Php upload image to remote server with cURL

Question

I would like to use cURL in php to upload an image to a remote image server. I have this piece of code, it's on the webserver:

<form enctype="multipart/form-data" encoding="multipart/form-data" method="post" action="webform.php">
<input name="somevar" type=hidden value='.$somevar.'>
<input name="uploadfile" type="file" value="choose">
<input type="submit" value="Upload">
</form>

and:

if (isset($_FILES['uploadfile']) ) {

 $filename  = $_FILES['uploadfile']['tmp_name'];
 $handle    = fopen($filename, "r");
 $data      = fread($handle, filesize($filename));
 $POST_DATA = array(
   'somevar' => $somevar,
   'uploadfile' => $data
 );
 $curl = curl_init();
 curl_setopt($curl, CURLOPT_URL, 'http://1.1.1.1/receiver.php');
 curl_setopt($curl, CURLOPT_TIMEOUT, 30);
 curl_setopt($curl, CURLOPT_POST, 1);
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($curl, CURLOPT_POSTFIELDS, $POST_DATA);
 $response = curl_exec($curl);
 curl_close ($curl);
 echo $response;

}

On the image server I've got an image upload handling php file, which worked very well on localhost, but I would like to use it on the remote server. This is how I handled the uploaded image file in the receiver.php:

move_uploaded_file($_FILES['uploadfile']['tmp_name'], $file)

I want to directly pass the image file to the remote server script, so this way I don't need to rewrite the whole upload script. I tried to post the image name, type, size as post variables, but I haven't got the ['tmp_name'] since it's not on localhost.

How can I solve this? Thank you guys for any help!

Answer 1

Here's a possible solution;

• Handle the upload on your web server and move the uploaded file to a local temp location
• Then make a curl POST request to remote server and tell it what the uploaded file name & data is; as base64_encoded string
• Remote server script receives the upload as a standard http post
• All it now has to do is decode the file data, save it as the specified file name

So, this is how the solution looks like:

Sorry, i did not test this, but it should work.

index.php

<?php

// Handle upload
if(isset($_POST["submit"]))
{
    // Move uploaded file to a temp location
    $uploadDir = '/var/www/uploads/';
    $uploadFile = $uploadDir . basename($_FILES['userfile']['name']);
    if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile))
    {
        // Prepare remote upload data
        $uploadRequest = array(
            'fileName' => basename($uploadFile),
            'fileData' => base64_encode(file_get_contents($uploadFile))
        );

        // Execute remote upload
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, 'http://1.1.1.1/receiver.php');
        curl_setopt($curl, CURLOPT_TIMEOUT, 30);
        curl_setopt($curl, CURLOPT_POST, 1);
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        curl_setopt($curl, CURLOPT_POSTFIELDS, $uploadRequest);
        $response = curl_exec($curl);
        curl_close($curl);
        echo $response;

        // Now delete local temp file
        unlink($uploadFile);
    }
    else
    {
        echo "Possible file upload attack!\n";
    }
}

?>

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="index.php" method="POST">
    <!-- MAX_FILE_SIZE must precede the file input field -->
    <input type="hidden" name="MAX_FILE_SIZE" value="30000" />
    <!-- Name of input element determines name in $_FILES array -->
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

Then, on the receiver.php, you can do the following:

// Handle remote upload
if (isset($_POST['fileName']) && $_POST['fileData'])
{
    // Save uploaded file
    $uploadDir = '/path/to/save/';
    file_put_contents(
        $uploadDir. $_POST['fileName'],
        base64_decode($_POST['fileData'])
    );

    // Done
    echo "Success";
}