[SOLVED] Restricting file type uploads....need help please have tried everything!!!

[Tony187uk]

Hi there,

 

I am just starting to learn PHP coding and have been set a task to created an upload php file that has restrictions on it. I have managed to get the uploading part done but as soon as i try and put restrictions on it the hole thing goes to pot!! I have tried countless examples i have found on the web and nothing seems to be working.

This is the script i have been working with and the current if statement in there doesn't work!!! I am confused i want to be able to restrict the upload type to MP3's and JPG's. If anyone could help would be greatly appreciated!!

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

</head>

 

<body>

<?php

$target = "C:/webs/test/upload/";

$target = $target . basename( $_FILES['uploaded']['name']) ;

$ok=1;

 

//This is our size condition

if ($uploaded_size > 350000)

{

echo "Your file is too large.<br>";

$ok=0;

}

 

//This is our limit file type condition

if ($uploaded_type =="text/php")

{

echo "No PHP files<br>";

$ok=0;

}

 

 

 

//Here we check that $ok was not set to 0 by an error

if ($ok==0)

{

Echo "Sorry your file was not uploaded";

}

 

//If everything is ok we try to upload it

else

{

if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))

{

echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";

}

else

{

echo "Sorry, there was a problem uploading your file.";

}

}

?>

 

?>

</body>

</html>

 

 

[mattal999]

Firstly, Always put your code in [ code ] tags (without spaces).

 

Secondly, this should be changed:

 

//This is our limit file type condition 
if (strtolower(strlen($_FILES['uploaded']['type'], 4)) !== ".mp3" || strtolower(strlen($_FILES['uploaded']['type'], 4)) !== ".jpg") 
{ 
echo "Only MP3 and JPG files allowed!<br>"; 
$ok=0; 
} 

 

 

[Cosizzle]

try implementing this...

 

<?php
if ((($_FILES["file"]["type"] == "audio/mpeg")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Error: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Stored in: " . $_FILES["file"]["tmp_name"];
    }
  }
else
  {
  echo "Invalid file";
  }
?>

[Tony187uk]

Cheers mattal999,

 

I attempted your solution but it came up with the following error on when i tried to upload a file

 

Wrong parameter count for strlen() in C:\webs\test\upload.php on line 15

Only MP3 and JPG files allowed!

 

any ideas on how to correct this?? thanks

[mattal999]

Firstly, Always put your code in [ code ] tags (without spaces).

 

Secondly, this should be changed:

 

//This is our limit file type condition 
if ($_FILES['uploaded']['type'] == "audio/mpeg" || $_FILES['uploaded']['type'] == "image/jpeg" || $_FILES['uploaded']['type'] == "image/pjpeg") 
} else {
echo "Only MP3 and JPG files allowed!<br>"; 
$ok=0; 
} 

 

Change it to the above.

[Tony187uk]

Thanks Mattal999,

 

I tried your coding again but received the following error:

Parse error: parse error in C:\webs\test\upload.php on line 16.

If you could look at my code and perhaps see were im going wrong or if you have any other suggestions would be appreciated.

 

Thanx

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php 
$target = "C:/webs/test/upload/"; 
$target = $target . basename( $_FILES['uploaded']['name']) ; 
$ok=1; 

//This is our limit file type condition 
if ($_FILES['uploaded']['type'] == "audio/mpeg" || $_FILES['uploaded']['type'] == "image/jpeg" || $_FILES['uploaded']['type'] == "image/pjpeg") 
} else {
echo "Only MP3 and JPG files allowed!<br>"; 
$ok=0; 
}


//If everything is ok we try to upload it 
else 
{ 
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
{ 
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; 
} 
else 
{ 
echo "Sorry, there was a problem uploading your file."; 
} 
} 
?>

?>
</body>
</html>

 

 

[mattal999]

Try this:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php 
$target = "C:/webs/test/upload/"; 
$target = $target . basename( $_FILES['uploaded']['name']) ; 
$ok=1; 

//This is our limit file type condition 
if ($_FILES['uploaded']['type'] == "audio/mpeg" || $_FILES['uploaded']['type'] == "image/jpeg" || $_FILES['uploaded']['type'] == "image/pjpeg") 
} else {
echo "Only MP3 and JPG files allowed!<br>"; 
$ok=0; 
}

//If everything is ok we try to upload it 
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
{ 
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; 
} 
else 
{ 
echo "Sorry, there was a problem uploading your file."; 
} 

?>

?>
</body>
</html>

[Tony187uk]

Mattal999

 

It still is coming up with a pharse error on line 16...if i remove the }else { statement you put it again allows me to upload any type of file!!!

 

Why is this not working!!

 

Any other ideas

 

Cheers

[mattal999]

Oops! Silly me! I forgot a {. Code is below.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<?php 
$target = "C:/webs/test/upload/"; 
$target = $target . basename( $_FILES['uploaded']['name']) ; 
$ok=1; 

//This is our limit file type condition 
if ($_FILES['uploaded']['type'] == "audio/mpeg" || $_FILES['uploaded']['type'] == "image/jpeg" || $_FILES['uploaded']['type'] == "image/pjpeg") { //Forgot the opening curly bracket here...
} else {
echo "Only MP3 and JPG files allowed!<br>"; 
$ok=0; 
}

//If everything is ok we try to upload it 
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
{ 
echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; 
} 
else 
{ 
echo "Sorry, there was a problem uploading your file."; 
} 

?>

?>
</body>
</html>

 

My bad.

[Tony187uk]

Mattal999

 

The coding working fine this time but the restrictions are not doing anything.....am really puzzeled mate there still letting upload all types of files!!!

 

Any more advice??

[cringe]

Chech the value of $ok.

 

if($ok && move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 

[mattal999]

Yeah, sorry about that. Seems the checking part of the code was missed out...

 

Do what cringe said, but do this:

 

if($ok == 1 && move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {

[Tony187uk]

Cheers guys thats seemed to have solved the problem!!! Thank GOD!!! MUCH APPRECIATED!!

[citricsquid]

As an extra layer of 'security', you're best setting up .htaccess to disallow anything but mp3 and image files from being executed from that directory. That way, if someone does get past your validation check - mime type can be spoofed - even if they upload a php file, it won't execute because it's blocked.