padding:0;position:absolute;left:1 0px;top:289px;width:128px;height:18px;text-align:left;z-index:18;">
<font style="font-size:16px" color="#000000" face="Arial">Return format</font></div>
<div id="wb_Text11" style="margin:0;padding:0;position:absolute;left:1 15px;top:337px;width:294px;height:38px;text-align:center;z-index:19;">
<font style="font-size:16px" color="#808080" face="Arial"><i>File Upload 300dpi (up to 4Mb each file).</i></font><font style="font-size:16px" color="#000000" face="Times New Roman"><br>
</font><font style="font-size:16px" color="#808080" face="Arial"><i>This may take some time.</i></font></div>
<input type="file" id="FileUpload1" style="position:absolute;left:141px;top:383px;widt h:256px;height:21px;font-family:Courier New;font-size:13px;z-index:20" name="FileUpload1">
<input type="file" id="FileUpload2" style="position:absolute;left:141px;top:410px;widt h:256px;height:21px;font-family:Courier New;font-size:13px;z-index:21" name="FileUpload2">
<input type="file" id="FileUpload3" style="position:absolute;left:141px;top:437px;widt h:256px;height:21px;font-family:Courier New;font-size:13px;z-index:22" name="FileUpload3">
<div id="wb_Text12" style="margin:0;padding:0;position:absolute;left:1 41px;top:495px;width:258px;height:19px;text-align:center;z-index:23;">
<font style="font-size:16px" color="#666666" face="Arial"><i>Comments / Questions / Enquiries</i></font></div>
<div id="wb_Text13" style="margin:0;padding:0;position:absolute;left:1 41px;top:654px;width:258px;height:38px;text-align:center;z-index:24;">
<font style="font-size:16px" color="#666666" face="Arial"><i>Please input the verification code as seen in the image.</i></font></div>
<input type="submit" id="Button1" name="upload" value="Upload" style="position:absolute;left:140px;top:760px;widt h:96px;height:25px;font-family:Arial;font-size:13px;z-index:25">
<input type="reset" id="Button2" name="reset" value="Reset" style="position:absolute;left:300px;top:760px;widt h:96px;height:25px;font-family:Arial;font-size:13px;z-index:26">
<div id="wb_Text9" style="margin:0;padding:0;position:absolute;left:1 0px;top:167px;width:130px;height:18px;text-align:left;z-index:27;">
<font style="font-size:16px" color="#000000" face="Arial">Postcode </font><font style="font-size:16px" color="#FF0000" face="Arial">*</font></div>
<div id="wb_Text14" style="margin:0;padding:0;position:absolute;left:1 41px;top:316px;width:260px;height:16px;text-align:center;z-index:28;">
<font style="font-size:13px" color="#FF0000" face="Arial">* Mandatory fields</font></div>
</form>
</div>
</div>
</body>
</html>

hope ive copied it right

thanks

johnny

**navaldesign** · 03-22-2011, 10:46 PM

<?php
function ValidateEmail($email)
{
$pattern = '/^([0-9a-z]([-.\w]*[0-9a-z])*@(([0-9a-z])+([-\w]*[0-9a-z])*\.)+[a-z]{2,6})$/i';
return preg_match($pattern, $email);
}
function RecursiveMkdir($path)
{
if (!file_exists($path))
{
RecursiveMkdir(dirname($path));
mkdir($path, 0777);
}
}
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
$mailto = 'info@sameasiteverwas.co.uk';
$mailfrom = isset($_POST['email']) ? $_POST['email'] : $mailto;
$subject = 'Contact Information';
$message = 'Values submitted from web site form:';
$success_url = './success.html';
$error_url = './error.html';
$error = '';
$eol = "\n";
$max_filesize = isset($_POST['filesize']) ? $_POST['filesize'] * 1024 : 1024000;
$upload_folder = "upload";
$upload_folder = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['SCRIPT_NAME'])."/".$upload_folder;
$boundary = md5(uniqid(time()));
$header = 'From: '.$mailfrom.$eol;
$header .= 'Reply-To: '.$mailfrom.$eol;
$header .= 'MIME-Version: 1.0'.$eol;
$header .= 'Content-Type: multipart/mixed; boundary="'.$boundary.'"'.$eol;
$header .= 'X-Mailer: PHP v'.phpversion().$eol;
if (!ValidateEmail($mailfrom))
{
$error .= "The specified email address is invalid!\n<br>";
}
$prefix = rand(111111, 999999);
$i = 0;
while (list ($key, $val) = each ($_FILES))
{
if ($_FILES[$key]['name'] != "" and file_exists($_FILES[$key]['tmp_name']) and $_FILES[$key]['size'] > 0)
{
$upload_DstName[$i] = $prefix . "_" . str_replace(" ", "_", $_FILES[$key]['name']);
$upload_SrcName[$i] = $_FILES[$key]['name'];
$upload_Size[$i] = ($_FILES[$key]['size']);
$upload_Temp[$i] = ($_FILES[$key]['tmp_name']);
$upload_Type[$i] = ($_FILES[$key]['type']);
if($upload_Type[$i] != "image/gif" AND $upload_Type[$i] != "image/pjpeg" AND $upload_Type[$i] != "image/jpeg" AND $upload_Type[$i] != "image/png" AND $upload_Type[$i] != "image/tiff" AND $upload_Type[$i] != "image/bmp"){
$error .= "$file_key file type is '$upload_Type' which is not allowed! \n";
}
else{
$uploadlink[$i] = "$upload_folder/$upload_DstName[$i]";
$upload_fieldname[$i] = $key;
$upload_fieldname_final[$i] = ucwords(str_replace("_", " ", $key));
$fieldvalue[$i] = $uploadlink[$i];
$i++;
}
if ($upload_Size[$i] >= $max_filesize)
{
$error .= "The size of $key (file: $upload_SrcName[$i]) is bigger than the allowed " . $max_filesize/1024 . " Kbytes!\n";
}
}
if (!empty($error))
{
$errorcode = file_get_contents($error_url);
$replace = "##error##";
$errorcode = str_replace($replace, $error, $errorcode);
echo $errorcode;
exit;
}
$uploadfolder = basename($upload_folder);
for ($i = 0; $i < count($upload_DstName); $i++)
{
$uploadFile = $uploadfolder . "/" . $upload_DstName[$i];
if (!is_dir(dirname($uploadFile)))
{
RecursiveMkdir(dirname($uploadFile));
}
else
{
chmod(dirname($uploadFile), 0777);
}
move_uploaded_file($upload_Temp[$i] , $uploadFile);
chmod($uploadFile, 0644);
}
$internalfields = array ("submit", "reset", "send", "captcha_code");
$message .= $eol;
$message .= "IP Address : ";
$message .= $_SERVER['REMOTE_ADDR'];
$message .= $eol;
foreach ($_POST as $key => $value)
{
if (!in_array(strtolower($key), $internalfields))
{
if (!is_array($value))
{
$message .= ucwords(str_replace("_", " ", $key)) . " : " . $value . $eol;
}
else
{
$message .= ucwords(str_replace("_", " ", $key)) . " : " . implode(",", $value) . $eol;
}
}
}
if (count($upload_SrcName) > 0)
{
$message .= "\nThe following files have been uploaded:\n";
for ($i = 0; $i < count($upload_SrcName); $i++)
{
$message .= $upload_SrcName[$i] . " Link: " . $uploadlink[$i] . "\n";
}
}
$body = 'This is a multi-part message in MIME format.'.$eol.$eol;
$body .= '--'.$boundary.$eol;
$body .= 'Content-Type: text/plain; charset=ISO-8859-1'.$eol;
$body .= 'Content-Transfer-Encoding: 8bit'.$eol;
$body .= $eol.stripslashes($message).$eol;
$body .= '--'.$boundary.'--'.$eol;
mail($mailto, $subject, $body, $header);
header('Location: '.$success_url);
exit;
}
}
?>

**jabie5** · 03-23-2011, 09:11 PM

thanks for that, is there any danger when the file types are "xxxxxx.php.jpg"

thanks
johnny

**Alien Dude** · 03-23-2011, 09:59 PM

Just a thought. in the properties of the upload box under validate you have the option to have only the file extensions you wish to have uploaded ie: .jpg or .png. that way if it isn't then they get the warning. I personally have this set to only except .zip as i can then scan it before opening.

Thread: stop people trying to hack my form

Thread Tools

stop people trying to hack my form

Re: stop people trying to hack my form

Re: stop people trying to hack my form

Re: stop people trying to hack my form

Re: stop people trying to hack my form

Re: stop people trying to hack my form

Thread Information

Users Browsing this Thread

Posting Permissions