RyanSF07 Posted December 28, 2011 Share Posted December 28, 2011 Hi All, I need some help blocking files that don't pass authentication from being uploaded to the server. Here is my script (below). It correctly throws errors, but regardless of error / no-error, the file is uploaded. For example, the only files allowed to be uploaded should be .png, .jpeg, .gif -- but I see .flv .docx etc in the destination folder. You'll see below a variable for each of the error messages. They basically say that the file name is too long, too big, not an allowed file type, or English characters only allowed in file title name. Again the errors work properly, but regardless files are uploaded to the "quiz_images" folder. What do I need to do to stop the upload if an error is triggered? Thank you for your help... here is the code snip: $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']); $uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'quiz_images/'; $fieldname = 'file'; if ($_POST[submit]) { if ($_POST[title] <> "") { $a = TRUE; } else { $a = FALSE; $content .= "<p>$enter_title</p>\n"; } if ($_POST[video] <> "") { $b = TRUE; } else { $b = FALSE; $content .= "<p>$enter_embed</p>\n"; } if ($_POST[description_text] <> "") { $c = TRUE; } else { $c = FALSE; $content .= "<p>$enter_description</p>\n"; } if ($_POST[submit] <> "") { $f = TRUE; } else { $f = FALSE; $content .= "<p>$sorry_error</p>\n"; } if (is_uploaded_file($_FILES[$fieldname]['tmp_name'])) { $g = TRUE; } else { $g = FALSE; $content .= "<p>$sorry_error</p>\n"; } if (getimagesize($_FILES[$fieldname]['tmp_name'])){ $h = TRUE; } else { $h = FALSE; $content .= "<p>$error2</p>\n"; } if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 50000)) { $i = TRUE; } else { $i = FALSE; $content .= "<p>$error2</p>\n"; } if(preg_match('#^[a-z0-9_\s-\.]*$#i', $pic) ) { $k = TRUE; } else { $k = FALSE; $content .= "<p>$error3</p>\n"; } $desc_length = strlen($pic); $limit = 40; if ($desc_length <= $limit) { $l = TRUE; } else { $l = FALSE; $content .= "<p>$error4</p>\n"; } $now = time(); while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name'])) { $now++; } if (move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)){ $j = TRUE; } else { $j = FALSE; $content .= "<p>$enter_thumb</p>\n"; } $pic=$now++.'-'.$_FILES[$fieldname]['name']; if ($a AND $b AND $c AND $f AND $g AND $h AND $i AND $j AND $k AND $l) {............ Link to comment https://forums.phpfreaks.com/topic/253967-upload-script-writing-files-regardless/ Share on other sites More sharing options...
ManiacDan Posted December 28, 2011 Share Posted December 28, 2011 Your variables are randomly named with single letters, I'm not going to bother trying to figure out what you're thinking. Don't do move_uploaded_file if the validation fails. That's the only answer you'll get from me. It looks like maybe $k is what you want. Link to comment https://forums.phpfreaks.com/topic/253967-upload-script-writing-files-regardless/#findComment-1301920 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.