I would like to talk about hacks and how to secure your code in 2 levels. The 2 levels are:

• Code level.
• Server (host) level.

The rist for not securing these two levels are:

• Losing important data.
• Losing your database.
• New files and folders created on your server (hack).
• updating your current files by adding maleware script to the end of files.

PHP level security:

The PHP level will prevent injections to SQL datbase.

So, it will secure you from losing data having problem with your database.
The most thing you should know is: Don't trust any data sent from client.
So,
for numeric posts (POST or GET) use: "(int)" before the variable. This will change the type of it to integer (if you need it like that). See this code:
$id = (int)$_GET['id'];
// OR
$id = (int)$_POST['id'];

Also see the list of types below:

• (int) cast to integer.
• (bool) cast to boolean.
• (float) cast to float.
• (string) cast to string.
• (array) cast to array.
• (unset) cast to NULL (PHP 5).
• (binary) cast to binary (PHP 6).

When you have POST or GET data sent from client as String or TEXT, try to clean it to prevent SQL injections by using "mysql_real_escape_string($string)" function.
Example:
$text = mysql_real_escape_string($_POST['textfield']);

NOTE: don't forget to prevent access to inner files used in includes.

Server (Host) level:

Try to download the Security information test from PHP.net and upload it to your host to show your the host security levels. Download it from this link: http://phpsec.org/projects/phpsecinfo/

Here is the list of security issues and better values they should get:

• allow_url_fopen must be: 0 (disabled)
• allow_url_include must be: 0 (disabled)
• magic_quotes_gpc must be: 0 (disabled)
• register_globals must be: 0 (disabled)
• SAFE_MODE: you can turn off this feature, this feature is Deprecated in PHP 5.3 and Removed in PHP 6

 Don't forget to do the following:

• Add empty file named as "index.html" to any directoy doesn't have any "index.html" or "index.php" files.
• Remove any write permissions on any file or folder you don't want to change or modify.
• Add permissions to inner folders to prevent direct access.

Link: http://www.freelancer-id.com/upload-crop-resize-in-php

I was looking for a simple way to crop part of an image using PHP code. The idea of this is to create image thumbnail for large images uploaded. These large images could be used for previews, screen shots, wallpapers.. etc.

And because we don't have an exact ratio between Image width and height, we should crop part of the original image to use it as a thumbnail.

Note: we can find the ratio between width and height and then resize the image. But this won't work prefect, so we better use cropping to get the size we need.
Also, we can crop part of resized image to use it as a thumbnail.

Let me now explain the code used to crop part of image.


// Receiving image.
$image = $_FILES["image"]["tmp_name"];
// Creating temp image as a source image (original image).
$src = imagecreatefromjpeg($image);

// Create new image with a new width and height.
$dest = imagecreatetruecolor($width, $height);

// Copy new image to memory after cropping.
imagecopy($dest, $src, 0, 0, $left, $top, $width, $height);

$path="images/croppedImage.jpg";
$compress = 60;

// Creating new image cropped image as JPG and save it to $dest
imagejpeg($dest,$path,$compress);

// Freeing up memory.
imagedestroy($dest);
imagedestroy($src);


Hope this will be helpful.

Also, you can download the the latest class from: http://www.freelancer-id.com/upload-crop-resize-in-php