BULLETPROOF 
Bulletproof is a single-class library to upload images in PHP with security.
Install
Using git
$ git clone https://github.com/samayo/bulletproof.gitOr composer
$ composer require samayo/bulletproof:3.2.*Or download it manually based on the archived version of release-cycles.
Usage
Create an HTML form like this.
<form method="POST" enctype="multipart/form-data">
<input type="hidden" name="MAX_FILE_SIZE" value="1000000"/>
<input type="file" name="pictures" accept="image/*"/>
<input type="submit" value="upload"/>
</form>And simply copy/paste the code below to upload images
require_once "path/to/bulletproof.php";
$image = new Bulletproof\Image($_FILES);
if($image["pictures"]){
$upload = $image->upload();
if($upload){
echo $upload->getFullPath(); // uploads/cat.gif
}else{
echo $image["error"];
}
}That's all. For complete freedom of what, how and where to install, keep reading :)
Config
Setting Properties
Before uploading, you can use these methods to restrict the image size, dimensions, mime types, location...
// Pass a custom name, or leave it if you want it to be auto-generated
$image->setName($name);
// define the min/max image upload size (size in bytes)
$image->setSize($min, $max);
// define allowed mime types to upload
$image->setMime(array('jpeg', 'gif'));
// set the max width/height limit of images to upload (limit in pixels)
$image->setDimension($width, $height);
// pass name (and optional chmod) to create folder for storage
$image->setLocation($folderName, $optionalPermission); Getting Properties
More methods for getting image info before/after upload.
// get the provided or auto-generated image name
$image->getName();
// get the image size (in bytes)
$image->getSize();
// get the image mime (extension)
$image->getMime();
// get the image width in pixels
$image->getWidth();
// get the image height in pixels
$image->getHeight();
// get image location (folder where images are uploaded)
$image->getLocation();
// get the full image path. ex 'images/logo.jpg'
$image->getFullPath();
// get the json format value of all the above information
$image->getJson();Slightly more customized ways to upload
To set and get image info, before or after image upload, use as:
$image = new Bulletproof\Image($_FILES);
$image->setName("samayo")
->setMime(["gif"])
->setLocation(__DIR__ . "/avatars");
if($image["pictures"]){
if($image->upload()){
echo $image->getName(); // samayo
echo $image->getMime(); // gif
echo $image->getLocation(); // avatars
echo $image->getFullPath(); // avatars/samayo.gif
}
}Image Manipulation
Bulletproof is for uploading image sonly, to watermark, crop, resize images, checkout
the separate functions in src/utils
Creating your own custom errors
To create your own errors and responses, instead of the default error messages, use exceptions:
try{
if($image->getMime() !== "png"){
throw new \Exception(" Image should be a 'png' type ");
}
// use the same to validate getSize(), getWidth(), getHeight() ...
if($image->upload()){
$image->getFullPath(); // insert to db
}else{
throw new \Exception($image["error"]);
}
}catch(\Exception $e){
echo $e->getMessage();
}What makes this secure?
- Uses
exif_imagetype()to get the true image mime (.extension) - Uses
getimagesize()to check if image has a valid height / width in pixels. - Sanitized images names, strict folder permissions and more...