JustinMs66@hotmail.com Posted September 3, 2006 Share Posted September 3, 2006 i have a PHP upload script, that very much works, but it dosn't filter any file types out. i want to be able to block certain file types. or if thats not possible, then just specify which file types. but i'd be much better if i could block. anyway, here is my code:[url=http://www.csscobalt.com/large/code1.txt]http://www.csscobalt.com/large/code1.txt[/url] Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 3, 2006 Share Posted September 3, 2006 You can get the file ext like so$file_ext = substr($_FILES['ufile']['name'], strrpos($_FILES['ufile']['name'], '.')+1); // get the file extension, like .gif, .jpg etc..(Assuming your name of the file field is ufile)with this you can make an array of Unwanted upload extensionsand run a check Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 3, 2006 Author Share Posted September 3, 2006 :P can u plz say that in a form i can understand? i didn't quite get that.i wana filter:.php .exe .js .html .xml Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 3, 2006 Share Posted September 3, 2006 the form[code]<form method='post' action=''><input type='file' name='ufile' /><br /><input type='submit' value='Upload File' /></form>[/code]Note htat the name is ufile, thats what I meantnow the code[code]<?phpif($_FILES["ufile"]){$disallowed_ext = array("php","exe","js","html","xml");num_disallowed = count($disallowed_ext);$file_ext = substr($_FILES["ufile"]["name"], strpos($_FILES["ufile"]["name"], ".") +1)$file_ext = strtolower($file_ext);$upload_file = true;for($i = 0; $i < $num_disallowed; $num ++){if($file_ext == $disallowed_ext[$i]){$upload_file = false;}}if($upload_file == true){//upload file script}else{echo "The file is an invalid file type";}}?>[/code]Any problems, let us knowNOTE: its 1am for me, I am tired, sorry if there are minor errors in that code Quote Link to comment Share on other sites More sharing options...
ronverdonk Posted September 3, 2006 Share Posted September 3, 2006 [code]/** * Establish extension of passed file. Return true when allowed. * */function checkExt($filename) { $regs = array(); $allowed = array('php','exe','js','html','xml'); // the allowed file types$filename=strtolower($filename); // set filename in lower caseereg( ".*\.([a-zA-z0-9]{0,5})$", $filename, $regs ); // check file extension$f_ext = $regs[1]; // save file extension if (in_array($f_ext, allowed)) // extension allowed: return true; else // extension NOT allowed return false;}[/code]Ronald 8) Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 3, 2006 Author Share Posted September 3, 2006 ronald, where do i put that code? where do i insert it in my old code?and onlyican, thanks for doin it ;D i appreciate itbut when you go to the HTML form and try to upload something it basically just refreshes the page...nothing realy happens. and i checked on FTP, nothing was uploaded. also...are they uploaded to a specific folder? if so, whats the name? and should this code be part of my old code? if so, where should i insert it? Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 3, 2006 Share Posted September 3, 2006 Except that script checks for allowed,He wants Not Allowed.Same thing, u just check for false, rather than trueThe reason the form returns blank is because I set action to blankwhich means it loads that pageAll of that code on one page, and it should work Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 3, 2006 Author Share Posted September 3, 2006 ok on the HTML doc, i set the action to my PHP script:<form method='post' action='[b]upload.php[/b]'>and i put ur exact code on 1 php page, but it still won't work. but i ask again, what folder does this upload to?btw if u wana c my php code here it is:[url=http://www.csscobalt.com/large/code2.txt]http://www.csscobalt.com/large/code2.txt[/url]and if u wana try it out, here is a demo:[url=http://csscobalt.com/17/index.html]http://csscobalt.com/17/index.html[/url] Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 3, 2006 Share Posted September 3, 2006 it dontNOTEif($upload_file == true){//upload file script}else{echo "The file is an invalid file type";}Add your upload script where the//upload file scriptis Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 3, 2006 Author Share Posted September 3, 2006 oh so i should add all my original code in there? ok sw33t thanks i'l try that. Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 4, 2006 Author Share Posted September 4, 2006 ok the same thing happens :( i inserted my old code EXACTLY where u said... but still nothing happens. here is my full code if u wana look:[url=http://www.csscobalt.com/large/code3.txt]http://www.csscobalt.com/large/code3.txt[/url] Quote Link to comment Share on other sites More sharing options...
onlyican Posted September 4, 2006 Share Posted September 4, 2006 NOTE:You are using $_FILES["ufile"]AND$_FILES["uploadedfile"];The first bit after FILES should be what is in your form<input type='file' name='THIS_BIT_HERE' /> Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 4, 2006 Author Share Posted September 4, 2006 ok so since i had this:<input type='file' name='[b]ufile'[/b] /><br />i renamed all the:$_FILES["uploadedfile"]to$_FILES["ufile"]but still the same thing happens. here is my new code:http://www.csscobalt.com/large/code4.txt :P Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 4, 2006 Author Share Posted September 4, 2006 plz help? ??? ??? ??? Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 5, 2006 Author Share Posted September 5, 2006 please? Quote Link to comment Share on other sites More sharing options...
Gregg Posted September 5, 2006 Share Posted September 5, 2006 Do you still need help with this,i can make you a working upload script and mail it to you. Quote Link to comment Share on other sites More sharing options...
JustinMs66@hotmail.com Posted September 5, 2006 Author Share Posted September 5, 2006 yea i hella need help with this. and yea, that would be awesome if u could make me an upload script. i just need all uploads to upload to a "upload" folder, and i need these file types banned from uploading:.php .exe .js .html .xml .htm .css .jsp .asp .vbs .cfand also if it dosn't HAVE a file extention, i need that to be banned too. Quote Link to comment Share on other sites More sharing options...
Gregg Posted September 5, 2006 Share Posted September 5, 2006 [url=http://darkwaterstudio.net/TestUpload/upload.php]PREVIEW YOUR UPLOAD SCRIPT HERE[/url]I all ready made it,yeah i included a "Ban" function for you.It allows only the files you want and places in folder securly!If you want me to match it to your php give me the link ok.You dont need to edit anything just upload them and "777"OPTIONS:**********************************************Upload up to 10 files, with no interupt!!If one file fails it will still uplod the others..Ban files and ections..Ban users who upload bad content!!By IPBy UseridChange thetheme & styleSecure Transfer!!View Uploaded FilesDiffrent Catogorys!***********************************************Mail me at my site, and i will mail it to you ok.[url=http://darkwaterstudio.net/datingsite/contactus.php]Mail Me Here[/url]If you need live help just find me in my chat room or [url=http://darkwaterstudio.net/datingsite/Whos_Online(FreeView).php]LIVE SUPPORT[/url]! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.