6

I would like to use cURL in php to upload an image to a remote image server. I have this piece of code, it's on the webserver:

<form enctype="multipart/form-data" encoding="multipart/form-data" method="post" action="webform.php">
<input name="somevar" type=hidden value='.$somevar.'>
<input name="uploadfile" type="file" value="choose">
<input type="submit" value="Upload">
</form>

and:

if (isset($_FILES['uploadfile']) ) {

 $filename  = $_FILES['uploadfile']['tmp_name'];
 $handle    = fopen($filename, "r");
 $data      = fread($handle, filesize($filename));
 $POST_DATA = array(
   'somevar' => $somevar,
   'uploadfile' => $data
 );
 $curl = curl_init();
 curl_setopt($curl, CURLOPT_URL, 'http://1.1.1.1/receiver.php');
 curl_setopt($curl, CURLOPT_TIMEOUT, 30);
 curl_setopt($curl, CURLOPT_POST, 1);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($curl, CURLOPT_POSTFIELDS, $POST_DATA);
 $response = curl_exec($curl);
 curl_close ($curl);
 echo $response;

}

On the image server I've got an image upload handling php file, which worked very well on localhost, but I would like to use it on the remote server. This is how I handled the uploaded image file in the receiver.php:

move_uploaded_file($_FILES['uploadfile']['tmp_name'], $file)

I want to directly pass the image file to the remote server script, so this way I don't need to rewrite the whole upload script. I tried to post the image name, type, size as post variables, but I haven't got the ['tmp_name'] since it's not on localhost.

How can I solve this? Thank you guys for any help!

Improve this question

1 Answer 1

Reset to default
10

Here's a possible solution;

  • Handle the upload on your web server and move the uploaded file to a local temp location
  • Then make a curl POST request to remote server and tell it what the uploaded file name & data is; as base64_encoded string
  • Remote server script receives the upload as a standard http post
  • All it now has to do is decode the file data, save it as the specified file name

So, this is how the solution looks like:

Sorry, i did not test this, but it should work.

index.php

<?php

// Handle upload
if(isset($_POST["submit"]))
{
    // Move uploaded file to a temp location
    $uploadDir = '/var/www/uploads/';
    $uploadFile = $uploadDir . basename($_FILES['userfile']['name']);
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile))
    {
        // Prepare remote upload data
        $uploadRequest = array(
            'fileName' => basename($uploadFile),
            'fileData' => base64_encode(file_get_contents($uploadFile))
        );

        // Execute remote upload
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, 'http://1.1.1.1/receiver.php');
        curl_setopt($curl, CURLOPT_TIMEOUT, 30);
        curl_setopt($curl, CURLOPT_POST, 1);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $uploadRequest);
        $response = curl_exec($curl);
        curl_close($curl);
        echo $response;

        // Now delete local temp file
        unlink($uploadFile);
    }
    else
    {
        echo "Possible file upload attack!\n";
    }
}

?>

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="index.php" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

Then, on the receiver.php, you can do the following:

// Handle remote upload
if (isset($_POST['fileName']) && $_POST['fileData'])
{
    // Save uploaded file
    $uploadDir = '/path/to/save/';
    file_put_contents(
        $uploadDir. $_POST['fileName'],
        base64_decode($_POST['fileData'])
    );

    // Done
    echo "Success";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I will try it soon and reply back how it goes. Thank you.
Thank you, it works! I would like to point out to the future visitors that this method needs more security, if you want to implement it in your code. You need to: check extension, mime type, size, generate a random name, move_uploaded_file, use imagecreatefromjpg and imagejpeg php function. On the image server you need to: perform all above tasks again to be sure that nobody can avoid the security checks if someone directly send a request to your image server.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.