Upload Script - File Type Filter - HELP!!!!!!

[[email protected]]

i have a PHP upload script, that very much works, but it dosn't filter any file types out. i want to be able to block certain file types. or if thats not possible, then just specify which file types. but i'd be much better if i could block. anyway, here is my code:
[url=http://www.csscobalt.com/large/code1.txt]http://www.csscobalt.com/large/code1.txt[/url]

[onlyican]

You can get the file ext like so

$file_ext = substr($_FILES['ufile']['name'], strrpos($_FILES['ufile']['name'], '.')+1); // get the file extension, like .gif, .jpg etc..

(Assuming your name of the file field is ufile)

with this you can make an array of Unwanted upload extensions
and run a check

[[email protected]]

:P  can u plz say that in a form i can understand? i didn't quite get that.

i wana filter:
.php .exe .js .html .xml

[onlyican]

the form
[code]
<form method='post' action=''>
<input type='file' name='ufile' /><br />
<input type='submit' value='Upload File' />
</form>
[/code]
Note htat the name is ufile, thats what I meant

now the code

[code]
<?php
if($_FILES["ufile"]){
$disallowed_ext = array("php","exe","js","html","xml");
num_disallowed = count($disallowed_ext);

$file_ext = substr($_FILES["ufile"]["name"], strpos($_FILES["ufile"]["name"], ".") +1)
$file_ext = strtolower($file_ext);
$upload_file = true;

for($i = 0; $i < $num_disallowed; $num ++){
if($file_ext == $disallowed_ext[$i]){
$upload_file = false;
}
}

if($upload_file == true){
//upload file script
}else{
echo "The file is an invalid file type";
}

}

?>
[/code]

Any problems, let us know
NOTE: its 1am for me, I am tired, sorry if there are minor errors in that code

[ronverdonk]

[code]/**
* Establish extension of passed file. Return true when allowed.
*
*/
function checkExt($filename) {
$regs = array();
$allowed = array('php','exe','js','html','xml');    // the allowed file types
$filename=strtolower($filename);                    // set filename in lower case
ereg( ".*\.([a-zA-z0-9]{0,5})$", $filename, $regs ); // check file extension
$f_ext = $regs[1];                                  // save file extension
if (in_array($f_ext, allowed))                // extension allowed:
  return true;                         
else                                                // extension NOT allowed
  return false;
}[/code]

Ronald  8)

[[email protected]]

ronald, where do i put that code? where do i insert it in my old code?

and onlyican, thanks for doin it  ;D i appreciate it

but when you go to the HTML form and try to upload something it basically just refreshes the page...nothing  realy happens. and i checked on FTP, nothing was uploaded. also...are they uploaded to a specific folder? if so, whats the name? and should this code be part of my old code? if so, where should i insert it?

[onlyican]

Except that script checks for allowed,
He wants Not Allowed.
Same thing, u just check for false, rather than true

The reason the form returns blank is because I set action to blank
which means it loads that page

All of that code on one page, and it should work

[[email protected]]

ok on the HTML doc, i set the action to my PHP script:
<form method='post' action='[b]upload.php[/b]'>

and i put ur exact code on 1 php page, but it still won't work. but i ask again, what folder does this upload to?

btw if u wana c my php code here it is:
[url=http://www.csscobalt.com/large/code2.txt]http://www.csscobalt.com/large/code2.txt[/url]

and if u wana try it out, here is a demo:
[url=http://csscobalt.com/17/index.html]http://csscobalt.com/17/index.html[/url]

[onlyican]

it dont
NOTE
if($upload_file == true){
//upload file script
}else{
echo "The file is an invalid file type";
}
Add your upload script where the
//upload file script
is

[[email protected]]

oh so i should add all my original code in there? ok sw33t thanks i'l try that.

[[email protected]]

ok the same thing happens :( i inserted my old code EXACTLY where u said... but still nothing happens. here is my full code if u wana look:

[url=http://www.csscobalt.com/large/code3.txt]http://www.csscobalt.com/large/code3.txt[/url]

[onlyican]

NOTE:
You are using
$_FILES["ufile"]
AND
$_FILES["uploadedfile"];

The first bit after FILES should be what is in your form

<input type='file' name='THIS_BIT_HERE' />

[[email protected]]

ok so since i had this:
<input type='file' name='[b]ufile'[/b] /><br />

i renamed all the:
$_FILES["uploadedfile"]
to
$_FILES["ufile"]

but still the same thing happens. here is my new code:
http://www.csscobalt.com/large/code4.txt

:P

[[email protected]]

plz help?  ??? ??? ???

[[email protected]]

please?

[Gregg]

Do you still need help with this,i can make you a working upload script and mail it to you.

[[email protected]]

yea i hella need help with this. and yea, that would be awesome if u could make me an upload script. i just need all uploads to upload to a "upload" folder, and i need these file types banned from uploading:
.php .exe .js .html .xml .htm .css .jsp .asp .vbs .cf
and also if it dosn't HAVE a file extention, i need that to be banned too.

[Gregg]

[url=http://darkwaterstudio.net/TestUpload/upload.php]PREVIEW YOUR UPLOAD SCRIPT HERE[/url]
I all ready made it,yeah i included a "Ban" function for you.
It allows only the files you want and places in folder securly!
If you want me to match it to your php give me the link ok.
You dont need to edit anything just upload them and "777"

OPTIONS:
**********************************************
Upload up to 10 files, with no interupt!!
If one file fails it will still uplod the others..
Ban files and ections..
Ban users who upload bad content!!
By IP
By Userid
Change thetheme & style
Secure Transfer!!
View Uploaded Files
Diffrent Catogorys!
***********************************************

Mail me at my site, and i will mail it to you ok.
[url=http://darkwaterstudio.net/datingsite/contactus.php]Mail Me Here[/url]

If you need live help just find me in my chat room or [url=http://darkwaterstudio.net/datingsite/Whos_Online(FreeView).php]LIVE SUPPORT[/url]!