Compressed File Upload with PHP and cURL

For a small web project I regularly have to upload new data files. I did this using FTP which is somewhat tricky to automate as I learned from a short search. In addition, compressing files for faster upload is also not supported (at least to my knowledge). The solution I finally decided to use is the following:

  1. Compress the files I want to upload using zip.
  2. Upload the files using cURL and a PHP script.
  3. Unzip the uploaded file in the script.

The method itself is VERY insecure because anyone knowing the server side location of the script (i.e. anyone) can upload files to the server. So additional security measures are necessary to prevent this. As I am no security expert, I do not give any recommendations how to do this because the probability of giving bad hints is very high (~1).

The Client Side
In order to upload two files fileA.ext and fileB.ext, two shell commands are necessary (I use Linux and assume the PHP script is named upload.php):

zip -9 upload.zip fileA.ext fileB.ext
curl form uploadfile=@upload.zip http://serverURL/upload.php

The Server Side
The server side PHP script (I use PHP 5.6) is quite simple:

$targetFolder = "/path/to/data/files/on/server/";
$zip = new ZipArchive();
$zip->open($_FILES['uploadfile']['tmp_name'])
$zip->extractTo($targetFolder,array('fileA.ext','fileB.ext'));
$zip->close();

For a real life implementation some checks if all operations were successful are recommended but in principle this script is supposed to work as it is.

Leave a Reply