Uploading Images - Mime Types

Jmz · July 17, 2008

I'm making an image upload script, I only want the user to be able to upload jpg, gif and png images.

To enforce this I first check the file extension, then I want to check the mime type of the image. However I seem to be running into some problems, when I have tried to debug my script it seems that some images (according to the script) have blank mime types but when I have tried uploading the image on an image upload site it works fine.

Does anybody have a tried and tested method of getting an uploaded files mime type and checking it is an image?

The Little Guy · July 17, 2008

$image = 'my/images/image.jpg';
if(!getimagesize($image)){
     // This is an invalid image
}else{
     // This is a valid image
}

craygo · July 17, 2008

Some code may help to see what you have.

discomatt · July 17, 2008

Mime-types are defined by the browser, so they can't be trusted anyways

Try making a simple script like this

<?php

if (  empty( $_FILES )  )

echo <<<FORM
<form enctype="multipart/form-data" action="" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>
FORM;

else

print_r( $_FILES )

?>

Jmz · July 17, 2008

I've tried a few different ways but none have seemed to work so far. Basically they have consisted of getting the mime type and then comparing it against an array of allowed mime types.

$mimetype = strtolower($_FILES['uploadedfile']['type']);
$mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif');

if (in_array($mimetype, $mimetypes)){

}else{
die("mime type not allowed");
}

and

$mimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name']));
$mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif');

if (in_array($mimetype, $mimetypes)){

}else{
die("mime type not allowed");
}

But both seem to have problems with the same images. For example the winter.jpg sample image on windows xp doesn't seem to work on any computer I try.

The Little Guy · July 17, 2008

did you try my example?

discomatt · July 17, 2008

Try using the above script I posted, and actually echo out the mime type. This is totally client side though (from what I've read), so it shouldn't have anything to do with PHP...

With the exception of this guy

$mimetype = shell_exec(escapeshellcmd ("file -bi ".$FILES['uploadedfile']['tmp_name']));

Jmz · July 17, 2008

Thanks discomatt and The Little Guy, I'll look at both your solutions later on today.

Jmz · July 17, 2008

@discomatt: The code you gave me seems to display the info of even the images that I couldn't get to work before. How can I get the values from the array into my script?

discomatt · July 17, 2008

Show me a more complete copy of your script... from validating your mime type to inserting it into the database.

Jmz · July 17, 2008

This is the page I use for the user to create a gallery, they upload an image which is resized and add some information about the gallery.

<?php
//---------------------------------------------------
//     Include the files we need
//---------------------------------------------------
include("restrict.php");
include("../../config/connect.php");
include("../../config/settings.php");
include("../../config/functions.php");

//---------------------------------------------------
//     Make sure user hasnt reached their upload limit
//---------------------------------------------------	
$galcount = mysql_query("SELECT count(*) as gal from tbl_gallery WHERE fld_userid = '$UserID'");
$gal_q = mysql_fetch_assoc($galcount);
$galc = $gal_q['gal'];

$UserPack = mysql_query("SELECT fld_pack FROM tbl_users WHERE fld_id = '$UserID'");
$User_q = mysql_fetch_assoc($UserPack);
$UserPackNum = $User_q['fld_pack'];

$packdetails = mysql_query("SELECT fld_galleries FROM tbl_packages WHERE fld_id = '$UserPackNum'");
$pack_q = mysql_fetch_assoc($packdetails);
$PackLimit = $pack_q['fld_galleries'];

if ($galc < $PackLimit){

//---------------------------------------------------
//     set variables we need
//---------------------------------------------------
$target_path = "../../uploads/".$UserID."/";
$user_prefix = "thumb_";
$image_prefix = rand();

$mimetypes = array('image/jpeg', 'image/png', 'image/pjpeg', 'image/gif', '');
$extensions = array('jpg', 'gif', 'jpeg', 'png', 'pjpeg');

$target_path = $target_path.$user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); 
$_FILES['uploadedfile']['tmp_name'];  

//---------------------------------------------------
//     Check the image isnt too big
//---------------------------------------------------
$file_size = $_FILES['uploadedfile']['size'];

if ($file_size >= $thumb_limit_size) {
echo "Your file is too big";
exit ();
}

//---------------------------------------------------
//     Give the image a name
//---------------------------------------------------
$thumbname = $user_prefix.$image_prefix.basename( $_FILES['uploadedfile']['name']); 


//---------------------------------------------------
//     !--- Check the mime type
//     !--- Turned off
//---------------------------------------------------
$mimetype = strtolower($_FILES['uploadedfile']['type']);


if (in_array($mimetype, $mimetypes)){

}else{
echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>";
exit();
}


//---------------------------------------------------
//     Get the extension of the image
//---------------------------------------------------
$extension = getExtension($thumbname);
$extension = strtolower($extension);

if (in_array($extension, $extensions)){

}else{
echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=n\"/>";
exit();
}

//---------------------------------------------------
//     Upload & resize the file
//---------------------------------------------------

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {

switch($extension)
{
	case "jpeg";
		$image = imagecreatefromjpeg($target_path);
	break;
	case "jpg";
		$image = imagecreatefromjpeg($target_path);		
	break;
	case "gif";
		$image = imagecreatefromgif($target_path);		
	break;
	case "png";
		$image = imagecreatefrompng($target_path);		
	break;
	default:
		return FALSE;
}
if ($image === false) { die ('Unable to open image'); }

$width = imagesx($image);
$height = imagesy($image);

$imageratio = $width/$height;

if ($width>$height){
$newwidth = $thumb_width;
$newheight = $height * ($newwidth/$width);
}else{
$newheight = $thumb_width;
$newwidth = $width * ($newheight/$height);
}

	$image_resized = imagecreatetruecolor($newwidth, $newheight);
    	imagecopyresized($image_resized, $image, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);
	ImageJpeg ($image_resized,"$target_path");	
	move_uploaded_file ($image_resized, "$target_path");	


$galleryname = $_POST['galleryname'];
$gallerydescription = $_POST['gallerydescription'];
$gallerykeywords = $_POST['gallerykeywords'];

if (empty ($galleryname) or empty ($gallerydescription) or empty ($gallerykeywords)) {
	echo "Fill out all fields";
	exit();
}

$galleryname = mysql_real_escape_string($galleryname);
$gallerydescription = mysql_real_escape_string($gallerydescription);
$gallerykeywords = mysql_real_escape_string($gallerykeywords);

$create_gallery = mysql_query("INSERT INTO tbl_gallery (fld_id, fld_galleryname, fld_gallerydesc, fld_keywords, fld_userid, fld_thumbname) values ('', '$galleryname', '$gallerydescription', '$gallerykeywords', '$UserID', '$thumbname')");

if ($create_gallery){
	echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=s\"/>";
} else {
	echo "<meta http-equiv=\"refresh\" content=\"0;url=../modify_gallery.php?msg=e\"/>";
}	

//if the image couldn't be moved to the server
} else{
	echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>";
}

//if the person has reached their upload limit
}else{
	echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=f\"/>";
}

?>

discomatt · July 17, 2008

And the problem is you're getting redirected to ../create_gallery.php?msg=e?

Jmz · July 17, 2008

Yes.

discomatt · July 17, 2008

Try this

$mimetype = strtolower($_FILES['uploadedfile']['type']);
echo '***'. $mimetype .'***'

See if you're getting any unnecessary padding that may be screwing things up

Also try changing the check to

if ( !in_array($mimetype, $mimetypes) ){
    echo "<meta http-equiv=\"refresh\" content=\"0;url=../create_gallery.php?msg=e\"/>";
    exit();
}

Jmz · July 17, 2008

Nope, on the images that wont upload it just says ****** as if the mime type was empty ???

Jmz · July 18, 2008

There has got to be something fundamentally wrong with my code, I just dont have a clue what it is

I'm rewriting the whole thing from scratch to see if I make the same mistake again.

Jmz · July 18, 2008

Just finished rewriting the script and it works now, I dont have a clue what was stopping it working before ???

Sign In

Uploading Images - Mime Types

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information