Jump to content

[SOLVED] File Upload Extension Validation

mahalleday

By mahalleday
in PHP Coding Help

 Share

Recommended Posts

mahalleday Member

mahalleday

Posted
Posted

I am working on a file upload form for an application I am building for my site.  Al it is to take a few input as well as a file (image) if the user so chooses and upload the file to a folder on the server and place the image name as well as the rest of the inputs into a database for later use.  I can get all that to work but now that I have gone back to add some security measures i.e..  limiting the allowable file types to images and renaming the file that is uploaded, I am having some issues.  Namely When I submit the form without a file to upload I always get back an error as if the I tried to upload an file with an unallowed extension.

 

Here is my code:

 

<?php
//validate and handle file upload
    if(!empty($_FILES['image'])) {
        $file = $_FILES['image']['name'];

        //list of the allowed file types => this should be placed in a database table in the future
        $allowed = array('image/jpg', 'image/jpeg', 'image/png', 'image/pjeg');

        //check to see if file is of the correct type
        if(in_array($_FILES['image']['type'], $allowed)) {
            //set upload directory
            $uploaddir = './images/';
            //move imageto server and resize if needed

        }
        else {$errors[] = 'The file you attempted to uplaod was of an unallowed type';}
    }
    else {
        $file = 'ad_img.png';
    }
?>

 

Any ideas??? I am pretty much at my wits end here I can;t see any reall errors with what I have done. 

 

 

Link to comment
https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/
Share on other sites
mahalleday Member

mahalleday

Posted
  • Author
Posted

I tried that already all it totally bypasses everything.  Here is my full code for the file validation.  I have the move_uploaded file stuff commented because I plan to add that once the thing validates right (I have the code in another file ready to be thrown in).

 

<?php
   //validate and handle file upload
   if(isset($_POST['image'])) {
            $file = $_FILES['image']['name'];
            $type = $_FILES['image']['type'];
            //list of the allowed file types => this should be placed in a database table in the future
            $allowed = array('image/jpg', 'image/jpeg', 'image/png', 'image/pjeg');
            //check to see if file is of the correct type
            if(in_array($type, $allowed)) {
                //set upload directory
                $uploaddir = './images/';
                //move imageto server and resize if needed
                /*if(move_uploaded_file()) {
                }
                else {
                    $errors[] = 'The file could not be uploaded for the following:<br/>';
                    switch ($_FILES['image']['erorr']) {
                        case 1:
                            echo 'The file exceeds the alloalble max file size allowed by php';
                            break;
                        case 2:
                            echo 'The file size exceeds the max allowable file size for this site';
                            break;
                        case 3:
                            echo 'The file was not completley uploaded';
                            break;
                        case 4:
                            echo 'No file was available for upload';
                            break;
                        case 6:
                            echo 'No tempprary folder was available';
                            break;
                        case default:
                            echo 'A system error occured please report your error to webmaster and try again';
                            break;
                    }
                }
                */
            }
            else {
                $errors[] = 'The file you attempted to upload was of an unallowed type<br/>-Please upload a png, or jpeg image<br/>';
                //delete image from server
                //unlink($_FILES['image']['tmp_name']);
                }
   }
    else {
        $file = 'ad_img.png';
        $type = 'image/png';
    }
?>

mahalleday Member

mahalleday

Posted
  • Author
Posted

hmm... I get this

 

Array ( [image] => Array ( [name] => header.jpg [type] => image/jpeg [tmp_name] => C:\wamp\tmp\phpBD2F.tmp [error] => 0 => 7604 ) )

 

So I assume the for whatever reason my max size uplaod is set to 0 which is obviously being exceeded?

DeanWhitehouse Advanced Member

DeanWhitehouse

Posted
Posted

Hmm, i don't see what is causing the error, this should help you in some ways.

 

http://uk2.php.net/features.file-upload

And maybe

http://uk2.php.net/manual/en/ini.core.php#ini.post-max-size

http://uk2.php.net/manual/en/ini.core.php#ini.upload-max-filesize

mahalleday Member

mahalleday

Posted
  • Author
Posted

I had a read through that stuff but it doesn't shed any light on why this won't work.  I have even tried checking to see if the $_FILEs['image '] is empty and then processing accordingly but again that wont work either.  I have also tried this...

 

<?php
if(isset($_POST['image'])) {
//do the validation checks and upload

}
    else {
        //since to file was uploaded use this default image
        $file = 'ad_img.png';
        $type = 'image/png';
    }
?>

 

To me this should force the file and file type to be valid even if no file has been uploaded by the user.  But this still won't work.  If nothign is submitted I stil get my 'Invalid file type error...'

 

This is driving me nuts, and you know it has to be some little thing.

mahalleday Member

mahalleday

Posted
  • Author
Posted

It came to me suddenly on the plane coming home from a business trip.  At the start of the file upload validateion I origonaly had:

 

<?php
if(isset($_FILES['image'])) {
      //do this
}
else {
    //do this
}
?>

 

What is should have been was this:

 

<?php
if(isset($_FILES['image'][u][b]['name'][/b][/u])) {
      //do this
}
else {
    //do this
}
?>

 

Such a simple thing and it took so lonf to figure out.  Thanks for all your advice and suggestions.  Here is the full upload check code for anyone who is wants it:

 

<?php
//validate and handle file upload
   if(!empty($_FILES['image']['name'])) {

            $file = $_FILES['image']['name'];
            //$type = $_FILES['image']['type'];
            $type = strrchr($file, '.');
            //list of the allowed file types => this should be placed in a database table in the future
            $allowed = array('.jpg', '.jpeg', '.png', '.pjeg');
            //check to see if file is of the correct type
            if(in_array($type, $allowed)) {
                //set upload directory
                $uploaddir = './images/';
                //move imageto server and resize if needed
                if(move_uploaded_file()) {
                }
                else {
                    $errors[] = 'The file could not be uploaded for the following:<br/>';
                    switch ($_FILES['image']['erorr']) {
                        case 1:
                            echo 'The file exceeds the alloalble max file size allowed by php';
                            break;
                        case 2:
                            echo 'The file size exceeds the max allowable file size for this site';
                            break;
                        case 3:
                            echo 'The file was not completley uploaded';
                            break;
                        case 4:
                            echo 'No file was available for upload';
                            break;
                        case 6:
                            echo 'No tempprary folder was available';
                            break;
                        case default:
                            echo 'A system error occured please report your error to webmaster and try again';
                            break;
                    }
                }
                
            }
            else {
                $errors[] = 'The file you attempted to upload was of an unallowed type<br/>-Please upload a png, or jpeg image<br/>';
                //delete image from server
                //unlink($_FILES['image']['tmp_name']);
                }
    }
    else {
        //if the user does not choose to upload a pic you can specify a genric one here the $type varibale does not matter
        $file = 'ad_img.png'; //generic image if non uploaded by user
        $type = '.png'; //image type for generic image => does not matter
    }
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.