cant check file extension correctly

[allaboutthekick]

I get this error-------

Warning: imagecreatefromjpeg(): gd-jpeg: JPEG library reports unrecoverable error: in /nfs/cust/6/85/82/728586/web/upload.php on line 67
Not a JPEG file: starts with 0x47 0x49
Warning: imagecreatefromjpeg(): 'imgs/o1163112384.jpg' is not a valid JPEG file in /nfs/cust/6/85/82/728586/web/upload.php on line 67

Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /nfs/cust/6/85/82/728586/web/upload.php on line 69
Error Re-sampling image

Warning: imagecreatefromjpeg(): gd-jpeg: JPEG library reports unrecoverable error: in /nfs/cust/6/85/82/728586/web/upload.php on line 102
Not a JPEG file: starts with 0x47 0x49
Warning: imagecreatefromjpeg(): 'imgs/o1163112384.jpg' is not a valid JPEG file in /nfs/cust/6/85/82/728586/web/upload.php on line 102

Warning: imagecopyresampled(): supplied argument is not a valid Image resource in /nfs/cust/6/85/82/728586/web/upload.php on line 104
Error Re-sampling image

Warning: imagedestroy(): supplied argument is not a valid Image resource in /nfs/cust/6/85/82/728586/web/upload.php on line 117


But i feel its because my file checker doesnt work.........

here is my script------


http://pastebin.com/820708

my image checker is on line 28-29 and i want to make it only allow .jpeg or .jpg images

[brendandonhue]

You can use the results of getimagesize() to tell if the file is actually a JPEG.

[allaboutthekick]

i dont know too much about php how would i incorporate that into the script? is it a quick add or do i need to re arrange some stuff. I didnt write this script i just downloaded it and altered it a little. 

[brendandonhue]

Change this:
list($width_orig, $height_orig) = getimagesize($add);
To this:
list($width_orig, $height_orig, $type) = getimagesize($add);

Then $type will have a value of 2 if you're working with a JPEG.

[allaboutthekick]

how would i make it stop the script and display an error once the value of $type doesnt equal 2.

[heckenschutze]

by using:

[code]die("Error not a jpeg");[/code]

or

[code]exit();[/code]

[allaboutthekick]

so something like

if(!$type == 2);
die("Error not a jpeg");



and
how would i make it delete the uploaded file?

[heckenschutze]

More like:

[code]if($type != 2)
    die("Error not a jpeg");[/code]

To delete a file, use
[quote]bool unlink ( string filename [, resource context] )[/quote]

Example:
[code]if(unlink($strFilename) == TRUE)
{
    echo "deleted file";
}else{
    echo "failed to delete file";
}[/code]

hth :)

[allaboutthekick]

ok so this is what i did right here

[code]
if(is_uploaded_file($_FILES['userfile']['tmp_name'])){

$userfile=$_FILES['userfile']['tmp_name'];
$userfile_size=$_FILES['userfile']['size'];
$userfile_type=$_FILES['userfile']['type'];
$userfile_name=$_FILES['userfile']['name'];

list($type) = getimagesize($userfile);

if($type != 2){
    die("Error not a jpeg");
[/code]

but it always displays "error not jpeg" even when it is a jpeg.......

sooooo close!!!!

[allaboutthekick]

i did some searching and found this command

[code]
exif_imagetype()
[/code]
http://us3.php.net/manual/en/function.exif-imagetype.php


and this


[code]image_type_to_extension[/code]
http://us3.php.net/manual/en/function.image-type-to-extension.php

i feel that one of those codes is the one i should use but i do not know how to implement them....

[JasonLewis]

when using the list function you must do it in order of what getimagesize() returns. getimagesize() returns the width, height, type, width and height. so to get just the type you would go like this:
[code]
if(is_uploaded_file($_FILES['userfile']['tmp_name'])){

$userfile=$_FILES['userfile']['tmp_name'];
$userfile_size=$_FILES['userfile']['size'];
$userfile_type=$_FILES['userfile']['type'];
$userfile_name=$_FILES['userfile']['name'];

list($width, $height, $type) = getimagesize($userfile);

if($type != 2){
    die("Error not a jpeg");
[/code]

[allaboutthekick]

thanks that works perfectly!

[allaboutthekick]

One last thing.......
I want this code to to report an error when someone enters a wrong password or username.

[code]<?PHP
$Uname='';
$Pass='';
$contents='';

if ($_REQUEST['Uname'] != "") {
$Uname = $_REQUEST['Uname'];
} else {
die('You need both a Username and password to login');
}



if ($_REQUEST['Pass'] != "") {
$Pass = $_REQUEST['Pass'];
} else {
die('You need both a Username and password to login');
}



$fp = fopen("imgs/".$Uname.".nam","rb");
$contents = fread($fp, filesize("imgs/".$Uname.".nam"));
fclose($fp);

$pieces = explode(" ", $contents);

if ($pieces[2] == md5($Pass)) {
setcookie('User',$Uname,time()+(60*60));
} else {
die ('Sorry the password username combanation does not exist');
}


header("Location: http://" . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/index.php");


?>
[/code]


the current checker is.....
[code]
if ($pieces[2] == md5($Pass)) {
setcookie('User',$Uname,time()+(60*60));
} else {
die ('Sorry the password username combanation does not exist');
}[/code]

but this wont work if you cant even open the file .usr so i need something to report when the file isnt there.

I feel the code should be placed right after this code
[code] $fp = fopen("imgs/".$Uname.".nam","rb");[/code]

[JasonLewis]

just add this wherever:

[code=php:0]
if(!file_exists("imgs/".$Uname.".nam")){
//code to execute if the file doesn't exist
}else{
//code to execute if the file exists
}

[allaboutthekick]

ok i implemented it here---

[code]<?PHP
$Uname='';
$Pass='';
$contents='';

if (!file_exists("imgs/".$Uname.".nam")){
echo "Username does not exsist, please check that capslock is not on and that your entry was spelled correctly.";
}else{
if ($_REQUEST['Uname'] != "") {
  $Uname = $_REQUEST['Uname'];
} else {
die('You need both a Username and password to login');
}



if ($_REQUEST['Pass'] != "") {
  $Pass = $_REQUEST['Pass'];
} else {
  die('You need both a Username and password to login');
}



$fp = fopen("imgs/".$Uname.".nam","rb");
$contents = fread($fp, filesize("imgs/".$Uname.".nam"));
fclose($fp);

$pieces = explode(" ", $contents);

if ($pieces[2] == md5($Pass)) {
setcookie('User',$Uname,time()+(60*60));
} else {
die ('Sorry the password username combanation does not exist');
}


header("Location: http://" . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/index.php");

}
?>
[/code]

but no matter what, right entry or wrong entry it states my echo.

[JasonLewis]

no no no. thats looking for a file which is blank. you havnt set $Uname yet. as you can see in your code.
try this:
[code]
<?PHP
$Uname='';
$Pass='';
$contents='';

if ($_REQUEST['Uname'] != "") {
$Uname = $_REQUEST['Uname'];
} else {
die('You need both a Username and password to login');
}



if ($_REQUEST['Pass'] != "") {
$Pass = $_REQUEST['Pass'];
} else {
die('You need both a Username and password to login');
}



if(!file_exists("imgs/".$Uname.".nam")){
echo "Username does not exist, please check that capslock is not on and that your entry was spelled correctly.";
}else{
$fp = fopen("imgs/".$Uname.".nam","rb");
$contents = fread($fp, filesize("imgs/".$Uname.".nam"));
fclose($fp);

$pieces = explode(" ", $contents);

if ($pieces[2] == md5($Pass)) {
setcookie('User',$Uname,time()+(60*60));
} else {
die ('Sorry the password username combanation does not exist');
}

header("Location: http://" . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . "/index.php");
}
?>
[/code]

because now $Uname is set, and we can check if the file exists.