phpretard Posted February 16, 2009 Share Posted February 16, 2009 How can I test for file type and only allow gif, jpeg, png witht the script below? function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['uploaded']['name']) ; $new = $_SESSION['LOGO']."."; $target = "logos/"; $target = $target . $new.$ext; if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { ...stuff } Link to comment https://forums.phpfreaks.com/topic/145400-strict-image-upload/ Share on other sites More sharing options...
antonyjohn Posted February 16, 2009 Share Posted February 16, 2009 use $_FILES['filename']['type']; Link to comment https://forums.phpfreaks.com/topic/145400-strict-image-upload/#findComment-763313 Share on other sites More sharing options...
phpretard Posted February 16, 2009 Author Share Posted February 16, 2009 Where? if ($ext!="gif" || $ext!="jpg" || $ext!="png"){ NO WORKY } Link to comment https://forums.phpfreaks.com/topic/145400-strict-image-upload/#findComment-763315 Share on other sites More sharing options...
antonyjohn Posted February 16, 2009 Share Posted February 16, 2009 function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['uploaded']['name']) ; $new = $_SESSION['LOGO']."."; $target = "logos/"; $target = $target . $new.$ext; if ($ext=="gif" || $ext=="jpg" || $ext=="png"){ if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { ...stuff } } this code will allow u to upload pictures with file format gif, jpg,png Link to comment https://forums.phpfreaks.com/topic/145400-strict-image-upload/#findComment-763320 Share on other sites More sharing options...
printf Posted February 16, 2009 Share Posted February 16, 2009 I'll give you a simple example on how to upload the images you want safely! Using the core functions the way they were designed to be used. <?php function handleFiles ( $max_size, $move_to, $allow_overwrite, $file_types ) { $process = array (); /* handle magic quotes problems that affect files array and back slashes */ if ( ( bool ) get_magic_quotes_gpc () ) { $variables = array (); if ( is_array ( $_FILES ) ) { foreach ( $_FILES AS $name => $value ) { $_FILES[$name]['tmp_name'] = str_replace ( '\\', '\\\\', $value['tmp_name'] ); } $variables[] =& $_FILES; } /* the safest way to loop globals removing magic quotes */ while ( list ( $n, $v ) = each ( $variables ) ) { foreach ( $v AS $name => $value ) { if ( is_array ( $value ) ) { $variables[] =& $variables[$n][$name]; } else { $variables[$n][$name] = stripslashes ( $value ); } } } } if ( is_array ( $_FILES ) ) { $x = 0; foreach ( $_FILES AS $name => $value ) { if ( is_uploaded_file ( $_FILES[$name]['tmp_name'] ) ) { if ( $_FILES[$name]['tmp_name'] != 'none' ) { $size = filesize ( $_FILES[$name]['tmp_name'] ); if ( $size <= $max_size ) { if ( false === $allow_overwrite && file_exists ( $move_to . $_FILES[$name]['name'] ) ) { $process['error'][] = 'cannot overwite an existing file named ' . $_FILES[$name]['name']; break; } $extension = strtolower ( substr ( $_FILES[$name]['name'], ( strrpos ( $_FILES[$name]['name'], '.' ) + 1 ) ) ); if ( array_key_exists ( $extension, $file_types ) ) { if ( $file_types[$extension] == 'image' ) { if ( false === @getimagesize ( $_FILES[$name]['tmp_name'] ) ) { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', file type (' . $extension . ') is not an image file'; break; } } else { /* add other file type processing here */ } if ( move_uploaded_file ( $_FILES[$name]['tmp_name'], $move_to . $_FILES[$name]['name'] ) ) { $process['upload'][$x]['name'] = substr ( $_FILES[$name]['name'], 0, strrpos ( $_FILES[$name]['name'], '.' ) ); $process['upload'][$x]['type'] = $extension; $process['upload'][$x]['size'] = $size; $x++; } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', can not be moved to directory ' . $move_to; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', file type (' . $extension . ') is not in the allowed list of upload files'; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', size (' . $size . ') is over the maximum size (' . $max_size . ') allowed'; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', does not contain any content'; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', is not an uploded file'; } } } return $process; } /* number of uploads allowed */ $uploads = 5; /* the maximum single file size (bytes) */ $max_size = 1048576; /* allow overwriting of files */ $allow_overwrite = false; /* directory to move files to */ $move_to = './files/'; /* file types allowed */ $file_types = array ( 'gif' => 'image', 'jpg' => 'image', 'jpeg' => 'image', 'png' => 'image' ); /* check if we have any images, move them if we do */ $process = handleFiles ( $max_size, $move_to, $allow_overwrite, $file_types ); ?> <html> <head> <title>ADMIN UPLOAD FORM</title> </head> <body> <center> <br /> <br /> <form enctype='multipart/form-data' action='<?=$_SERVER['PHP_SELF'];?>' method='post'> <p></p> <p></p> UPLOAD FILES <br /> <br /> <table width='400' cellpadding='1' cellspacing='0'> <?php for ( $i = 1; $i <= 5; $i++ ) { echo "<tr>"; echo "<td align='center' width='300'><input type='file' name='file" . $i . "' size='40'></td>\r\n"; echo "</tr>"; } echo "</table>"; ?> <br /> <br /> <input type='submit' name='submit' value='UPLOAD!'> </form> <center> </body> </html> <?php /* just dump the results so we see what was uploaded or not */ if ( ! empty ( $process ) ) { echo "<pre>\r\n"; print_r ( $process ); echo "<pre>\r\n"; } ?> Link to comment https://forums.phpfreaks.com/topic/145400-strict-image-upload/#findComment-763348 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.