Jump to content


Photo

Upload Script - File Type Filter - HELP!!!!!!


  • Please log in to reply
17 replies to this topic

#1 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 03 September 2006 - 09:16 PM

i have a PHP upload script, that very much works, but it dosn't filter any file types out. i want to be able to block certain file types. or if thats not possible, then just specify which file types. but i'd be much better if i could block. anyway, here is my code:
http://www.csscobalt...large/code1.txt


#2 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 03 September 2006 - 10:10 PM

You can get the file ext like so

$file_ext = substr($_FILES['ufile']['name'], strrpos($_FILES['ufile']['name'], '.')+1); // get the file extension, like .gif, .jpg etc..

(Assuming your name of the file field is ufile)

with this you can make an array of Unwanted upload extensions
and run a check


Tell me the problem, I will try tell you the solution

#3 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 03 September 2006 - 10:32 PM

:P  can u plz say that in a form i can understand? i didn't quite get that.

i wana filter:
.php .exe .js .html .xml

#4 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 03 September 2006 - 10:51 PM

the form
<form method='post' action=''>
<input type='file' name='ufile' /><br />
<input type='submit' value='Upload File' />
</form>
Note htat the name is ufile, thats what I meant

now the code

<?php
if($_FILES["ufile"]){
$disallowed_ext = array("php","exe","js","html","xml");
num_disallowed = count($disallowed_ext);

$file_ext = substr($_FILES["ufile"]["name"], strpos($_FILES["ufile"]["name"], ".") +1)
$file_ext = strtolower($file_ext);
$upload_file = true;

for($i = 0; $i < $num_disallowed; $num ++){
if($file_ext == $disallowed_ext[$i]){
$upload_file = false;
}
}

if($upload_file == true){
//upload file script
}else{
echo "The file is an invalid file type";
}

}

?>

Any problems, let us know
NOTE: its 1am for me, I am tired, sorry if there are minor errors in that code
Tell me the problem, I will try tell you the solution

#5 ronverdonk

ronverdonk
  • Members
  • PipPipPip
  • Advanced Member
  • 277 posts
  • LocationNetherlands

Posted 03 September 2006 - 11:00 PM

/**
 * Establish extension of passed file. Return true when allowed.
 *
 */
function checkExt($filename) {
	$regs = array();
	$allowed = array('php','exe','js','html','xml');     // the allowed file types
$filename=strtolower($filename);                     // set filename in lower case
ereg( ".*\.([a-zA-z0-9]{0,5})$", $filename, $regs ); // check file extension
$f_ext = $regs[1];                                   // save file extension
	if (in_array($f_ext, allowed))                 // extension allowed:
	   return true;                           
	else                                                 // extension NOT allowed
	   return false;
}

Ronald  8)
RTFM is an almost extinct art form, it should be subsidized.

#6 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 03 September 2006 - 11:17 PM

ronald, where do i put that code? where do i insert it in my old code?

and onlyican, thanks for doin it  ;D i appreciate it

but when you go to the HTML form and try to upload something it basically just refreshes the page...nothing  realy happens. and i checked on FTP, nothing was uploaded. also...are they uploaded to a specific folder? if so, whats the name? and should this code be part of my old code? if so, where should i insert it?

#7 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 03 September 2006 - 11:29 PM

Except that script checks for allowed,
He wants Not Allowed.
Same thing, u just check for false, rather than true

The reason the form returns blank is because I set action to blank
which means it loads that page

All of that code on one page, and it should work
Tell me the problem, I will try tell you the solution

#8 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 03 September 2006 - 11:43 PM

ok on the HTML doc, i set the action to my PHP script:
<form method='post' action='upload.php'>

and i put ur exact code on 1 php page, but it still won't work. but i ask again, what folder does this upload to?

btw if u wana c my php code here it is:
http://www.csscobalt...large/code2.txt

and if u wana try it out, here is a demo:
http://csscobalt.com/17/index.html

#9 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 03 September 2006 - 11:51 PM

it dont
NOTE
if($upload_file == true){
//upload file script
}else{
echo "The file is an invalid file type";
}
Add your upload script where the
//upload file script
is

Tell me the problem, I will try tell you the solution

#10 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 03 September 2006 - 11:55 PM

oh so i should add all my original code in there? ok sw33t thanks i'l try that.

#11 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 04 September 2006 - 12:25 AM

ok the same thing happens :( i inserted my old code EXACTLY where u said... but still nothing happens. here is my full code if u wana look:

http://www.csscobalt...large/code3.txt

#12 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 04 September 2006 - 12:30 AM

NOTE:
You are using
$_FILES["ufile"]
AND
$_FILES["uploadedfile"];

The first bit after FILES should be what is in your form

<input type='file' name='THIS_BIT_HERE' />
Tell me the problem, I will try tell you the solution

#13 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 04 September 2006 - 12:41 AM

ok so since i had this:
<input type='file' name='ufile' /><br />

i renamed all the:
$_FILES["uploadedfile"]
to
$_FILES["ufile"]

but still the same thing happens. here is my new code:
http://www.csscobalt...large/code4.txt

:P

#14 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 04 September 2006 - 03:04 AM

plz help?  ??? ??? ???

#15 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 05 September 2006 - 01:13 AM

please?

#16 Gregg

Gregg
  • Members
  • PipPipPip
  • Advanced Member
  • 61 posts
  • LocationUSA

Posted 05 September 2006 - 01:30 AM

Do you still need help with this,i can make you a working upload script and mail it to you.

#17 JustinMs66@hotmail.com

JustinMs66@hotmail.com
  • Members
  • PipPipPip
  • Advanced Member
  • 138 posts

Posted 05 September 2006 - 02:49 AM

yea i hella need help with this. and yea, that would be awesome if u could make me an upload script. i just need all uploads to upload to a "upload" folder, and i need these file types banned from uploading:
.php .exe .js .html .xml .htm .css .jsp .asp .vbs .cf
and also if it dosn't HAVE a file extention, i need that to be banned too.

#18 Gregg

Gregg
  • Members
  • PipPipPip
  • Advanced Member
  • 61 posts
  • LocationUSA

Posted 05 September 2006 - 03:05 AM

PREVIEW YOUR UPLOAD SCRIPT HERE
I all ready made it,yeah i included a "Ban" function for you.
It allows only the files you want and places in folder securly!
If you want me to match it to your php give me the link ok.
You dont need to edit anything just upload them and "777"

OPTIONS:
**********************************************
Upload up to 10 files, with no interupt!!
If one file fails it will still uplod the others..
Ban files and ections..
Ban users who upload bad content!!
By IP
By Userid
Change thetheme & style
Secure Transfer!!
View Uploaded Files
Diffrent Catogorys!
***********************************************

Mail me at my site, and i will mail it to you ok.
Mail Me Here

If you need live help just find me in my chat room or LIVE SUPPORT!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users