Jump to content

Recommended Posts

I'm trying to create an upload form for my website- I want to restrict the allowed file types to WAV files and not allow any other file types. With the code I'm using, the form does not allow ANY file type. Why is this?

 

Here's my script:

<?php 
 $target = "upload/"; 
 $target = $target . basename( $_FILES['uploaded']['name']) ; 
 $ok=1; 
 
if (!($uploaded_type == "audio/wav")) {
echo "You may only upload WAV files.<br>";
$ok=0;
}

 if ($ok==0) 
 { 
 Echo "Sorry your file was not uploaded"; 
 } 

else
 { 
 if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
 { 
 echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded"; 
 } 
 else 
 { 
 echo "Sorry, there was a problem uploading your file."; 
 } 
 } 
 ?>

of course when I comment out the bit " if (!($uploaded_type == "audio/wav")).... " it allows all file types, which I do not want. Thanks

Link to comment
https://forums.phpfreaks.com/topic/298176-limiting-file-types-in-uploading/
Share on other sites

Kinda odd to just allow wav files and not other audio, especially since a few can work in a html5 player.

 

finfo_file() the only way to ensure the file is exactly the type

 

mime_content_type() deprecated in newer php versions

 

You would want to check the actual mime type of the file before you do the move.

 

Can knock some checks out early just by looking for any allowed extensions

 

//single type and file as you have

if(end(explode(".", strtolower($_FILES['uploadedfile']['name']))) == "wav") {

//check real mime type, if passes check if successful move

} else {

//toss an error or take any actions want

}

 

//multiple audio types

$allowedExtensions = array("mp3","mp4","wav","ogg","flac","wma","wax");

if (in_array(end(explode(".", strtolower($_FILES['uploadedfile']['name']))),$allowedExtensions)){

//check real mime type, if passes check if successful move

} else {

//toss an error or take any actions want

}

 

If did both checks and turns out is actually different, may want to take a look at whoever is uploading it.

Edited by QuickOldCar

Remember that file extensions can be changed very easily, so though QOC's $allowedExtensions check will easily and efficiently cull out the ridiculous uploads, it's certainly not difficult to bypass; you'll absolutely want to also do the mime type check as described.

Thanks for the replies, it's on it's way to what I wanted now. Making a lot more sense. 

 

The reason I only allow wav files is because the service I'm offering from this upload form is Audio Mastering, and a wav or at least FLAC file is typically used over a compressed file like an mp3.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.