Jump to content

Archived

This topic is now archived and is closed to further replies.

ssjskipp

File Uploads via POST vars

Recommended Posts

I know how to do images and flash (.swf) files (by "do" I mean check file type, etc.), but I'm curious to figure out how to make music, and script (.php; .html; etc.) uploads, and check what type of file they are...

Share this post


Link to post
Share on other sites
Not entirely sure but you could:
[code]<?
$filename = $_POST['file'];
$ftype = explode(".", $filename);
switch ($ftype['1']){
case ".php":
//etc
case ".png":
//etc
}
[/code]

Share this post


Link to post
Share on other sites
Thanks, I'll give that a shot =]
BTW, this is only for me to upload, so it's okay if it's not secure.
[quote author=ChaosXero link=topic=101250.msg400459#msg400459 date=1153406292]
Not entirely sure but you could:
[code]<?
$filename = $_POST['file'];
$ftype = explode(".", $filename);
switch ($ftype['1']){
case ".php":
//etc
case ".png":
//etc
}
[/code]
[/quote]

Share this post


Link to post
Share on other sites
Don't rely only on the file extension.

Unscrupulous people will change them on you to upload malicious code and "unwanted" files on your server.

A better method is to use an array of MIME filetypes and their associated extensions. This gives you two points of security that every file uploaded must adhere to in order to be considered valid. Like so:

[code]
<?php
$valid_files = array();
$valid_files[0] = array("image/png", "png");
$valid_files[1] = array("image/jpeg", "jpg");

$filename = $_POST['file'];
$ftype = $_POST['file']['type'];
$fext = explode(".", $filename);
// Since some people use "." in their filenames, we'll take the last item in the $fext array
$fext = $fext[count($fext)-1];

// Set a variable to flag if we find a valid file. Set to 0 by default (not valid until we verify)
$file_is_valid = 0;

foreach($valid_files as $key => $value){
  // $value[0] is the MIME type
  // $value[1] is the file extension
  if( ($value[0] == $ftype) && ($value[1] == $fext) ){
      $file_is_valid = 1;
  }
}

if( $file_is_valid = 1 ){
  // Upload file
} else {
  // Error out. File is not allowed
}
?>
[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.