Jump to content

how to determine file type by content not extension

maxwel

By maxwel
in PHP Coding Help

 Share

Recommended Posts

maxwel Newbie

maxwel

Posted
Posted

how to determine file type by content not extension  Using server side solutions? i am using now 

$_FILES["file"]["type"] 

but i heard that it  can be changed/malformed/spoofed

 

any examples in simple way or referring me to an article that can clarify that to me, will be so great and helpful.

 

Also got another question,

 

i have and adfly account and i use there api while people is redirecting to page for downloading mixes and this link got a query which is the name of the mix in the url and i dont want to show that cuz like this later on ppl can just grab name of themix that appear in search and bypass part of adfly simply by pasting the name and adding the extension at the end like (.mp3, .wav etc..)

 

So, i was asking if there is a solution that any think about to hide query and still it can be got by the script i tried .htaccess way and other php ways but they was only removing the query which is needed for the script to be work. i also thought about adding uniqid() but didnt work for lots of reasons like searching if same file exist.

 

npw tjhinking of using something like 

$Input_data  = "i want a apple";//Place the text here
$Encrypter_variables= array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t","u", "v", "w", "x", "y", "z");
$Variables_replace = array("1", "2", "3", "4", "5", "6", "7", "8", "9", "%", "!", "@", "#", "$", "^", "&", "*","~", "+", ":","-", "=", "?", "'", ".", "<");
$New_data = str_replace($Encrypter_variables, $Variables_replace, $Input_data);

to encrypt name then de-crypt it in other page. what do you think guys?

 

thanks alot :)

Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

So, i was asking if there is a solution that any think about to hide query and still it can be got by the script

Not possible. Any link that your site uses, even if it's not shown visibly to the user, would work for anybody else who tried it.

 

Instead don't link to the files directly. Link to a script which downloads (or whatever) the file to the user, but only does so if they're logged in and have access and whatever other criteria you require. You don't even have to camouflage the links then: it doesn't matter if they try to mess with it because they can't touch how the script works.

Link to comment
Share on other sites
maxwel Newbie

maxwel

Posted
  • Author
Posted (edited)

requinix

 

 you didnt get me, the problem i dont want them to be just copying the name of the mix after the 

?q= (this part)

and bypassing the adfly link which i made it to help in making few money to support the project.

 

even just hiding it is fair enough for me and i dont care if there someone tried it will work but just want it to work while being hidden by the script

 

but there is no way to hide the query?

 

about the refrening to another script is already done but still query is shown so yea seems i have no choice except the string replace method and ecrypting the letter to symbols and in other script i turn it vice versa. this will make users to hardly use mixes name shown in results of thier search in query as the query will be just symbols that will be decrypted later in another script.

 

 

.WHat do you think about that idea will it work?

 

 

 

@ psycho

 

love your suggestion about better way to check file content instead of extension by 

finfo_file()

function, its my first time to use it by the way but i got a problem which is it detect it as temp file not mp3 or wav here is my code

 

$finfo = finfo_open(FILEINFO_MIME_TYPE);
$tmpname = $_FILES["fileToUpload"]["tmp_name"];
if (
((finfo_file( $finfo , $tmpname ) == "audio/mp3")
  || (finfo_file( $finfo , $tmpname ) == "audio/wav")
  || (finfo_file( $finfo , $tmpname ) == "audio/mpeg"))
&& ($_FILES["fileToUpload"]["size"] >= 26214400)
&& ($_FILES["fileToUpload"]["size"] <= 70000000)


)
   {

rReally thank you all for your heavy support,

Maxwel

Edited by maxwel
Link to comment
Share on other sites
requinix Prolific Member

requinix

Posted
Posted

requinix

 

 you didnt get me, the problem i dont want them to be just copying the name of the mix after the 

?q= (this part)
and bypassing the adfly link which i made it to help in making few money to support the project.

 

even just hiding it is fair enough for me and i dont care if there someone tried it will work but just want it to work while being hidden by the script

 

but there is no way to hide the query?

 

about the refrening to another script is already done but still query is shown so yea seems i have no choice except the string replace method and ecrypting the letter to symbols and in other script i turn it vice versa. this will make users to hardly use mixes name shown in results of thier search in query as the query will be just symbols that will be decrypted later in another script.

 

 

.WHat do you think about that idea will it work?

 

It won't. I'm saying that you can't simply hide that information from the user. The browser and the user are the same thing: you cannot treat one differently than the other.
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.