Specific file types upload not working

[watson1001]

I am in the process of creating a script where only certains video types can be uploaded but at the moment am stuck.

Here is my code -

<?php

$title = isset($_POST['title']) ? $_POST['title'] : null;
$desc = nl2br(isset($_POST['description'])) ? $_POST['description'] : null;
$name = isset($_POST['fullname']) ? $_POST['fullname'] : null;
$email = isset($_POST['email']) ? $_POST['email'] : null;
$country = isset($_POST['country']) ? $_POST['country'] : null;

$video = isset($_FILES['video']);
$videoname = isset($_FILES['video']['name']);
$videotmp = isset($_FILES['video']['tmp_name']);
$videosize = isset($_FILES['video']['size']);
$videotype = isset($_FILES['video']['type']);
$videoacceptable = array(
        "video/mp4",
        "video/ogg",
        "video/quicktime",
);

$videopath = "/videos/";
$videofile = $videopath . $video;

if(isset($_POST['submit'])) {

//ERROR MESSAGES / VALIDATION

if(empty($title)) {
    $errors[] = "A title is required"; 
    echo "<style type=\"text/css\"> #title { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
} elseif(strlen($title) > 80) {
    $errors[] = "Your title can only be 80 characters long"; 
    echo "<style type=\"text/css\"> #title { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
}
if(empty($desc)) {
    $errors[] = "A description is required";
    echo "<style type=\"text/css\"> #description { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
}
if(empty($name)) {
    $errors[] = "Please enter your full name";
    echo "<style type=\"text/css\"> #fullname { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
} elseif(strlen($name) > 32) {
    $errors[] = "Your name can only be 32 characters long";
    echo "<style type=\"text/css\"> #fullname { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
}
if(empty($email)) {
    $errors[] = "Please enter your email address";
    echo "<style type=\"text/css\"> #email { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
} elseif(strlen($email) > 50) {
    $errors[] = "Your email addess can only be 50 characters long";
    echo "<style type=\"text/css\"> #email { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    $errors[] = "Please enter a valid email address";
    echo "<style type=\"text/css\"> #email { background-color:#F5A9A9;border:1px solid #DF0101; } </style>";
}
if($videosize = 0) {
    $errors[] = "You forgot to upload a video";
} elseif($videosize >= 20000000) {
    $errors[] = "Your video size is too large, 20mb max";
} elseif(!in_array($videotype, $videoacceptable)) {
    $errors[] = "The file type is not allowed, only allowed .mp4, .ogg and .mov";
}

if(count($errors) === 0) {
    $connect = mysqli_connect("localhost","username","password");
        if(!$connect) {
            header("Location:"); // ADD ERROR LINK
        }
    $dbselect = mysqli_select_db("database");
        if(!$dbselect) {
            header("Location:"); // ADD ERROR LINK
        }

    $query = mysqli_query("INSERT INTO cover_videos(title, desc, name, email, country, videotmp, videotype, videosize, videopath) VALUES('$title','$desc','$name','$email','$country','$videotmp','$videotype','$videosize','$videopath')");
    move_uploaded_file($videotmp, $videofile);

    //SEND AN EMAIL TO THE USER     
    $to = $email;
    $subject = "Thank's for your upload";

    $message = '
        <html>
            <head><title>We have received your video</title></head>
            <body>
                <h3>Good News!</h3>
                <p>We have recieved your video and is awaiting approval.</p>
            </body>
        </html>
    ';

    $headers = 'FROM: no-replyk' . "\r\n";
    $headers = 'MIME-Version: 1.0' . "\r\n";
    $headers = 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    $headers = 'X-Mailer: PHP/' . phpversion();

    mail($to, $subject, $message, $headers);

    header("Location:"); //SUCCESSFUL UPLOAD PAGE

    }

}

?>

So whats happening is when i go to upload a file, im uploading a .mov file but the error message that pops up is "The file type is not allowed, only allowed .mp4, .ogg and .mov" but the .mov mime is in the videoacceptable array so im a bit stuck at the moment, any know whats the problem?

[boompa]

And what do you find if you do this?

 

$errors[] = "The file type $videotype is not allowed, only allowed .mp4, .ogg and .mov";

[watson1001]

Hello,

 

Ive changed the error message to display that and it doesnt have and $videotype so the message im getting is -

 

• The file type is not allowed, only allowed .mp4, .ogg and .mov

[boompa]

Ah, well I just noticed this:

 

$video = isset($_FILES['video']);
$videoname = isset($_FILES['video']['name']);
$videotmp = isset($_FILES['video']['tmp_name']);
$videosize = isset($_FILES['video']['size']);
$videotype = isset($_FILES['video']['type']);

 

Do you realize that isset() simply returns true or false?

[watson1001]

I didnt realise no, when i remove the isset() i get undefined variable message, how do i sort that issue out?

[Tom8001]

which variable is undefined?

[watson1001]

When i remove the isset() i get the message -

 

Notice: Undefined index: video in path on line 9

Notice: Undefined index: video in path on line 10

Notice: Undefined index: video in path on line 11

Notice: Undefined index: video in path on line 12

Notice: Undefined index: video in path on line 13

[mac_gyver]

your code is not checking if an upload form was submitted and that the upload worked before trying to use the uploaded file information, which has resulted in you trying a bunch of code (all the isset() business) that isn't actually solving anything.
 
because uploading files can cause the $_FILES and $_POST arrays to be empty, when you exceed the post_max_size setting, to test if a form was even submitted, you must test if $_SERVER['REQUEST_METHOD'] == "POST" (there are other ways of checking, but this way tells you that a correct method of form was used.)
 
next, to detect if the upload worked without any errors, you must test if your expected $_FILES['video'] element exists (is set) and that the ['error'] element is a zero value (no errors.) if all the tests to this point are true, you know that the upload worked and that the ['name'], ['type'], ['size'], and ['tmp_name'] have values and can be used. In all other cases, these elements won't all have values and cannot be used. also, for each of these tests that have failed, you can determine what caused the upload to fail and tell the visitor about things he has control over, such as the size of the uploaded file(s), that he can alter and upload again.
 
so, at this point, your form processing code, at a minimum, would look like - 

// check for a post method form
if($_SERVER['REQUEST_METHOD'] == 'POST'){
  // is the expected form field set
  if(isset($_FILES['video'])){
    // a properly named field/variable exists, check for upload errors
    if($_FILES['video']['error'] == UPLOAD_ERR_OK){
      // the upload worked, you can use the uploaded file information here
      echo "the upload worked, you can reference the ['name'], ['type'], ['size'], and ['tmp_name'] information at this point";

      // all your form processing logic needs to go here...

 
    } else {
       // there was a detectable upload error, handle that condition here...
       // the php.net upload handling documentation lists all the error values and what they mean
    }
  } else {
     // the expected $_FILES['video'] element doesn't exist. if there are no coding errors,
     // this typically means the total size of the post data exceeded the post_max_size setting.
     // you can test the $_SERVER['CONTENT_LENGTH'] value to confirm if this is the case.
  }
}