امنیت این کد چقدر هست!!

سلام

من یه کد طراحی کردم که باهاش به کاربرها اجازه بدم تا توی هاستم شکلک آپلود کنن! لذا میخوستم ببینم امنیتش تا چقدر هست!

همچنین باید چه نکات امنیتی دیگه ایی رو رعایت کنم؟

این رو هم بگم که توی این کد من از یه اسکریپت آپلود به صورت آجاکس استفاده میکنم!

[PHP]<?php
session_start();
ini_set('display_errors','false');

include_once "config.php";

function sql_quote( $value ){
if( get_magic_quotes_gpc() )
{ $value = stripslashes( $value ); }
if( function_exists( "mysql_real_escape_string" ) ) { $value = mysql_real_escape_string( $value ); }
else { $value = addslashes( $value ); }
return $value;
}

function valid_email($email){
$pattern = "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$";
if (eregi($pattern, $email)){ return true; } else { return false; }
}

if(isset($_POST['submit'])) {
if (!isset($_SESSION['upload'])){

$_SESSION['smileyname'] = $_POST['smileyname'] ;
$_SESSION['youremail'] = $_POST['youremail'] ;
$_SESSION['yourname'] = $_POST['yourname'] ;
$_SESSION['yourweb'] = $_POST['yourweb'] ;

if ($_POST['smileyname']!='' && $_POST['youremail']!='' && $_POST['yourname']!='' ){
if (valid_email($_POST['youremail'])== TRUE){
if( $_SESSION['security_code'] == $_POST['security_code'] && !empty($_SESSION['security_code'] ) ) {


// Checking _POST
$smiley = sql_quote( $_POST['smileyname'] );
$email = sql_quote( $_POST['youremail'] );
$name = sql_quote( $_POST['yourname'] );
$web = sql_quote( $_POST['yourweb'] );

$sql = "INSERT INTO org_upload ( smiley, email, name, web, time) VALUES ('".$smiley."', '".$email."', '".$name."','".$web."','".date('Y-m-d')."')";
$results = mysql_query($sql, $persianscript);
if (!$results || empty($results)) { $mess = "Can not update datebase"; }

// Edit "upload-file" for upload
$myFile = "upload-file.php";
$fh = fopen($myFile, 'w') or $mess = "can't open file";
$stringData = "
<?php
\$uploaddir = 'uploads/Temp/".$smiley."/';
\$file = \$uploaddir . basename(\$_FILES['uploadfile']['name']);
\$size=\$_FILES['uploadfile']['size'];
if (move_uploaded_file(\$_FILES['uploadfile']['tmp_name'], \$file)) {
echo 'success'; } else { echo 'error '.\$_FILES['uploadfile']['error'].' --- '.\$_FILES['uploadfile']['tmp_name'].' %%% '.\$file.'(\$size)'; }
?> " . PHP_EOL;
fwrite($fh, $stringData);
fclose($fh);


// Create Folder
$structure = './uploads/Temp/'.$smiley.'/';
if (!mkdir($structure, 0755, true)) { $mess = 'Failed to create folders...'; }


// Next Page
if(empty($mess)) $_SESSION['upload'] = "page2";


unset($_SESSION['security_code']);
} else {
$mess = 'Sorry, you have provided an invalid security code';
}

}else{ $mess = "The email address entered was not a valid email address"; }

}else{ $mess = "Please make sure you filled in all the required data"; }

}

session_regenerate_id(true);

} else {
unset ($_SESSION['upload']);
unset ($_SESSION['smileyname']);
unset ($_SESSION['youremail']);
unset ($_SESSION['yourname']);
unset ($_SESSION['yourweb']);
}




?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Language" content="fa" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Upload - Smilehaa - اسمايل هاا</title>
<link media="screen" rel="stylesheet" type="text/css" href="style.css" />
<link media="screen" rel="stylesheet" type="text/css" href="themes/blue/style.css" />
<script type="text/javascript" src="script/jquery-1.4.2.js"></script>
<script type="text/javascript" src="script/uploadjs/swfupload/swfupload.js"></script>
<script type="text/javascript" src="script/uploadjs/jquery.swfupload.js"></script>
<script type="text/javascript">
$(function(){
$('#swfupload-control').swfupload({
upload_url: "upload-file.php",
file_post_name: 'uploadfile',
file_size_limit : "1024",
file_types : "*.jpg;*.png;*.gif;*.bmp",
file_types_description : "Image files",
file_upload_limit :1000,
flash_url : "script/uploadjs/swfupload/swfupload.swf",
button_image_url : 'script/uploadjs/swfupload/wdp_buttons_upload_114x29.png',
button_width : 114,
button_height : 29,
button_placeholder : $('#button')[0],
debug: false
})
.bind('fileQueued', function(event, file){
var listitem='<li id="'+file.id+'" >'+
'File: <em>'+file.name+'</em> ('+Math.round(file.size/1024)+' KB) <span class="progressvalue" ></span>'+
'<div class="progressbar" ><div class="progress" ></div></div>'+
'<p class="status" >Pending</p>'+
'<span class="cancel" >&nbsp;</span>'+
'</li>';
$('#log').append(listitem);
$('li#'+file.id+' .cancel').bind('click', function(){
var swfu = $.swfupload.getInstance('#swfupload-control');
swfu.cancelUpload(file.id);
$('li#'+file.id).slideUp('fast');
});
// start the upload since it's queued
$(this).swfupload('startUpload');
})
.bind('fileQueueError', function(event, file, errorCode, message){
alert('Size of the file '+file.name+' is greater than limit');
})
.bind('fileDialogComplete', function(event, numFilesSelected, numFilesQueued){
$('#queuestatus').text('Files Selected: '+numFilesSelected+' / Queued Files: '+numFilesQueued);
})
.bind('uploadStart', function(event, file){
$('#log li#'+file.id).find('p.status').text('Uploading...' );
$('#log li#'+file.id).find('span.progressvalue').text('0%' );
$('#log li#'+file.id).find('span.cancel').hide();
})
.bind('uploadProgress', function(event, file, bytesLoaded){
//Show Progress
var percentage=Math.round((bytesLoaded/file.size)*100);
$('#log li#'+file.id).find('div.progress').css('width', percentage+'%');
$('#log li#'+file.id).find('span.progressvalue').text(perc entage+'%');
})
.bind('uploadSuccess', function(event, file, serverData){
var item=$('#log li#'+file.id);
item.find('div.progress').css('width', '100%');
item.find('span.progressvalue').text('100%');
var pathtofile='<a href="#">view</a>';
item.addClass('success').find('p.status').html('Do ne!!! | '+pathtofile);
})
.bind('uploadComplete', function(event, file){
// upload has completed, try the next one in the queue
$(this).swfupload('startUpload');
})

});
</script>

<style type="text/css" >
#swfupload-control p{ margin:10px 5px; font-size:0.9em; }
#log{ margin:0; padding:0;}
#log li{ list-style-position:inside; margin:2px; border:1px solid #ccc; padding:10px; font-size:12px;
font-family:Arial, Helvetica, sans-serif; color:#333; background:#fff; position:relative;}
#log li .progressbar{ border:1px solid #333; height:5px; background:#fff; }
#log li .progress{ background:#999; width:0%; height:5px; }
#log li p{ margin:0; line-height:18px; }
#log li.success{ border:1px solid #339933; background:#ccf9b9; }
#log li span.cancel{ position:absolute; top:5px; right:5px; width:20px; height:20px;
background:url('script/uploadjs/swfupload/cancel.png') no-repeat; cursor:pointer; }
</style>

</head>

<body>
<div id="wrap">
<div id="main" class="clearfix">
<div class="clearfix"></div>
<div id="full" class="container clearfix">
<div id="head">
<div class="grid">
<?php require_once "logo.php"; ?>
<ul id="navigation">
<li><a class="round" href="index.php" title="صفحه اصلي"><span>Home</span></a></li>
<li><a class="round" href="Getsmile.php" title="Getsmile دانلود برنامه"><span>Getsmile</span></a></li>
<li><a class="round" href="List.php?page=1" title="ليست شکلک ها"><span>Smiles List</span></a></li>
<li><a class="round" href="contact.php" title="تماس با ما"><span>Contact</span></a></li>
</ul>
</div>
</div>

<div class="big-block grid">

<div class="big-rmin clearfix">
<div class="upload-main">
<p><h3>Upload Smiley and Emoticons</h3></p>
<div class="upload-form"><div id="comment_form">
<p>Do you have any good smiley you wish to share with the rest of us? Upload your best smileys so that other people can download and use directly from this site.</p>
<br/><br/>
<?php if(!empty($mess)) echo '<div class="error">'.$mess.'</div>';
if ($_SESSION['upload'] == "") { ?>

<form action="" method="post">
<label for="foldername"> Smiley Name : </label>
<input class="text" style="width: 230px" type="text" value="<? echo $_SESSION['smileyname']; ?>" name="smileyname" /><br/><br/>
<label for="foldername"> Your Email : </label>
<input class="text" style="width: 230px" type="text" value="<? echo $_SESSION['youremail']; ?>" name="youremail" /><br/><br/>
<label for="foldername"> Your Name : </label>
<input class="text" style="width: 230px" type="text" value="<? echo $_SESSION['yourname']; ?>" name="yourname" /><br/><br/>
<label for="foldername"> Your Web : </label>
<input class="text" style="width: 230px" type="text" value="<? echo $_SESSION['yourweb']; ?>" name="yourweb" /><br/><br/>
<div class="upload-img"><img src="script/CaptchaSecurityImages.php?width=100&height=40&char acters=5" /></div><br/>
<label for="security_code">Security Code: </label>
<input class="text" style="width: 230px" id="security_code" name="security_code" type="text" /><br/><br/>
<input class="upload-submit" type="submit" name="submit" value="Next >" /><br/><br/>
</form>

<?php }else{ ?>
<label for="foldername"> Upload Smiley : </label>
<div id="swfupload-control">
<input type="button" id="button" />
</div><br/>
<ol id="log"></ol><br/><br/>

<?php } ?>
</div></div>
</div>
</div>
</div>
</div>
</div>
</div>

<!-- start footer -->
<? require_once "footer.php"; ?>
[/PHP]

ایراد که زیاد داره ,
من میتونم یه فایل پی اچ پی آپلود کنم رو سرور شما و از اونجا به کل فایل های سایتتون دسترسی داشته باشم !
فرمت فایل رو چک باید بکنی بعد از آپلود , مطمئن بشی عکس هستش !
عکس هارو تو یه پوشه اپلود کن و با فایل اچ تی اکسس اجازه نده جز عکس چیز دیگه ای اجرا بشه از اون پوشه (یه سرچ بزنی پیدا میکنی) !

سلام

من فایل های آپلود رو با کد زیر فیلتر میکنم تا فقط عکس ها آپلود بشن! و همچنین اجازه نمیدم که طرف به فایل آپلود شده دسترسی داشته باشه!

کد:

---

        file_types : "*.jpg;*.png;*.gif;*.bmp",
        file_types_description : "Image files",

---

اما با این حال بازم ممکنه که به هکر بتونه php آپلود کنه و آن رو اجرا کنه؟؟