Jump to content

Archived

This topic is now archived and is closed to further replies.

JustinMs66@hotmail.com

Upload Script - File Type Filter - HELP!!!!!!

Recommended Posts

i have a PHP upload script, that very much works, but it dosn't filter any file types out. i want to be able to block certain file types. or if thats not possible, then just specify which file types. but i'd be much better if i could block. anyway, here is my code:
[url=http://www.csscobalt.com/large/code1.txt]http://www.csscobalt.com/large/code1.txt[/url]

Share this post


Link to post
Share on other sites
You can get the file ext like so

$file_ext = substr($_FILES['ufile']['name'], strrpos($_FILES['ufile']['name'], '.')+1); // get the file extension, like .gif, .jpg etc..

(Assuming your name of the file field is ufile)

with this you can make an array of Unwanted upload extensions
and run a check

Share this post


Link to post
Share on other sites
the form
[code]
<form method='post' action=''>
<input type='file' name='ufile' /><br />
<input type='submit' value='Upload File' />
</form>
[/code]
Note htat the name is ufile, thats what I meant

now the code

[code]
<?php
if($_FILES["ufile"]){
$disallowed_ext = array("php","exe","js","html","xml");
num_disallowed = count($disallowed_ext);

$file_ext = substr($_FILES["ufile"]["name"], strpos($_FILES["ufile"]["name"], ".") +1)
$file_ext = strtolower($file_ext);
$upload_file = true;

for($i = 0; $i < $num_disallowed; $num ++){
if($file_ext == $disallowed_ext[$i]){
$upload_file = false;
}
}

if($upload_file == true){
//upload file script
}else{
echo "The file is an invalid file type";
}

}

?>
[/code]

Any problems, let us know
NOTE: its 1am for me, I am tired, sorry if there are minor errors in that code

Share this post


Link to post
Share on other sites
[code]/**
* Establish extension of passed file. Return true when allowed.
*
*/
function checkExt($filename) {
$regs = array();
$allowed = array('php','exe','js','html','xml');    // the allowed file types
$filename=strtolower($filename);                    // set filename in lower case
ereg( ".*\.([a-zA-z0-9]{0,5})$", $filename, $regs ); // check file extension
$f_ext = $regs[1];                                  // save file extension
if (in_array($f_ext, allowed))                // extension allowed:
  return true;                         
else                                                // extension NOT allowed
  return false;
}[/code]

Ronald  8)

Share this post


Link to post
Share on other sites
ronald, where do i put that code? where do i insert it in my old code?

and onlyican, thanks for doin it  ;D i appreciate it

but when you go to the HTML form and try to upload something it basically just refreshes the page...nothing  realy happens. and i checked on FTP, nothing was uploaded. also...are they uploaded to a specific folder? if so, whats the name? and should this code be part of my old code? if so, where should i insert it?

Share this post


Link to post
Share on other sites
Except that script checks for allowed,
He wants Not Allowed.
Same thing, u just check for false, rather than true

The reason the form returns blank is because I set action to blank
which means it loads that page

All of that code on one page, and it should work

Share this post


Link to post
Share on other sites
ok on the HTML doc, i set the action to my PHP script:
<form method='post' action='[b]upload.php[/b]'>

and i put ur exact code on 1 php page, but it still won't work. but i ask again, what folder does this upload to?

btw if u wana c my php code here it is:
[url=http://www.csscobalt.com/large/code2.txt]http://www.csscobalt.com/large/code2.txt[/url]

and if u wana try it out, here is a demo:
[url=http://csscobalt.com/17/index.html]http://csscobalt.com/17/index.html[/url]

Share this post


Link to post
Share on other sites
it dont
NOTE
if($upload_file == true){
//upload file script
}else{
echo "The file is an invalid file type";
}
Add your upload script where the
//upload file script
is

Share this post


Link to post
Share on other sites
ok the same thing happens :( i inserted my old code EXACTLY where u said... but still nothing happens. here is my full code if u wana look:

[url=http://www.csscobalt.com/large/code3.txt]http://www.csscobalt.com/large/code3.txt[/url]

Share this post


Link to post
Share on other sites
NOTE:
You are using
$_FILES["ufile"]
AND
$_FILES["uploadedfile"];

The first bit after FILES should be what is in your form

<input type='file' name='THIS_BIT_HERE' />

Share this post


Link to post
Share on other sites
ok so since i had this:
<input type='file' name='[b]ufile'[/b] /><br />

i renamed all the:
$_FILES["uploadedfile"]
to
$_FILES["ufile"]

but still the same thing happens. here is my new code:
http://www.csscobalt.com/large/code4.txt

:P

Share this post


Link to post
Share on other sites
Do you still need help with this,i can make you a working upload script and mail it to you.

Share this post


Link to post
Share on other sites
yea i hella need help with this. and yea, that would be awesome if u could make me an upload script. i just need all uploads to upload to a "upload" folder, and i need these file types banned from uploading:
.php .exe .js .html .xml .htm .css .jsp .asp .vbs .cf
and also if it dosn't HAVE a file extention, i need that to be banned too.

Share this post


Link to post
Share on other sites
[url=http://darkwaterstudio.net/TestUpload/upload.php]PREVIEW YOUR UPLOAD SCRIPT HERE[/url]
I all ready made it,yeah i included a "Ban" function for you.
It allows only the files you want and places in folder securly!
If you want me to match it to your php give me the link ok.
You dont need to edit anything just upload them and "777"

OPTIONS:
**********************************************
Upload up to 10 files, with no interupt!!
If one file fails it will still uplod the others..
Ban files and ections..
Ban users who upload bad content!!
By IP
By Userid
Change thetheme & style
Secure Transfer!!
View Uploaded Files
Diffrent Catogorys!
***********************************************

Mail me at my site, and i will mail it to you ok.
[url=http://darkwaterstudio.net/datingsite/contactus.php]Mail Me Here[/url]

If you need live help just find me in my chat room or [url=http://darkwaterstudio.net/datingsite/Whos_Online(FreeView).php]LIVE SUPPORT[/url]!

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.