Need Advice on Image Uploads

tony_l

OK, I am building a community website. It will have a Content Management System that I am building myself. I will be building an Admin Control Panel that will allow admins to "approve" members so that certain ones can become authors and submit articles through the CMS. Now here is my dilema -

Once they are approved, I want a directory to be created (which will reflect the users screenname) so that all the images that they load related to their articles can be loaded there.

What is the best way to create these directories? (FTP or MKDIR)
What is the best way to upload the files? (securely)
Any suggestions or pointers on how to allow users to include these images in their articles?

Thanks folks.

bpat1434

1.) Use FTP as mkdir() can have some weird results with respect to permissions
2.) Use a form, and make sure that if you insert into a database, that you do so securely (search on it).
3.) I'd set up a basic template. And give the user a chance to upload up to a certain amount of images. Then, each image will be displayed either on the right or left. Then, just insert the article and pictures into the template and save as the article.

My guess is you'll be using mysql or some other database for this project. Normal security precautions apply so make sure you escape all user-inputted data. As for securing a file-upload, you can limit what they can upload via MIME types, extensions, or reading the first few bytes of a file. Other than that, security for file uploads is dependant upon what they can upload...

~Brett