Jump to content

Need help verifying uploads, images...

Javrixx

By Javrixx
in PHP Coding Help

 Share

Recommended Posts

Javrixx Newbie

Javrixx

Posted
Posted
I've been searching for 3 days and can't find the answer. Either the code I put in doesn't work or I'm a moron. I am pretty new to PHP, so that could be a major issue. What I have setup is a page where people can upload images. This works just fine, the script as of right now works perfect, no problems.

But after reading around, I found people can just rename a .php or some other file to just a .jpg or .gif, upload it, and then execute it... I do not want this to happen!

So the solution everyone is talking about is using one of two codes to verify the file is actually an image that is being uploaded.

getimagesize() and exif_imagetype() are the two codes. I can't get either to work. I'm just learning PHP for the first time, so I'm very unfamiliar with it. What I need to know is... what code do I use and where do I put it in my script so it will verify the file is really an image. I don't care which one is used. The exif is supposed to be faster, but I don't really care.

Below is my script. Thanks!


[code]
<?
$num_of_uploads=1;
$file_types_array=array("jpg","gif");
$max_file_size=110000;
$upload_dir="images_public/";
function uploaderFILES($num_of_uploads=1, $file_types_array=array("jpg","gif"), $max_file_size=110000, $upload_dir="images_public/"){
  if(!is_numeric($max_file_size)){
  $max_file_size = 110000;
  }
  foreach($_FILES["file"]["error"] as $key => $value)
  {
    if($_FILES["file"]["name"][$key]!="")
    {
      if($value==UPLOAD_ERR_OK)
      {
        $origfilename = $_FILES["file"]["name"][$key];
        $filename = explode(".", $_FILES["file"]["name"][$key]);
        $filenameext = $filename[count($filename)-1];
        unset($filename[count($filename)-1]);
        $filename = implode(".", $filename);
        $filename = substr($filename, 0, 15).".".$filenameext;
        $file_ext_allow = FALSE;
if (file_exists('images_public/' . $filename)) {
  $tmpVar = 1;
  while(file_exists('images_public/' . $tmpVar . '-' . $filename)) {
  $tmpVar++;
  }
  $filename= $tmpVar . '-' . $filename;
  }     
        for($x=0;$x<count($file_types_array);$x++){
          if($filenameext==$file_types_array[$x])
          {
            $file_ext_allow = TRUE;
          }
        }
        if($file_ext_allow){
          if($_FILES["file"]["size"][$key]<$max_file_size){
            if(move_uploaded_file($_FILES["file"]["tmp_name"][$key], $upload_dir.$filename)){
              echo("<center>File uploaded successfully. Your image can be found at <a href='http://www.averageguysteve.com/".$upload_dir.$filename."' target='_blank'>http://www.averageguysteve.com/".$upload_dir.$filename."</a><br /><br /><br /><img src='".$upload_dir.$filename."' border='0' alt=''></center>");
            }
            else { echo('<center><font color="#FF0000">'.$origfilename."</font> was not successfully uploaded.<br /></center>");}
          }
          else  { echo('<center><font color="#FF0000">'.$origfilename."</font> was too big and was not uploaded. Max file size is 100k!<br /></center>"); }
        }
        else{ echo('<center><font color="#FF0000">'.$origfilename." </font>had an invalid file extension and was not uploaded. Valid file types are .jpg or .gif.<br /></center>");  }
      }
      else{ echo('<center><font color="#FF0000">'.$origfilename." </font>was not successfully uploaded.<br /></center>");  } // else
    }
  }
}

?>

<HTML>
<BODY>

  <FORM action='<?=$PHP_SELF;?>' method='post' enctype='multipart/form-data'>Upload file:<BR /><INPUT type='hidden' name='submitted' value='TRUE' id='<?=time();?>' >
  <INPUT type='hidden' name='MAX_FILE_SIZE' value='<?=$max_file_size;?>' >
<?  for($x=0;$x<$num_of_uploads;$x++){
    $form .= "<input type='file' name='file[]'><br />";
  }
  $form .= "<input type='submit' value='Upload'><br /><br />
  <font color='red'>*</font>Max file size is 100k.  Valid file types are .";
  for($x=0;$x<count($file_types_array);$x++){
    if($x<count($file_types_array)-1){
      $form .= $file_types_array[$x]." or .";
    }else{
      $form .= $file_types_array[$x].".";
    }
  }
  echo($form);
?>
  </FORM>
</BODY>
</HTML>

<?
if(isset($_POST["submitted"])){
  uploaderFILES($num_of_uploads, $file_types_array, $max_file_size, $upload_dir);
}
?>
[/code]
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.