squiblo Posted August 3, 2009 Share Posted August 3, 2009 could anyone edit/modify this so that only images can be uploaded (.jpg .jpeg .gif .png) and it rejects any other type of file such as .exe .wmv .flv and so on <?php session_start(); include("checklogin.php"); $_SESSION['myusername']; $username = $_SESSION['myusername']; if ($_POST['submit']) { //get file attributes $name = $_FILES['myfile']['name']; $tmp_name = $_FILES['myfile']['tmp_name']; if ($name) { //start upload process $location = "./profileimages/$name"; move_uploaded_file($tmp_name,$location); $query = mysql_query("UPDATE members SET imagelocation='$location' WHERE username='$username'") or die(mysql_error()); die("Your profile picture have been upload! <a href='profile.php'>Profile</a>"); } else die("Please select a file!"); } echo "Welcome, ".ucwords(strtolower($_SESSION['myusername']))."!<p>"; echo "Upload your image: <form action='upload.php' method='POST' enctype='multipart/form-data'> File: <input type='file' name='myfile'> <input type='submit' name='submit' value='Upload'> </form> "; ?> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 3, 2009 Share Posted August 3, 2009 Next time do some research please. I put the files extension in a var $ext and used the in_array which checks an array of allowed file types to see if theres a match between the file type and the array haystack. <?php session_start(); include("checklogin.php"); $_SESSION['myusername']; $username = $_SESSION['myusername']; if ($_POST['submit']) { //get file attributes $name = $_FILES['myfile']['name']; $tmp_name = $_FILES['myfile']['tmp_name']; $ext = substr($name, strrpos($name, '.') + 1); $allowed_types = array('.jpg', '.jpeg', '.gif', '.png'); if(!in_array($_FILES['myfile']['type'],$allowed_types)){ die("wrong file type"); }elseif ($name) { //start upload process $location = "./profileimages/$name"; move_uploaded_file($tmp_name,$location); $query = mysql_query("UPDATE members SET imagelocation='$location' WHERE username='$username'") or die(mysql_error()); die("Your profile picture have been upload! <a href='profile.php'>Profile</a>"); }else{ die("Please select a file!"); } } echo "Welcome, ".ucwords(strtolower($_SESSION['myusername']))."!<p>"; echo "Upload your image: <form action='upload.php' method='POST' enctype='multipart/form-data'> File: <input type='file' name='myfile'> <input type='submit' name='submit' value='Upload'> </form> "; ?> Quote Link to comment Share on other sites More sharing options...
RichardRotterdam Posted August 3, 2009 Share Posted August 3, 2009 There was a similar topic not so long ago, it might be usefull to you. http://www.phpfreaks.com/forums/index.php/topic,262800.msg1238113.html#msg1238113 You might also want to do a search on this forum I'm this issue has been discussed many times. Quote Link to comment Share on other sites More sharing options...
Mardoxx Posted August 3, 2009 Share Posted August 3, 2009 if(!in_array($_FILES['myfile']['type'],$allowed_types)){ shouldn't that be if(!in_array($ext,$allowed_types)){ Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 3, 2009 Author Share Posted August 3, 2009 ive just tried to upload a .jpg image but it still echoed "wrong file type" Quote Link to comment Share on other sites More sharing options...
Mardoxx Posted August 3, 2009 Share Posted August 3, 2009 if(!in_array($_FILES['myfile']['type'],$allowed_types)){ shouldn't that be if(!in_array($ext,$allowed_types)){ ^^^^^^ Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 3, 2009 Author Share Posted August 3, 2009 why is it saying "wrong" file type when i try to upload a .jpg image? ive tried both if statements Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 3, 2009 Share Posted August 3, 2009 if(!in_array($_FILES['myfile']['type'],$allowed_types)){ shouldn't that be if(!in_array($ext,$allowed_types)){ ^^^^^^ ^^^^^^ lol Sorry guys, I have made stupid mistakes in the past 3-4 threads, i havnt slept in 27 hours... Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 3, 2009 Author Share Posted August 3, 2009 its always giving "wrong file type" no matter what the file type is Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 3, 2009 Author Share Posted August 3, 2009 <?php session_start(); include("checklogin.php"); $_SESSION['myusername']; $username = $_SESSION['myusername']; if ($_POST['submit']) { //get file attributes $name = $_FILES['myfile']['name']; $tmp_name = $_FILES['myfile']['tmp_name']; $ext = substr($name, strrpos($name, '.') + 1); $allowed_types = array('.jpg', '.jpeg', '.gif', '.png'); if(!in_array($ext,$allowed_types)){ die("wrong file type"); }elseif ($name) { //start upload process $location = "./profileimages/$name"; move_uploaded_file($tmp_name,$location); $query = mysql_query("UPDATE members SET imagelocation='$location' WHERE username='$username'") or die(mysql_error()); die("Your profile picture have been upload! <a href='profile.php'>Profile</a>"); }else{ die("Please select a file!"); } } echo "Welcome, ".ucwords(strtolower($_SESSION['myusername']))."!<p>"; echo "Upload your image: <form action='upload.php' method='POST' enctype='multipart/form-data'> File: <input type='file' name='myfile'> <input type='submit' name='submit' value='Upload'> </form> "; ?> Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 3, 2009 Author Share Posted August 3, 2009 i dont understand it, everything looks correct Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 3, 2009 Share Posted August 3, 2009 Echo the actual value being tested ($ext) and you will see why the code is wrong (which is how you would troubleshoot any logic test or comparison that is not working as expected.) Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 3, 2009 Share Posted August 3, 2009 print $ext Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 3, 2009 Author Share Posted August 3, 2009 i echoed $ext when trying to upload a .jpg image and it gave "jpg" Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 3, 2009 Share Posted August 3, 2009 change $allowed_types = array('.jpg', '.jpeg', '.gif', '.png'); to $allowed_types = array('jpg', '.peg', 'gif', 'png'); Quote Link to comment Share on other sites More sharing options...
squiblo Posted August 3, 2009 Author Share Posted August 3, 2009 that works perfect thank you Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 3, 2009 Share Posted August 3, 2009 that works perfect thank you mark as solved. It was something in the substr that was wrong, I am so tired cant fix now, You will do just fine with that. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.