mahalleday Posted November 11, 2008 Share Posted November 11, 2008 I am working on a file upload form for an application I am building for my site. Al it is to take a few input as well as a file (image) if the user so chooses and upload the file to a folder on the server and place the image name as well as the rest of the inputs into a database for later use. I can get all that to work but now that I have gone back to add some security measures i.e.. limiting the allowable file types to images and renaming the file that is uploaded, I am having some issues. Namely When I submit the form without a file to upload I always get back an error as if the I tried to upload an file with an unallowed extension. Here is my code: <?php //validate and handle file upload if(!empty($_FILES['image'])) { $file = $_FILES['image']['name']; //list of the allowed file types => this should be placed in a database table in the future $allowed = array('image/jpg', 'image/jpeg', 'image/png', 'image/pjeg'); //check to see if file is of the correct type if(in_array($_FILES['image']['type'], $allowed)) { //set upload directory $uploaddir = './images/'; //move imageto server and resize if needed } else {$errors[] = 'The file you attempted to uplaod was of an unallowed type';} } else { $file = 'ad_img.png'; } ?> Any ideas??? I am pretty much at my wits end here I can;t see any reall errors with what I have done. Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/ Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 I think this will be good guidance for you http://www.w3schools.com/PHP/php_file_upload.asp Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687443 Share on other sites More sharing options...
mahalleday Posted November 11, 2008 Author Share Posted November 11, 2008 Thanks, it looks not to dissimilar to what I already have. It's not the upload part it's the file type validation. But I'll give what they show a go and see what happens. Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687464 Share on other sites More sharing options...
mahalleday Posted November 11, 2008 Author Share Posted November 11, 2008 That did not help. It validates fine when a file is submitted but what i need it to do is bypass the validation when no file is uploaded, to give people the option of not uploading an image. Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687470 Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 Then do something like if(isset($_POST['the_field_name_for_the_upload_box'])) { //do upload stuff } else { //nothing attempting to be uploaded } Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687480 Share on other sites More sharing options...
mahalleday Posted November 11, 2008 Author Share Posted November 11, 2008 I tried that already all it totally bypasses everything. Here is my full code for the file validation. I have the move_uploaded file stuff commented because I plan to add that once the thing validates right (I have the code in another file ready to be thrown in). <?php //validate and handle file upload if(isset($_POST['image'])) { $file = $_FILES['image']['name']; $type = $_FILES['image']['type']; //list of the allowed file types => this should be placed in a database table in the future $allowed = array('image/jpg', 'image/jpeg', 'image/png', 'image/pjeg'); //check to see if file is of the correct type if(in_array($type, $allowed)) { //set upload directory $uploaddir = './images/'; //move imageto server and resize if needed /*if(move_uploaded_file()) { } else { $errors[] = 'The file could not be uploaded for the following:<br/>'; switch ($_FILES['image']['erorr']) { case 1: echo 'The file exceeds the alloalble max file size allowed by php'; break; case 2: echo 'The file size exceeds the max allowable file size for this site'; break; case 3: echo 'The file was not completley uploaded'; break; case 4: echo 'No file was available for upload'; break; case 6: echo 'No tempprary folder was available'; break; case default: echo 'A system error occured please report your error to webmaster and try again'; break; } } */ } else { $errors[] = 'The file you attempted to upload was of an unallowed type<br/>-Please upload a png, or jpeg image<br/>'; //delete image from server //unlink($_FILES['image']['tmp_name']); } } else { $file = 'ad_img.png'; $type = 'image/png'; } ?> Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687487 Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 try adding echo $file; echo "<br>"; print_r($_FILES); underneath $file = 'ad_img.png'; $type = 'image/png'; Just to see if what is going on Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687489 Share on other sites More sharing options...
mahalleday Posted November 11, 2008 Author Share Posted November 11, 2008 hmm... I get this Array ( [image] => Array ( [name] => header.jpg [type] => image/jpeg [tmp_name] => C:\wamp\tmp\phpBD2F.tmp [error] => 0 => 7604 ) ) So I assume the for whatever reason my max size uplaod is set to 0 which is obviously being exceeded? Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687494 Share on other sites More sharing options...
corbin Posted November 11, 2008 Share Posted November 11, 2008 Error 0 means there's not an error, and size => 7604 means it's 7604. Am I misreading that, or are you? Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687505 Share on other sites More sharing options...
mahalleday Posted November 11, 2008 Author Share Posted November 11, 2008 No I would assume that it's me mis-reading it. I must admit I'm not fully up to speed on some of this stuff. Kinda learning as I go. Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687513 Share on other sites More sharing options...
DeanWhitehouse Posted November 11, 2008 Share Posted November 11, 2008 Hmm, i don't see what is causing the error, this should help you in some ways. http://uk2.php.net/features.file-upload And maybe http://uk2.php.net/manual/en/ini.core.php#ini.post-max-size http://uk2.php.net/manual/en/ini.core.php#ini.upload-max-filesize Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687651 Share on other sites More sharing options...
mahalleday Posted November 11, 2008 Author Share Posted November 11, 2008 I had a read through that stuff but it doesn't shed any light on why this won't work. I have even tried checking to see if the $_FILEs['image '] is empty and then processing accordingly but again that wont work either. I have also tried this... <?php if(isset($_POST['image'])) { //do the validation checks and upload } else { //since to file was uploaded use this default image $file = 'ad_img.png'; $type = 'image/png'; } ?> To me this should force the file and file type to be valid even if no file has been uploaded by the user. But this still won't work. If nothign is submitted I stil get my 'Invalid file type error...' This is driving me nuts, and you know it has to be some little thing. Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-687849 Share on other sites More sharing options...
mahalleday Posted November 14, 2008 Author Share Posted November 14, 2008 It came to me suddenly on the plane coming home from a business trip. At the start of the file upload validateion I origonaly had: <?php if(isset($_FILES['image'])) { //do this } else { //do this } ?> What is should have been was this: <?php if(isset($_FILES['image'][u][b]['name'][/b][/u])) { //do this } else { //do this } ?> Such a simple thing and it took so lonf to figure out. Thanks for all your advice and suggestions. Here is the full upload check code for anyone who is wants it: <?php //validate and handle file upload if(!empty($_FILES['image']['name'])) { $file = $_FILES['image']['name']; //$type = $_FILES['image']['type']; $type = strrchr($file, '.'); //list of the allowed file types => this should be placed in a database table in the future $allowed = array('.jpg', '.jpeg', '.png', '.pjeg'); //check to see if file is of the correct type if(in_array($type, $allowed)) { //set upload directory $uploaddir = './images/'; //move imageto server and resize if needed if(move_uploaded_file()) { } else { $errors[] = 'The file could not be uploaded for the following:<br/>'; switch ($_FILES['image']['erorr']) { case 1: echo 'The file exceeds the alloalble max file size allowed by php'; break; case 2: echo 'The file size exceeds the max allowable file size for this site'; break; case 3: echo 'The file was not completley uploaded'; break; case 4: echo 'No file was available for upload'; break; case 6: echo 'No tempprary folder was available'; break; case default: echo 'A system error occured please report your error to webmaster and try again'; break; } } } else { $errors[] = 'The file you attempted to upload was of an unallowed type<br/>-Please upload a png, or jpeg image<br/>'; //delete image from server //unlink($_FILES['image']['tmp_name']); } } else { //if the user does not choose to upload a pic you can specify a genric one here the $type varibale does not matter $file = 'ad_img.png'; //generic image if non uploaded by user $type = '.png'; //image type for generic image => does not matter } ?> Link to comment https://forums.phpfreaks.com/topic/132237-solved-file-upload-extension-validation/#findComment-689920 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.