Untitled

<?php

class SecureImage
{
    /**
    *   @author       - RyanTheGreat
    *   @information  - Secure Image class designed to secure images for storage on server
    *   @lastmodified - 10/5/2010
    *   @majorchanges - None
    *   @filelocation - webroot/includes/classes
    */

        protected $_imgOriginalImage;
        protected $_imgSecureImage;
        protected $_strOriginalName;
        protected $_boolStrict;
        protected $_approvedExtension;
        protected $_intMaxWidth;
        protected $_intMaxHeight;
        protected $_allowedExtensions = array('.jpg', '.jpeg', '.gif', '.png');

        public function __construct($imgOriginalImage, $strImageName, $boolStrict, $intMaxWidth = 0, $intMaxHeight = 0)
        {
            $this -> _imgOriginalImage   = $imgOriginalImage; //The actual image in its original form.
            $this -> _strOriginalName    = $strImageName; //The images original name, as supplied by the user
            $this -> _boolStrict         = $boolStrict;
            $this -> _intMaxWidth        = $intMaxWidth;
            $this -> _intMaxHeight       = $intMaxHeight;
        }

        //public function to give access to the SecureImage routines
        public function getSecureImage()
        {
            $passedCheck = $this -> verifyImageType($this -> _imgOriginalImage, $this -> _strOriginalName);
            if($passedCheck === true)
            {
                //passed the original checks, now for the extended protection against maliciously coded images.
                $successfullyCreated = $this -> createSecureImage();
                if($successfullyCreated)
                {
                    return array($this -> _imgSecureImages, $this -> _approvedExtension, $this -> strOrignalName);
                }
                else
                {
                    return 1;
                }
            }
            return $passedCheck;
        }

        //This function creates a new image based off the data supplied in the form it is expected to be in, by rearranging the bytes.
        //This adds protection for any attacks the work based off parsers that grab their headers from the top and ignore junk at the bottom.
        //i.e. Maliciously coded images, GIFARs, etc.
        protected function createSecureImage()
        {
            //different functionality based off image type
            switch($this -> _approvedExtension)
            {
                case '.jpg':
                    $this -> _imgSecureImage = imagecreatefromjpeg($this -> _imgOriginalImage);
                    break;
                case '.jpeg':
                    $this -> _imgSecureImage = imagecreatefromjpeg($this -> _imgOriginalImage);
                    break;
                case '.gif':
                    $this -> _imgSecureImage = imagecreatefromgif($this -> _imgOriginalImage);
                    break;
                case '.png':
                    $this -> _imgSecureImage = imagecreatefrompng($this -> _imgOriginalImage);
                    break;
                default:
                    return false;
                    break;
            }
            if($this -> _imgSecureImage === false)
            {
                return false;
            }
            return true;
        }

        //this function actually writes the Image resource to a file location, or can be used to output to the buffer by leaving the file location null
        public function writeImageToFile($saveLocation = NULL)
        {
            //if writing to buffer, don't forget headers first :)
            if($this -> _approvedExtension == '.jpg' || $this -> _allowedExtension == '.jpeg')
            {
                imagejpeg($this -> _imgSecureImage, $saveLocation);
            }
            else if($this -> _approvedExtension == '.gif')
            {
                imagegif($this -> _imgSecureImage, $saveLocation);
            }
            else if($this -> _approvedExtension == '.png')
            {
                imagepng($this -> _imgSecureImage, $saveLocation);
            }
            else
            {
                //probably mistakenly called this before the getSecureImage function, return false to indicate epicfail
                return false;
            }
            imagedestroy($this -> _imgSecureImage);
            return true;
        }

        //this function verifys the image type based off MIME type and extension supplied by user

        protected function verifyImageType($imgVerifyImage, $strVerifyName)
        {
            $imgData = getimagesize($imgVerifyImage);
            //if there is maximum dimensions set, check them
            if($this -> _intMaxWidth != 0)
            {
                if($imgData[0] > $this -> _intMaxWidth)
                {
                    return 2;
                }
            }
            else if($this -> _intMaxHeight != 0)
            {
                if($imgData[1] > $this -> _intMaxHeight)
                {
                    return 3;
                }
            }
            //verify the extension is among the approved
            $extension = strtolower(trim(strrchr($strVerifyName, '.')));
            if(!in_array($extension, $this -> _allowedExtensions))
            {
                return 4;
            }
            $this -> _approvedExtension = $extension;

            //Next, verify the image data supplied, keep in mind: alone this is easily spoofed, so this is used as defense in depth.
            if($imgData === false || empty($imgData))
            {
                //failed a basic test for image headers, definitely a no-go.
                return 5;
            }

            if($this -> _boolStrict)
            {
                //This isn't necessarily all that strict of a checking procedure, but may not need this functionality everywhere, so it is optional. I suggest using it.
                //Note: If you allow more image types than the default, modify this section accordingly.
                if(($extension == '.jpeg' && $imgData[2] != IMG_JPEG) || ($extension == '.jpg' && $imgData[2] != IMG_JPG) || ($extension == '.gif' && $imgData[2] != IMG_GIF) || ($extension == '.png' && $imgData[2] != IMG_PNG))
                {
                    return IMG_PNG;
                }
            }
            return true;
        }
}
?>