Upload File Extensions

[steve-t]

Can anyone suggest why the following code wont allow you to upload PDF or Powerpoint files? It displays the error message no matter what filetype is uploaded.

[code]if (is_uploaded_file($_FILES['user_file']['tmp_name']))
{
  $array = explode(".", $_FILES[$userfile]['name']);
  $ext = $array[count($array)-1];
  if (!preg_match('/(pdf|ppt)/i', $ext))
            {
  $message="File is not a PDF or Powerpoint file. Please try another file.<br>";
    include("file_manager.inc");
      exit();
  }
}
[/code]

[btherl]

Is [code=php:0]$ext[/code] the value you expect it to be?

If yes, then the problem is with the preg_match().  If no, then the problem is with how $ext was set.  You can find out where it goes wrong by printing out the values of each variable that led to the value of $ext.

[steve-t]

Just tested it and $ext just displays a "."

Any ideas how I can rectify this?

[steve-t]

Actually I think $ext is just blank.  ???

[CheesierAngel]

You could try a different approach to extract the extention of the file:

[code]
<?php
if (is_uploaded_file($_FILES['user_file']['tmp_name'])) {
if(!preg_match('/^((\w)(.[pdf|ppt]))$/', $_FILES[$userfile]['name']), $match = array()) {
  $message="File is not a PDF or Powerpoint file. Please try another file.<br>";
  include("file_manager.inc");
  exit();
}
$completeName = $match[0];
$filename = $match[1];
$ext = $match[2];
}
?>
[/code]

[Daniel0]

Cheesier Angel: Imagine this filename: mysql.db.php
That would make:
$completeName = "mysql.db.php";
$filename = "mysql";
$ext = "db";

[code]<?php
$filename = "mysql.db.php";

$array = explode(".",$filename);
$ext = $array[count($array)-1];

echo $ext; // outputs: php
?>[/code]

[steve-t]

So what would the best solution be? I tried that method anyway and got the error: Parse error: syntax error, unexpected ','

I'm pretty new to this so sorry for my basic understanding.

[Daniel0]

Post your code.

[CheesierAngel]

[quote author=Daniel0 link=topic=116816.msg476227#msg476227 date=1164896617]
Cheesier Angel: Imagine this filename: mysql.db.php
That would make:
$completeName = "mysql.db.php";
$filename = "mysql";
$ext = "db";
[/quote]

Is true, but if you adjust the regex this should be no problem.

[steve-t]

Code:

[code]if($_FILES['user_file']['tmp_name'] == "none")
{
$message="File did not successfully upload. Check the filesize. File must not exceed 2MB.<br>";
include("file_manager.inc");
exit();
}
if (is_uploaded_file($_FILES['user_file']['tmp_name']))
{
if(!preg_match('/^((\w)(.[pdf|ppt]))$/', $_FILES[$userfile]['name']), $match = array())
{
$message="File is not a PDF or Powerpoint file. Please try another file.<br>";
include("file_manager.inc");
exit();
}
$completeName = $match[0];
$filename = $match[1];
$ext = $match[2];
}[/code]

It was this line that the error message referred to:

[code] if(!preg_match('/^((\w)(.[pdf|ppt]))$/', $_FILES[$userfile]['name']), $match = array()) [/code]

[CheesierAngel]

There is a ) to much after the $_FILES[][] and add it again at the end.

It should be:
[code]
<?php

if(!preg_match('/^((\w)(.[pdf|ppt]))$/', $_FILES[$userfile]['name'], $match = array())) {
// ...
}

?>
[/code]

[steve-t]

Thanks, that cured the error!

It still wont let me upload PDFs or powerpoint files though.

Have I done something wrong?

[CheesierAngel]

Do you have write access to the folder you're uploading your files ?

[steve-t]

The upload function worked fine previously for just PDF files. However, I wanted to be able to upload powerpoint ppt files aswell.

All I need is a script that will allow these two file extensions only.

[CheesierAngel]

So the code is never executing the inside of the if(is_uploaded_file()) ?
or are there stille errors generated ?

[steve-t]

No errors are now generated it just doesnt recognise the file as being a PDF.

Here is the full code if that helps:
[code]<?php
session_start();
if (@$_SESSION['auth'] != "yes")
{
header("Location: Login.php");
exit();
}
if(!isset($_POST['Upload']))
{
include("file_manager.inc");
} #endif
else
{
if($_FILES['user_file']['tmp_name'] == "none")
{
$message="File did not successfully upload. Check the filesize. File must not exceed 2MB.<br>";
include("file_manager.inc");
exit();
}
if (is_uploaded_file($_FILES['user_file']['tmp_name']))
{
if(!preg_match('/^((\w)(.[pdf|ppt]))$/', $_FILES[$userfile]['name'], $match = array()))
{
    $message="File is not a PDF or Powerpoint file. Please try another file.<br>";
    include("file_manager.inc");
    exit();
}
$completeName = $match[0];
$filename = $match[1];
$ext = $match[2];
}
else
{
$destination = 'user_files/' . "/" .$_FILES['user_file']['name'];
$temp_file = $_FILES['user_file']['tmp_name'];
move_uploaded_file($temp_file,$destination);
$message="<p>The file has successfully uploaded: {$_FILES['user_file']['name']}</p>";
include("user.inc");
$connection = mysql_connect($host,$user,$password)
or die ("Couldn't connect to server");
$db = mysql_select_db($database,$connection)
or die ("Couldn't select database");
$cat = $_REQUEST['categories'];
$query = "SELECT * FROM fileCategory WHERE categoryName='$cat'";
$result1 = mysql_query($query)
or die ("Couldn't execute query1");
$row = mysql_fetch_array($result1,MYSQL_ASSOC);
extract($row);
$catNum = $categoryNumber;
$fileName = $_FILES['user_file']['name'];
$sql = "INSERT INTO File (fileName,categoryNumber) VALUES ('$fileName','$catNum')";
$result = mysql_query($sql)
or die ("Couldn't execute query");
include("file_manager.inc");
}
}
?>[/code]