File Uploads via POST vars

[ssjskipp]

I know how to do images and flash (.swf) files (by "do" I mean check file type, etc.), but I'm curious to figure out how to make music, and script (.php; .html; etc.) uploads, and check what type of file they are...

[ChaosXero]

Not entirely sure but you could:
[code]<?
$filename = $_POST['file'];
$ftype = explode(".", $filename);
switch ($ftype['1']){
case ".php":
//etc
case ".png":
//etc
}
[/code]

[ssjskipp]

Thanks, I'll give that a shot =]
BTW, this is only for me to upload, so it's okay if it's not secure.
[quote author=ChaosXero link=topic=101250.msg400459#msg400459 date=1153406292]
Not entirely sure but you could:
[code]<?
$filename = $_POST['file'];
$ftype = explode(".", $filename);
switch ($ftype['1']){
case ".php":
//etc
case ".png":
//etc
}
[/code]
[/quote]

[HeyRay2]

Don't rely only on the file extension.

Unscrupulous people will change them on you to upload malicious code and "unwanted" files on your server.

A better method is to use an array of MIME filetypes and their associated extensions. This gives you two points of security that every file uploaded must adhere to in order to be considered valid. Like so:

[code]
<?php
$valid_files = array();
$valid_files[0] = array("image/png", "png");
$valid_files[1] = array("image/jpeg", "jpg");

$filename = $_POST['file'];
$ftype = $_POST['file']['type'];
$fext = explode(".", $filename);
// Since some people use "." in their filenames, we'll take the last item in the $fext array
$fext = $fext[count($fext)-1];

// Set a variable to flag if we find a valid file. Set to 0 by default (not valid until we verify)
$file_is_valid = 0;

foreach($valid_files as $key => $value){
  // $value[0] is the MIME type
  // $value[1] is the file extension
  if( ($value[0] == $ftype) && ($value[1] == $fext) ){
      $file_is_valid = 1;
  }
}

if( $file_is_valid = 1 ){
  // Upload file
} else {
  // Error out. File is not allowed
}
?>
[/code]