phpretard Posted February 16, 2009 Share Posted February 16, 2009 How can I test for file type and only allow gif, jpeg, png witht the script below? function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['uploaded']['name']) ; $new = $_SESSION['LOGO']."."; $target = "logos/"; $target = $target . $new.$ext; if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { ...stuff } Quote Link to comment Share on other sites More sharing options...
antonyjohn Posted February 16, 2009 Share Posted February 16, 2009 use $_FILES['filename']['type']; Quote Link to comment Share on other sites More sharing options...
phpretard Posted February 16, 2009 Author Share Posted February 16, 2009 Where? if ($ext!="gif" || $ext!="jpg" || $ext!="png"){ NO WORKY } Quote Link to comment Share on other sites More sharing options...
antonyjohn Posted February 16, 2009 Share Posted February 16, 2009 function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['uploaded']['name']) ; $new = $_SESSION['LOGO']."."; $target = "logos/"; $target = $target . $new.$ext; if ($ext=="gif" || $ext=="jpg" || $ext=="png"){ if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { ...stuff } } this code will allow u to upload pictures with file format gif, jpg,png Quote Link to comment Share on other sites More sharing options...
printf Posted February 16, 2009 Share Posted February 16, 2009 I'll give you a simple example on how to upload the images you want safely! Using the core functions the way they were designed to be used. <?php function handleFiles ( $max_size, $move_to, $allow_overwrite, $file_types ) { $process = array (); /* handle magic quotes problems that affect files array and back slashes */ if ( ( bool ) get_magic_quotes_gpc () ) { $variables = array (); if ( is_array ( $_FILES ) ) { foreach ( $_FILES AS $name => $value ) { $_FILES[$name]['tmp_name'] = str_replace ( '\\', '\\\\', $value['tmp_name'] ); } $variables[] =& $_FILES; } /* the safest way to loop globals removing magic quotes */ while ( list ( $n, $v ) = each ( $variables ) ) { foreach ( $v AS $name => $value ) { if ( is_array ( $value ) ) { $variables[] =& $variables[$n][$name]; } else { $variables[$n][$name] = stripslashes ( $value ); } } } } if ( is_array ( $_FILES ) ) { $x = 0; foreach ( $_FILES AS $name => $value ) { if ( is_uploaded_file ( $_FILES[$name]['tmp_name'] ) ) { if ( $_FILES[$name]['tmp_name'] != 'none' ) { $size = filesize ( $_FILES[$name]['tmp_name'] ); if ( $size <= $max_size ) { if ( false === $allow_overwrite && file_exists ( $move_to . $_FILES[$name]['name'] ) ) { $process['error'][] = 'cannot overwite an existing file named ' . $_FILES[$name]['name']; break; } $extension = strtolower ( substr ( $_FILES[$name]['name'], ( strrpos ( $_FILES[$name]['name'], '.' ) + 1 ) ) ); if ( array_key_exists ( $extension, $file_types ) ) { if ( $file_types[$extension] == 'image' ) { if ( false === @getimagesize ( $_FILES[$name]['tmp_name'] ) ) { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', file type (' . $extension . ') is not an image file'; break; } } else { /* add other file type processing here */ } if ( move_uploaded_file ( $_FILES[$name]['tmp_name'], $move_to . $_FILES[$name]['name'] ) ) { $process['upload'][$x]['name'] = substr ( $_FILES[$name]['name'], 0, strrpos ( $_FILES[$name]['name'], '.' ) ); $process['upload'][$x]['type'] = $extension; $process['upload'][$x]['size'] = $size; $x++; } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', can not be moved to directory ' . $move_to; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', file type (' . $extension . ') is not in the allowed list of upload files'; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', size (' . $size . ') is over the maximum size (' . $max_size . ') allowed'; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', does not contain any content'; } } else { $process['error'][] = 'the file ' . $_FILES[$name]['name'] . ', is not an uploded file'; } } } return $process; } /* number of uploads allowed */ $uploads = 5; /* the maximum single file size (bytes) */ $max_size = 1048576; /* allow overwriting of files */ $allow_overwrite = false; /* directory to move files to */ $move_to = './files/'; /* file types allowed */ $file_types = array ( 'gif' => 'image', 'jpg' => 'image', 'jpeg' => 'image', 'png' => 'image' ); /* check if we have any images, move them if we do */ $process = handleFiles ( $max_size, $move_to, $allow_overwrite, $file_types ); ?> <html> <head> <title>ADMIN UPLOAD FORM</title> </head> <body> <center> <br /> <br /> <form enctype='multipart/form-data' action='<?=$_SERVER['PHP_SELF'];?>' method='post'> <p></p> <p></p> UPLOAD FILES <br /> <br /> <table width='400' cellpadding='1' cellspacing='0'> <?php for ( $i = 1; $i <= 5; $i++ ) { echo "<tr>"; echo "<td align='center' width='300'><input type='file' name='file" . $i . "' size='40'></td>\r\n"; echo "</tr>"; } echo "</table>"; ?> <br /> <br /> <input type='submit' name='submit' value='UPLOAD!'> </form> <center> </body> </html> <?php /* just dump the results so we see what was uploaded or not */ if ( ! empty ( $process ) ) { echo "<pre>\r\n"; print_r ( $process ); echo "<pre>\r\n"; } ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.