Hi everyone,
I'm busy with building an image uploader which directly show the uploaded image, gives the user the ability to crop this and automatically resizes the images.
In the attachment you can find the chronoforms action I created. As element you have to take custom code and type {image_upload}.
Now you will be able to upload images, preview them, crop them and more. They will be uploaded to the action_folder/scripts/uploads/.
Hopefully you now have an general idea of the action. Its by far not finished, but I have an security problem. Does anyone know how to make sure that only form users can send the file to upload.php and no one else? The transfer is done via XMLHttpRequest.
Is a token an idea?
If you want more information, please let me know!
I'm busy with building an image uploader which directly show the uploaded image, gives the user the ability to crop this and automatically resizes the images.
In the attachment you can find the chronoforms action I created. As element you have to take custom code and type {image_upload}.
Now you will be able to upload images, preview them, crop them and more. They will be uploaded to the action_folder/scripts/uploads/.
Hopefully you now have an general idea of the action. Its by far not finished, but I have an security problem. Does anyone know how to make sure that only form users can send the file to upload.php and no one else? The transfer is done via XMLHttpRequest.
Is a token an idea?
If you want more information, please let me know!
Hi nkt,
There's a security token built into ChronoForms. You can probably check that. But it won't work if uploads.php can't access the User session. You can pass the user id back with the upload data and then look up the corresponding session to see if it is valid. Or you could create your own token save it as a database record and check from the upload.php to see if it is still valid.
I installed the action - it doesn't cause any errors :-) but doesn't show anything in the form either :-)
Brave to use jQuery here :-)
The action should be in a zip file instead of a rar so that it will work with the ChronoForms action installer.
Bob
There's a security token built into ChronoForms. You can probably check that. But it won't work if uploads.php can't access the User session. You can pass the user id back with the upload data and then look up the corresponding session to see if it is valid. Or you could create your own token save it as a database record and check from the upload.php to see if it is still valid.
I installed the action - it doesn't cause any errors :-) but doesn't show anything in the form either :-)
Brave to use jQuery here :-)
The action should be in a zip file instead of a rar so that it will work with the ChronoForms action installer.
Bob
Hi nkt,
Just wondering if you have successfully solved the session security issue, and then have a more recent update to the upload and cropper action before I install this one?
Have a site where ID photos need to be uploaded and in a large number of cases cropped before they are saved, so this would be a great action to get started with for that.
Patrick
Just wondering if you have successfully solved the session security issue, and then have a more recent update to the upload and cropper action before I install this one?
Have a site where ID photos need to be uploaded and in a large number of cases cropped before they are saved, so this would be a great action to get started with for that.
Patrick
This topic is locked and no more replies can be posted.
