Check if uploaded file is a valid type

[br3nn4n]

I'm simply trying to check if the uploaded file is a valid filetype. I'm allowing MP3, AIFF, WAV, and FLAC files - here's the function that checks if it's in that list:

 

function checkFiletype($file) {
$allowed = array("audio/mpeg", "audio/mp3", "audio/x-mp3", "audio/x-mpeg3", "audio/x-mpeg", "audio/wav", "audio/x-wav", "audio/x-flac", "audio/x-aiff", "audio/aiff");
for($i=0; $i<count($allowed); $i++) {
if($file == $allowed[$i]) {
  echo $allowed[$i] . " = " . $file;
  return true;
  break;
  } else {
  return false;
  }
  break;
}
}

 

Pretty straightforward I think - if the filetype passed ($file) matches one of those in the array, return true. Otherwise, return false. So then I have this part in my doUpload() function:

 

 

if(checkFiletype($filetype) == false) {
  echo "That's not a valid filetype, try again. Only WAV, MP3, AIFF, and FLAC files are allowed. The filetype of the file you submitted is " . $filetype;
  exit;
  } else {
  echo "Alright, that's a fine file to submit. The filetype is " . $filetype;
  exit; }

 

Now...as you might expect I wouldn't be on here if I didn't have a problem. It's echoing "That's not a valid filetype...." no matter if I upload a valid file or not. For instance:

 

That's not a valid filetype, try again. Only WAV, MP3, AIFF, and FLAC files are allowed. The filetype of the file you submitted is audio/mp3

 

So I'm confuzzled as to why it's not working; it seems to be coded correctly but I'm never perfect 

 

Any help?

[PFMaBiSmAd]

Your function is returning false on the first failed test. Unless the first entry in the array matches the value, you will always return a false value.

 

Your code will be simpler if you use the in_array() function, rather than looping through the array.

[br3nn4n]

Thank you so much, I knew there was an easier way but I thought I was only remembering is_array().

 

Here's my final code:

 

function checkFiletype($file) {
$allowed = array("audio/mpeg", "audio/mp3", "audio/x-mp3", "audio/x-mpeg3", "audio/x-mpeg", "audio/wav", "audio/x-wav", "audio/x-flac", "audio/x-aiff", "audio/aiff");
if(in_array($file,$allowed)) {
  return true;
  } else {
  return false;
  }
}

 

And the same for the output message above. It now works If someone can explain why in Chrome an mp3 comes in as "audio/mp3" but in Firefox it comes in as (the correct) "audio/mpeg" I'll be content. haha.

[sangoku]

that data that you are checking is sent by the client and can be VERY easy  misused and you can end up with a php file instead of a intended file... ALWAYS use the actual extention of the  file to perform the test.....ALWAYS.. even that is not 100% secure.

[oni-kun]

that data that you are checking is sent by the client and can be VERY easy  misused and you can end up with a php file instead of a intended file... ALWAYS use the actual extention of the  file to perform the test.....ALWAYS.. even that is not 100% secure.

 

What?

[PFMaBiSmAd]

At least one combination/version of operating system, Apache, and php running as an Apache Module has been found to parse files names like something.php.jpg AS php files when they are requested. So, upload validation code that only relies on the ending file extension will allow a .php script file to be uploaded. If that file can then be browsed to and executed by the php language engine, a hacker just took over your web site.

 

The best upload security you can use is to place the uploaded files into a folder where either all http requests have been prevented or where any server side scripting engines have been disabled.