Error: "Sorry, only MPEG4, MP4 and MOV files are allowed"

[Chrisj]

I'm trying to upload a video from an android device, but I see this error:

"Sorry, only MPEG4, MP4 and MOV files are allowed"

Here's the code below (it works successfully via IOS).

 

Any help/guidance suggestion will be appreciated.

 

<html> 
<head><title>Upload</title></head> 
<body> 
<form action="upload1.php method="post" enctype="multipart/form-data"> 
Select image to upload: 
<input type="file" name="fileToUpload" id="fileToUpload" accept="video/*" capture> 
<input type="submit" value="Upload Image" name="submit"> 
</form> 
</body> 
</html>

<?php
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

// Check if file already exists
if (file_exists($target_file)) {
    echo "Sorry, file already exists.";
    $uploadOk = 0;
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 50000000) {
    echo "Sorry, your file is too large.";
    $uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "MP4" && $imageFileType != "MPEG4" && $imageFileType != "MOV"
&& $imageFileType != "OGG" && $imageFileType != "MKV") {
    echo "Sorry, only MPEG4, MP4 and MOV files are allowed.";
    $uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
    echo "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
    if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
    header ("location: ThankYou.html");
return;

       // echo "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
    } else {
        echo "Sorry, there was an error uploading your file.";
    }
}
?>

 

[mac_gyver]

a) are you sure the upload is working at all? your code isn't testing if the upload worked before using any of the uploaded file information and the first two tests will pass and the third test will always fail if the upload fails. you need to ALWAYS test if something worked before using the data that will only exist if it worked.

 

b) your comparison is case-specific. if the file being uploaded has anything but an upper-case extension, the comparison will fail. you need to 'normalize' the values before comparing them. either force all upper-case or all lower-case values.

 

c)  the file extension being submitted might be different from your list. when validating user supplied values, if you display the value that failed the test as part of the error message, your code will show you what value it tested. you need to apply htmlentities() to any dynamic value that you echo to the browser to help protect against cross-site-scripting.

 

next, you need to put the acceptable values into an array, then just use in_array() to test if the submitted value is one of the acceptable values. this will simplify the logic and allow you to add or change the choices simply by changing the defining array.

[Chrisj]

Thanks for your reply.

Regarding your reply a) can you gove me an example of what you're refering to? I'm note clear on that.

 

I have now replaced this:

// Allow certain file formats
if($imageFileType != "MP4" && $imageFileType != "MPEG4" && $imageFileType != "MOV"
&& $imageFileType != "OGG" && $imageFileType != "MKV") {
    echo "Sorry, only MPEG4, MP4 and MOV files are allowed.";
    $uploadOk = 0;
}

with this:

$extensions= array("mov","mp4");
if(in_array($file_ext,$extensions)=== false){
 $errors[]="File type not allowed, only MP4 or MOV files.";
}

 And that seems to work successfully.

If that's not what you mean regarding b) and c) I look forward to any additional guidance.

Much thanks again

[Psycho]

You also need to set $file_ext to lowercase.

 

$file_ext = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));

 

However, checking the extension of a file is not the best method. It is possible to set the extension of a file to anything and it is possible to upload a file with a malicious package that could compromise users based on how you store it and how it is used. I suggest you google/research a few resources on how to allow safe uploads.