limitbreaker

Alright, sorry it's been long, but that did help a lot, so thanks. But now there's a different problem. You see, some mp4 files decide to upload, while others don't even leave any info. I tried removing all the hex restrictions and only put a file extension array thing: $file = $_FILES['file']; $blah = explode(".", $file["name"]); $extension = end($blah); $allowedExts = array("jpg", "jpeg", "gif", "png", "mp4", "wmv", "mov", "mp3", "wma", "m4a"); $handle = fopen("${file['tmp_name']}", "rb"); $hex = bin2hex(fread($handle, 4)); if(in_array($extension, $allowedExts)) { if ($file["error"] > 0) { echo "Something is wrong with the file."; } else { if(file_exists("users/$id/$folder/".$file["name"])) { header('Location:files.php?msg=4'); } else { move_uploaded_file($file["tmp_name"], "users/1/Administrator/${file["name"]}"); } echo "Upload successful! Hex: $hex; Extension: $extention"; } } else { echo "We don't support this filetype! Hex: $hex; Extension: $extension"; } } Now, for these purposes I removed some variables, as they work fine when a file decides to upload. But when an upload isn't successful, I don't get anything after the Hex and Extension parts. I've even tried doing something like $blah[0] or $blah[1], but that doesn't give me anything either. The thing is, whatever files upload seem to be completely random. The beginning hex values are the same in two with the same extension (mp4), but only one of them actually uploads. AFAIK, other files seem to work alright.

Right: $handle = fopen("${file['tmp_name']}", "r"); if ($handle) { while (!feof($handle)) { $hex = bin2hex(fread($handle, 4)); //following is for wmv, mp4, mov, m4v if ($hex == "3026b275" || $hex == "0000001C") { move_uploaded_file($file["tmp_name"], "users/$id/$folder/${file["name"]}"); } } } Now, all the variables here are defined, $file has uploaded properly and $id, etc were previously defined. As I said earlier, the fread line doesn't return 4 bytes as specified. I tried returning $hex and it gave me this huge string of numbers.

So, I have this media upload thing on a website, but I'd like it to be a little more secure. I tried using mime types but it's just not working for me, like it won't detect mp4 or wmv I think. Then I tried reading the file itself and checking the first 8 bites (hex codes) but fread() won't limit the number of bytes read for some reason so I can't detect all different filetypes that way either. Does anyone know how I can go about doing this? Thanks in advance.

Alright, this distinguishes images from other media, but the only other filetype that makes it through this filter successfully is wav. Anything else just gives the upload successful message but nothing happens at all. This is the code in each if statement (only slight variations for each): mysql_query("INSERT INTO updates (id,name,numb,music,folder) VALUES('$id', '$name', '$num', '${file['name']}', '$folder')"); move_uploaded_file($file["tmp_name"], "users/$id/$folder/${file["name"]}"); would something like $_FILES['file']['type'] work instead of this finfo()?

Hi, Basically I'm trying to see if a file is a photo, video, or sound by detecting mime type through the finfo functions: $finfo = finfo_open(FILEINFO_MIME_TYPE); $mime = finfo_file($finfo, $file['tmp_name']); Thing is, my following if statements aren't detecting the mime types properly (meaning EVERYTHING is considered a photo): if ( $mime == ("image/jpeg" || "image/pjpeg" || "image/gif" || "image/png" || "image/x-png") ) elseif ( $mime == ("video/mp4" || "video/x-ms-wmv") ) elseif ( $mime == ("audio/mpeg" || "audio/x-wav" || "audio/x-ms-wma") ) else { header("Location:home.php"); } I'm guessing finfo is giving me problems, but I don't really know another way to distinguish these files. Is there possibly a different way I can get a little higher level of security (I know MIME types can be faked)? *The statements do have properly functioning code in brakets {}, I just removed it for the sake of simplicity --Thanks in advance

I've been a PHP programmer for a year, self taught, but would a combo of mysql_real_escape_string and pass() be sufficient?

Not seeing where $_request['comment'] comes into play, so I'm assuming that's supposed to be the same message that goes through chat_msg.php. First of all, you should get rid of the AJAX request in the original HTML. I'd keep the text in the database as it is, and place the emote code right before you echo in chat_msg: <?php session_start(); mysql_connect("localhost","root","") or die(mysql_error()); mysql_select_db(chat) or die(mysql_error()); $sess = session_id(); $mg = $_REQUEST['m']; $sql = mysql_query("INSERT INTO msg VALUES('','$sess','$mg')") or die(mysql_error()); $req = mysql_query("SELECT * FROM msg") or die(mysql_error()); while($row = mysql_fetch_array($req)){ $m = $row['message']; $emo = array("<3", "#12", "@153", "#45", "@352"); $img = array("<img src='emotions/1.png' height='113' width='120' alt='ugly' />", "<img src='emotions/2.png' height='113' width='120' alt='happy' />", "<img src='emotions/3.png' height='113' width='120' alt='love' />", "<img src='emotions/4.png' height='113' width='120' alt='sweet' />", "<img src='emotions/5.png' height='113' width='120' alt='smiley' />"); $new_str = str_replace($emo, $img, $m); echo "<hr />"; echo $new_str; } ?>

Alright, sorry about this but I managed to solve it myself... any way to delete this question or something?

Hi, I have a string in the format of "id_name:message:date" id being a number, name being the user's name, and so on. The problem is, when I split it using split(":"), the 1st array is only name instead of id_name. The whole id_name thing is pretty crucial to the function, so... is there maybe another function, or is there something I'm doing wrong? Thanks in advance.

Worked like a charm, thank you! Thanks for the help, but with this I can't seem to get any children to $item

Hi, So, the following: require 'panel.php'; $guy = $_GET['user']; $path = "users/$guy"; $sql = mysql_query("SELECT * FROM users WHERE id='$guy'"); $row = mysql_fetch_array($sql); $folders = array_filter(scandir($path), function($item) { return is_dir($path . $item); }); echo "<title>WeLeague - ${row['display']}'s Media</title>"; returns only the folders in a directory (mysql is already connected in panel.php). The problem is, when I echo $folders in a for loop, I get the following error 4 times: "Notice: Undefined variable: path in C:\Program Files (x86)\EasyPHP-12.1\www\www.weleague.org\media.php on line 12" [line 12 being the is_dir line] Then it proceeds to echo . and .. (the current and parent directories). Maybe I'm missing something? Thanks in advance!