views:

61

answers:

5

Hi,

I have been manipulating image files after uploading in the usual way like moving the file from the /tmp folder to a preferred folder of the site.

Now i want to manipulate images by keeping them in the temp folder and once i have done with it then i want to move it to the preferred folder.

What i am trying to do is ...

  1. Showing a very simple custom file upload dialog.
  2. Select an image and click upload.
  3. The form is submitted to an iframe so i can show a progressing bar.
  4. The php script will echo the javascript code which will call a parent window function from the iframe to notify that the image has been uploaded.
  5. I wanted to show another dialog which will display the image from the tmp folder so that the user can resize and crop.
  6. When the user selects a region on the image to crop i will send the coordinates to the server and will manipulate the image in the tmp folder.
  7. When the image manipulation has been done i want the final image to be moved to my target folder.

here are my doubts.

  1. How long will the temp image be there in the tmp folder.
  2. How do i display the image in the temp folder in my dialog box because i only have its physical path.
  3. I think i can do it like <img src='fetchfromtmp.php?filename>. isn't it?
  4. and in the php script i can readfile the image like readfile('tmp/tmpfile').

    So, finally, will manipulating from temp folder holds good?. will it be effective/suggestive?. What could be the complications? if any.

    I would like to have suggestions and alternatives for my idea. Thank you.

+1  A: 

The short answer is , this is not a good idea. Files in the tmp folder can be deleted without ur intervention, so move them to a temp folder inside your own application, process it there and once done, move it to its final location.

Sabeen Malik
yes. that would be the default action as i have explained. But i want to know behind the scenes. this i have been thinking for a long time and today i have asked. thank you.
Jayapal Chandran
There is really no behind-the-scene thing here. The problem is simple, it is very much possible to do what you plan on doing HOWEVER the only and the biggest problem is, what if the tmp folder is cleared while you are working on the file by the OS or by scheduled job or something similar? There is no point in taking that risk.
Sabeen Malik
yes. i agree. thanks for the punch. only after raising this question i am making myself more aware of the problem and i said that is the reason i raised this question. SO I WILL CONSIDER THIS.
Jayapal Chandran
+1  A: 
  • The image will be in the tmp folder until it is deleted. It's possible your host clears this out routinely, but probably not, so it will remain there unless you delete it.
  • In order to display an image from the tmp folder you'd have to read it in with a script and serve it (or use X-Sendfile).
  • PHP can read from the tmp directory without any problems

However, you can solve all of these problems by simply moving the image to a tmp directory within your application after upload. That way you know it won't be deleted, you can easily serve it to the user and you know you'll be able to read the file.

Alternatively if you have access to your php.ini file you can change upload_tmp_dir and get the images uploaded to the tmp directory in your application in the first place.

Tim Fountain
You shouldn't rely on undocumented features. Just move the goddamn files or your program will behave incoherently under different setups.
Sebastián Grignoli
i am experimenting with the replies. so, i will comment you a little later.
Jayapal Chandran
I will follow this one too. for now i will move the file. Firstly i got confused the way you started by the term the files in temp will not be deleted. and then i got your answer when you said by setting a tmp folder in ini file so that the uploaded files will be a folder in the user's control so that we can delete old files using cron. i hope you mentioned in that way. Thank you. besides i did a little expermient which made me clear that uploaded files will be deleted when script terminates. i checked in localhost. Thank You.
Jayapal Chandran
Can you confirm that you were talking about the custom tmp folder which is set in ini file other than the default /tmp folder. so that i can be sure of all these answers.
Jayapal Chandran
I wasn't aware tmp files are removed after the end of the script, this hasn't been my experience. But the point still stands - just move the uploaded file to a directory within your application and then manipulate it from there.
Tim Fountain
Yes. ok. Thank you.
Jayapal Chandran
+1  A: 

I don't think you should use the temp folder like this, unfortunately, you will have to create your own (or use a database to store the images). The reasons are your point 1 & 2:

  1. An image is only guaranteed to stay in the temp folder until the script that uploaded it is finished running. This means that whatever script your form submits it to should move it somewhere safe
  2. Usually, this temp folder will be somewhere that isn't visible to the user. You can hack something like you've suggested, but then you have to be very sure of what you're doing to avoid creating any security leaks.
Michael Clerx
Regarding the deleting of files in tmp: What @TimFountain said might be true in practice (I never checked), but it's not what should happen theoretically. From the PHP manual: "The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed."
Michael Clerx
yeah. i am experimenting it. so i will comment you a little later.
Jayapal Chandran
why tim has mentioned that files will not be deleted. when i experiment in localhost i can see that after the script has terminated the file is deleted. may be he is talking about the custom folder which when set in ini as default upload folder the file will not be deleted because it is inside users scope. the files can be removed using cron. am i right?
Jayapal Chandran
If you have your own temp folder you can use a cronjob to just delete all files older than an hour or so.
Michael Clerx
+1  A: 

the docs are quite clear about this

The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed.

so your idea won't work. On the other side, renaming a file is a very cheap operation in most OS'es, so there are no good reasons NOT to move the temp file immediately.

stereofrog
yeah. i am experimenting it. so i will comment you a little later.
Jayapal Chandran
i like your answer in the line 'renaming the file will not take much resources'... yes i agree. besides... the reason for me to ask such a question is i dont want to maintain the file name in the database until it has been cropped by the user. anyway all the answers were usefull.
Jayapal Chandran
+1  A: 
I think i can do it like <img src='fetchfromtmp.php?filename>. isn't it?

This would introduce a vulnerability to your server. Don't forget that the temporary folder holds the session files too by default.

Sebastián Grignoli
This i am doing it for the admin user. anyway, not following this would be more beneficial you say... yes i agree.
Jayapal Chandran