Jump to content

Recommended Posts

Question 1)

 

hey, I was working on an upload script for uploading *.rar and *.zip files

first I created the script without any restrictions, and that worked great

 

the I wanted to add the restrictions, that he can only upload *.rar and *.zip

 

 

That didn't work out for me

I used this code:

<?php
if (($_FILES["file"]["type"] == "file/zip")
|| ($_FILES["file"]["type"] == "file/rar"))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Error: " . $_FILES["file"]["error"] . "<br />";
    } else {
// upload script
}
} else
{
echo "File is invalid.";
}
?> 

 


question 2)

 

I have a shoutbox and I wanted to count how many post someone makes

the default value is 0

and for every post he makes I want to count the value with +1

it's just that the count doesn't work, I used this code:

<?php 
// een deel code
$post = $gegeven->sb_post + '1';
// meer code
?>

What am I doing rong?

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/
Share on other sites

From my experience the value in the "type" section of the array is far from accurate with regards to comparing it in the manner you have. For some reason, which I'm sure theres an explanation for, a file doesn't always have the correct type associated with it. A work around could be to check what the file extention of the filename is using the string functions or regex.

 

This obviously this isn't a perfect solution as somebody can change a file extension. No doubt somebody has a better idea, but since you seemed to be in a hurry I thought I'd share what I know.

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930088
Share on other sites

From my experience the value in the "type" section of the array is far from accurate with regards to comparing it in the manner you have. For some reason, which I'm sure theres an explanation for, a file doesn't always have the correct type associated with it. A work around could be to check what the file extention of the filename is using the string functions or regex.

 

This obviously this isn't a perfect solution as somebody can change a file extension. No doubt somebody has a better idea, but since you seemed to be in a hurry I thought I'd share what I know.

first, yea I'm in a hurry

 

thc for the reply

 

my english isn't that good, but if I understand you right,

your telling me that I have to search for the right extensions, for in the script?

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930089
Share on other sites

The mime types for .zip and .rar can be -

 

'application/x-rar-compressed' for rar

application/x-zip-compressed' for zip

'application/zip' for zip

 

Unfortunately, different browsers send different values for the same file, so you need to test for all those. It is best to put the accepted values into an array and use in_array to test what was received against the values.

 

I know you probably got that upload code at w3schools.com, but it is WRONG and you need to fix it. When they added the ['type'] test to the example they were developing, they added it before the test of the uploaded ['error'] element. The ['error'] element must be tested first because several of the upload errors won't set the ['type'] element, so that code will report an invalid file type when in fact an upload error occurred and the code to test for and display which upload error occurred will never be executed.

 

The code to display the result of testing the ['type'] should also display the value that failed the test so that you can see exactly what it is (some browsers send different mime types for the same file.)

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930093
Share on other sites

The mime types for .zip and .rar can be -

 

'application/x-rar-compressed' for rar

application/x-zip-compressed' for zip

'application/zip' for zip

 

Unfortunately, different browsers send different values for the same file, so you need to test for all those. It is best to put the accepted values into an array and use in_array to test what was received against the values.

 

I know you probably got that upload code at w3schools.com, but it is WRONG and you need to fix it. When they added the ['type'] test to the example they were developing, they added it before the test of the uploaded ['error'] element. The ['error'] element must be tested first because several of the upload errors won't set the ['type'] element, so that code will report an invalid file type when in fact an upload error occurred and the code to test for and display which upload error occurred will never be executed.

 

The code to display the result of testing the ['type'] should also display the value that failed the test so that you can see exactly what it is (some browsers send different mime types for the same file.)

 

I didn't get it from w3schools, but I figured it out that the person where I got it from got it from w3schools, I'm going to change my script now, I'll post what I get

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930094
Share on other sites

You need to validate everything possible about the uploaded file if you want your script to be safe. You must test the ['type'] and the file extension and if possible validate that the actual contents in the file matches what the type and extension indicates. You must also put uploaded files into a folder that either has the php language engine disabled or prevents direct http/https request to those files.

 

See the following thread for an example of what can happen when you don't do everything possible to secure what is uploaded and where it gets put on your server - http://www.phpfreaks.com/forums/index.php/topic,270592.0.html

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930095
Share on other sites

OK, I've added to my code, placed the error in first,

 

now I have this, but it still says: invalid file

 

fulll script

<?php
if ($_FILES["file"]["error"] > 0)
    {
	echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
	}
  else
	{
		if (($_FILES["file"]["type"] == "application/x-rar-compressed")
		|| ($_FILES["file"]["type"] == "application/x-zip-compressed")
		|| ($_FILES["file"]["type"] == "apllication/zip"))
		  {

			$dll_source = $_FILES["file"]["name"];
			$dll_type = $_FILES["file"]["type"];
			$dll_comment = $_POST["comment"];
			$dll_file_name = $_POST["name"];

			include ('mysql.php');
			$sql= mysql_query ("
							   INSERT INTO download (source, name, type, comment) 
							   VALUES ('$dll_source', '$dll_file_name', '$dll_type', '$dll_comment')");
			header("refresh: 0; index.php?site=downloads");
		   if (file_exists("dll/" . $_FILES["file"]["name"]))
			  {
			 	 echo $_FILES["file"]["name"] . " already exists. ";
			  }
			else
			  {
				  move_uploaded_file($_FILES["file"]["tmp_name"],
				  "dll/" . $_FILES["file"]["name"]);
				  echo "Stored in: " . "dll/" . $_FILES["file"]["name"];
			  }

		} else {
			  echo "Invalid file";
}
}
  
?> 

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930096
Share on other sites

The code to display the result of testing the ['type'] should also display the value that failed the test so that you can see exactly what it is

If you don't display the value that is failing, you will never find out why your test is failing.

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930101
Share on other sites

The code to display the result of testing the ['type'] should also display the value that failed the test so that you can see exactly what it is

If you don't display the value that is failing, you will never find out why your test is failing.

 

how do you mean?

I get the error, invailid file

Link to comment
https://forums.phpfreaks.com/topic/176442-some-questions/#findComment-930103
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.