Jmz Posted July 17, 2008 Share Posted July 17, 2008 I'm making an image upload script, I only want the user to be able to upload jpg, gif and png images. To enforce this I first check the file extension, then I want to check the mime type of the image. However I seem to be running into some problems, when I have tried to debug my script it seems that some images (according to the script) have blank mime types but when I have tried uploading the image on an image upload site it works fine. Does anybody have a tried and tested method of getting an uploaded files mime type and checking it is an image? Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted July 17, 2008 Share Posted July 17, 2008 $image = 'my/images/image.jpg'; if(!getimagesize($image)){ // This is an invalid image }else{ // This is a valid image } Quote Link to comment Share on other sites More sharing options...
craygo Posted July 17, 2008 Share Posted July 17, 2008 Some code may help to see what you have. Quote Link to comment Share on other sites More sharing options...
discomatt Posted July 17, 2008 Share Posted July 17, 2008 Mime-types are defined by the browser, so they can't be trusted anyways Try making a simple script like this <?php if ( empty( $_FILES ) ) echo <<<FORM <form enctype="multipart/form-data" action="" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="300000" /> Send this file: <input name="userfile" type="file" /> <input type="submit" value="Send File" /> </form> FORM; else print_r( $_FILES ) ?> Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 17, 2008 Author Share Posted July 17, 2008 I've tried a few different ways but none have seemed to work so far. Basically they have consisted of getting the mime type and then comparing it against an array of allowed mime types. $mimetype = strtolower($_FILES['uploadedfile']['type']); $mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif'); if (in_array($mimetype, $mimetypes)){ }else{ die("mime type not allowed"); } and $mimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name'])); $mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif'); if (in_array($mimetype, $mimetypes)){ }else{ die("mime type not allowed"); } But both seem to have problems with the same images. For example the winter.jpg sample image on windows xp doesn't seem to work on any computer I try. Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted July 17, 2008 Share Posted July 17, 2008 did you try my example? Quote Link to comment Share on other sites More sharing options...
discomatt Posted July 17, 2008 Share Posted July 17, 2008 Try using the above script I posted, and actually echo out the mime type. This is totally client side though (from what I've read), so it shouldn't have anything to do with PHP... With the exception of this guy $mimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name'])); Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 17, 2008 Author Share Posted July 17, 2008 Thanks discomatt and The Little Guy, I'll look at both your solutions later on today. Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 17, 2008 Author Share Posted July 17, 2008 @discomatt: The code you gave me seems to display the info of even the images that I couldn't get to work before. How can I get the values from the array into my script? Quote Link to comment Share on other sites More sharing options...
discomatt Posted July 17, 2008 Share Posted July 17, 2008 Show me a more complete copy of your script... from validating your mime type to inserting it into the database. Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 17, 2008 Author Share Posted July 17, 2008 This is the page I use for the user to create a gallery, they upload an image which is resized and add some information about the gallery. <?php //--------------------------------------------------- // Include the files we need //--------------------------------------------------- include("restrict.php"); include("../../config/connect.php"); include("../../config/settings.php"); include("../../config/functions.php"); //--------------------------------------------------- // Make sure user hasnt reached their upload limit //--------------------------------------------------- $galcount = mysql_query("SELECT count(*) as gal from tbl_gallery WHERE fld_userid = '$UserID'"); $gal_q = mysql_fetch_assoc($galcount); $galc = $gal_q['gal']; $UserPack = mysql_query("SELECT fld_pack FROM tbl_users WHERE fld_id = '$UserID'"); $User_q = mysql_fetch_assoc($UserPack); $UserPackNum = $User_q['fld_pack']; $packdetails = mysql_query("SELECT fld_galleries FROM tbl_packages WHERE fld_id = '$UserPackNum'"); $pack_q = mysql_fetch_assoc($packdetails); $PackLimit = $pack_q['fld_galleries']; if ($galc < $PackLimit){ //--------------------------------------------------- // set variables we need //--------------------------------------------------- $target_path = "../../uploads/".$UserID."/"; $user_prefix = "thumb_"; $image_prefix = rand(); $mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif', ''); $extensions = array('jpg', 'gif', 'jpeg', 'png', 'pjpeg'); $target_path = $target_path.$user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); $_FILES['uploadedfile']['tmp_name']; //--------------------------------------------------- // Check the image isnt too big //--------------------------------------------------- $file_size = $_FILES['uploadedfile']['size']; if ($file_size >= $thumb_limit_size) { echo "Your file is too big"; exit (); } //--------------------------------------------------- // Give the image a name //--------------------------------------------------- $thumbname = $user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); //--------------------------------------------------- // !--- Check the mime type // !--- Turned off //--------------------------------------------------- $mimetype = strtolower($_FILES['uploadedfile']['type']); if (in_array($mimetype, $mimetypes)){ }else{ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>"; exit(); } //--------------------------------------------------- // Get the extension of the image //--------------------------------------------------- $extension = getExtension($thumbname); $extension = strtolower($extension); if (in_array($extension, $extensions)){ }else{ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=n\"/>"; exit(); } //--------------------------------------------------- // Upload & resize the file //--------------------------------------------------- if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) { switch($extension) { case "jpeg"; $image = imagecreatefromjpeg($target_path); break; case "jpg"; $image = imagecreatefromjpeg($target_path); break; case "gif"; $image = imagecreatefromgif($target_path); break; case "png"; $image = imagecreatefrompng($target_path); break; default: return FALSE; } if ($image === false) { die ('Unable to open image'); } $width = imagesx($image); $height = imagesy($image); $imageratio = $width/$height; if ($width>$height){ $newwidth = $thumb_width; $newheight = $height * ($newwidth/$width); }else{ $newheight = $thumb_width; $newwidth = $width * ($newheight/$height); } $image_resized = imagecreatetruecolor($newwidth, $newheight); imagecopyresized($image_resized, $image, 0, 0, 0, 0, $newwidth, $newheight, $width, $height); ImageJpeg ($image_resized,"$target_path"); move_uploaded_file ($image_resized, "$target_path"); $galleryname = $_POST['galleryname']; $gallerydescription = $_POST['gallerydescription']; $gallerykeywords = $_POST['gallerykeywords']; if (empty ($galleryname) or empty ($gallerydescription) or empty ($gallerykeywords)) { echo "Fill out all fields"; exit(); } $galleryname = mysql_real_escape_string($galleryname); $gallerydescription = mysql_real_escape_string($gallerydescription); $gallerykeywords = mysql_real_escape_string($gallerykeywords); $create_gallery = mysql_query("INSERT INTO tbl_gallery (fld_id, fld_galleryname, fld_gallerydesc, fld_keywords, fld_userid, fld_thumbname) values ('', '$galleryname', '$gallerydescription', '$gallerykeywords', '$UserID', '$thumbname')"); if ($create_gallery){ echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=s\"/>"; } else { echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=e\"/>"; } //if the image couldn't be moved to the server } else{ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>"; } //if the person has reached their upload limit }else{ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=f\"/>"; } ?> Quote Link to comment Share on other sites More sharing options...
discomatt Posted July 17, 2008 Share Posted July 17, 2008 And the problem is you're getting redirected to ../create_gallery.php?msg=e? Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 17, 2008 Author Share Posted July 17, 2008 Yes. Quote Link to comment Share on other sites More sharing options...
discomatt Posted July 17, 2008 Share Posted July 17, 2008 Try this $mimetype = strtolower($_FILES['uploadedfile']['type']); echo '***'. $mimetype .'***' See if you're getting any unnecessary padding that may be screwing things up Also try changing the check to if ( !in_array($mimetype, $mimetypes) ){ echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>"; exit(); } Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 17, 2008 Author Share Posted July 17, 2008 Nope, on the images that wont upload it just says ****** as if the mime type was empty ??? Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 18, 2008 Author Share Posted July 18, 2008 There has got to be something fundamentally wrong with my code, I just dont have a clue what it is I'm rewriting the whole thing from scratch to see if I make the same mistake again. Quote Link to comment Share on other sites More sharing options...
Jmz Posted July 18, 2008 Author Share Posted July 18, 2008 Just finished rewriting the script and it works now, I dont have a clue what was stopping it working before ??? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.