Accurax Posted December 14, 2006 Share Posted December 14, 2006 Ok, here we go.I have a script that uploads some pictures to my web server, and inserts a link to the picture in my database..... this works fune... no problem.Now, however, i want to change the file name to something like "username1.jpg", "username2.jpg" etc etc, in order to guarentee unique filenames for each members pictures.Ive managed to change the filename to "username1" .. but im loosing the extension jpg, gif etc .... the wierd thing is it still seems to work, i mean they display correctly and everything... but i dont think this is the correct way of doing it,So, my first question is how would i modify the script below to change the filename and preserve the file extension..... oh... and $filetype = $_FILES['filename']['type']; doesnt work because it returne type/gif not .gif, I suppose i could do this with some if else statements based around "$filetype = $_FILES['filename']['type'];", but is that really the only way? .... & whats the most secure way? I understand $filetype = $_FILES['filename']['type']; is only the mime type, and is therefore completely under the controll of the user anyway.... so i guess id like some suggestions on how to make sure of the filetype being uploaded.Heres the script for uploading the first picture;[code]<?phpsession_start();include("include.inc");if ( $_SESSION['login'] != "true" ) { header("location: hacker.php"); }else { $filetype = $_FILES['filename']['type']; $username = $_SESSION['username']; $filename = $_FILES['filename']['name']; $new_filename = $username."1"; $filepath = "pictures/".$new_filename; echo "<h1 align = 'center'>Your File has been uploaded. Click <a href='picturemanager.php'>Here</a>to Return</h1>"; $source = "pictures"; move_uploaded_file($_FILES['filename']['tmp_name'], "../xxx/xxx/$source/".$new_filename); // this line is for local host /*"../xxx/$source/".$_FILES['filename']['name']);*/ //this line is for remote server } $connection=mysql_connect($host, $user, $passwd) or die ("Could not connect !"); $db = mysql_select_db($database, $connection) or die ("Could not connect to Database"); $username = $_SESSION['username'];$query = "UPDATE members SET picture = '$filepath' WHERE user_name='$username'";$result = mysql_query($query) or die ("could not add picture.");?>[/code]My second question is about overwriting files.............. lets say i have a user called Frank ... his first picture would be frank1.jpg, then frank2.jpg etc etc.Now this ensures that other useres dont try and upload files with the same names.But what if Frank wants to change his pictures???At the moment i get an error if i try to upload a picture with the same name as one that allready exists in the designated file, so how do i go about allowing my users (frank in this case) to overwrite a picture that allready exists ? Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/ Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 Ive got the delete part sorted out no problem ........... but im still having problems preserving the file extension ....... like i said the pictures still load .... but it doesnt "feel" right somehow... Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141093 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 Why not just use a regular expression... Give this a try:[code]<?php$filetype = $_FILES['filename']['type'];$username = $_SESSION['username'];$filename = $_FILES['filename']['name'];preg_match("/\.w{3}$/", $filename, $matches); // I added this$new_filename = $username."1".$matches[1]; // and the last part of this$filepath = "pictures/".$new_filename;?>[/code]This line[code=php:0]preg_match("/\.w{3}$/", $filename, $matches);[/code] just says capture anything that has a period, followed by three letters, followed by an end of line.RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141102 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 excellant, thankyou....... would this explain why my ifelse statement to check the filetype wasnt working? Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141104 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 Things arnt working as planned huggie mate.It still wont pick up things like .jpeg (presumably becasue this is 4 letters after the period)and i now have a problem with my if else statements.... could you possibly take a look?hers the script as it is now[code]<?phpsession_start();include("include.inc");if ( $_SESSION['login'] != "true" ) { header("location: hacker.php"); }else{ if ($_FILES['filename']['type'] != "image/jpeg || image/gif") { echo "Sorry you must upload only files of the type .jpg .jpeg or .gif, Click <a href='picturemanager.php'>Here</a> to try again"; } else { $filetype = $_FILES['filename']['type']; $username = $_SESSION['username']; $filename = $_FILES['filename']['name']; preg_match("/\.w{4}$/", $filename, $matches); // I added this $new_filename = $username."1".$matches[1]; // and the last part of this $myFile = $new_filename; unlink("pictures/".$myFile); $filepath = "pictures/".$new_filename; echo "<h1 align = 'center'>Your File has been uploaded. Click <a href='picturemanager.php'>Here</a>to Return</h1>"; $source = "pictures"; move_uploaded_file($_FILES['filename']['tmp_name'], "../xxx/xxx/$source/".$new_filename); // this line is for local host /*"../xxx/$source/".$_FILES['filename']['name']);*/ //this line is for remote server }} $connection=mysql_connect($host, $user, $passwd) or die ("Could not connect !"); $db = mysql_select_db($database, $connection) or die ("Could not connect to Database"); $username = $_SESSION['username'];$query = "UPDATE members SET picture = '$filepath' WHERE user_name='$username'";$result = mysql_query($query) or die ("could not add picture.");?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141107 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 OK, with the changes I made, does it work if you try to upload a .gif or a .jpg?RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141111 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 erm... no it doesnt for some reason ... hmmmmMaybe the problems with my error checking ? Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141114 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 I just commented the filetype checking out.... and even when uploading a gif it strips the file extension and uploads the picture as a non-descript file Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141115 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 Sorry, my fault.The code I posted should have looked like this...[code]<?phppreg_match('/\.\w{3,4}$/', $filename, $matches);$new_filename = $username."1".$matches[0];?>[/code]This will work with .jpg, .jpeg, .gifRegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141123 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 Also, you should add a third file type... "[color=brown]image/pjpeg[/color]".RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141126 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 Thanks Huggie.... it keeps the file extension now ............ but my checking is still not working, and i dont know why ??Sorry to keep buggin you with this, buut do you have any idea's why? Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141130 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 Checking of what? the file type?RegardsHuggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141132 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 yeah, i think theres a problem with my if else statements Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141134 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 This is what i ahve now :[code]<?phpsession_start();include("Vars.inc");if ( $_SESSION['login'] != "true" ) { header("location: hacker.php"); }else{ if ($_FILES['filename']['type'] != "image/jpg" || "image/gif" || "image/pjpeg") { echo "Sorry you must upload only files of the type .jpg .jpeg or .gif, Click <a href='picturemanager.php'>Here</a> to try again"; } else { $filetype = $_FILES['filename']['type']; $username = $_SESSION['username']; $filename = $_FILES['filename']['name']; preg_match('/\.\w{3,4}$/', $filename, $matches); $new_filename = $username."1".$matches[0]; $myFile = $new_filename; unlink("pictures/".$myFile); $filepath = "pictures/".$new_filename; echo "<h1 align = 'center'>Your File has been uploaded. Click <a href='picturemanager.php'>Here</a>to Return</h1>"; $source = "pictures"; move_uploaded_file($_FILES['filename']['tmp_name'], "../xxx/xxx/$source/".$new_filename); // this line is for local host /*"../xxx/$source/".$_FILES['filename']['name']);*/ //this line is for remote server}} $connection=mysql_connect($host, $user, $passwd) or die ("Could not connect !"); $db = mysql_select_db($database, $connection) or die ("Could not connect to Database"); $username = $_SESSION['username'];$query = "UPDATE members SET picture = '$filepath' WHERE user_name='$username'";$result = mysql_query($query) or die ("could not add picture.");?>[/code]It seems to allways drop through to the ... "you must upload a gif, jpg or jpeg" statement Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141136 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 Make the first line of your if look like this:[code=php:0]if ($_FILES['filename']['type'] != "image/jpeg" || $_FILES['filename']['type'] != "image/pjpeg" || $_FILES['filename']['type'] != "image/gif")[/code] Not this:[code=php:0]if ($_FILES['filename']['type'] != "image/jpg" || "image/gif" || "image/pjpeg")[/code] That should fix it.Huggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141138 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 Sorry about this Huggie...... but it wont upload anything nowI tried [code]<?phpif ($_FILES['filename']['type'] != ("image/jpg" || "image/gif" || "image/pjpeg")) ?>[/code]But that just allowed everything to be uploaded, however;[code]<?phpif ($_FILES['filename']['type'] != "image/jpeg" || $_FILES['filename']['type'] != "image/pjpeg" || $_FILES['filename']['type'] != "image/gif") ?>[/code]Wont allow anything to be uploaded....... lol, this is driving me mad Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141140 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 And the files you're trying to upload are definitely of one of those types are they?Huggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141141 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 yep i expressly exported a .gif file from fireworks 10 mins ago just to test this... and the others are .jpegs Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141142 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 Are you only uploading one file at a time?Huggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141143 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 yeah, i have a page with 7 upload forms on it.... but only one file is ever uploaded at any one time Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141144 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 I think you should be doing something like this (notice I'm using an array key here) I'm sure this is where things are going wrong for you, as each component within the $_FILES array is an array in itself, so [code=php:0]$_FILES['imagefile']['type'][/code] is an array too:[code]<?phpforeach ($_FILES['imagefile']['error'] as $k => $error){ if ($_FILES['imagefile']['error'][$k] == 0){ if ($_FILES['imagefile']['type'][$k] == "image/jpeg" || $_FILES['imagefile']['type'][$k] == "image/gif" || $_FILES['imagefile']['type'][$k] == "image/pjpeg"){ // Do your processing here } }}?>[/code]Huggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141146 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 Wow ... i dont get that at all ...... why would you need $_FILES['imagefile']['error'] ... and what is $k ??Thats a little over my head right now..... so if you could explain it a little id be eternally gratefull dude :) Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141147 Share on other sites More sharing options...
HuggieBear Posted December 14, 2006 Share Posted December 14, 2006 OK, I'll cover that in a minute, in the mean time, try changing this:[code=php:0]if ($_FILES['filename']['type'] != "image/jpeg" || $_FILES['filename']['type'] != "image/pjpeg" || $_FILES['filename']['type'] != "image/gif")[/code] To this:[code=php:0]if ($_FILES['filename']['type'][0] != "image/jpeg" || $_FILES['filename']['type'][0] != "image/pjpeg" || $_FILES['filename']['type'][0] != "image/gif")[/code] and attempt to upload one file and see what happens.Huggie Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141150 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 Nope :(I thought maybe it should be[code]if ($_FILES['filename']['type']['0'] != "image/jpeg" || $_FILES['filename']['type']['0'] != "image/pjpeg" || $_FILES['filename']['type']['0'] != "image/gif") [/code]But that didnt work either Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141154 Share on other sites More sharing options...
Accurax Posted December 14, 2006 Author Share Posted December 14, 2006 heres the code again;[code]<?phpsession_start();include("Vars.inc");if ( $_SESSION['login'] != "true" ) { header("location: hacker.php"); }else{ if ($_FILES['filename']['type']['0'] != "image/jpeg" || $_FILES['filename']['type']['0'] != "image/pjpeg" || $_FILES['filename']['type']['0'] != "image/gif") { echo "Sorry you must upload only files of the type .jpg .jpeg or .gif, Click <a href='picturemanager.php'>Here</a> to try again"; } else { $filetype = $_FILES['filename']['type']; $username = $_SESSION['username']; $filename = $_FILES['filename']['name']; preg_match('/\.\w{3,4}$/', $filename, $matches); $new_filename = $username."1".$matches[0]; $myFile = $new_filename; unlink("pictures/".$myFile); $filepath = "pictures/".$new_filename; echo "<h1 align = 'center'>Your File has been uploaded. Click <a href='picturemanager.php'>Here</a>to Return</h1>"; $source = "pictures"; move_uploaded_file($_FILES['filename']['tmp_name'], "../xxx/xxx/$source/".$new_filename); // this line is for local host /*"../xxx/$source/".$_FILES['filename']['name']);*/ //this line is for remote server $connection=mysql_connect($host, $user, $passwd) or die ("Could not connect !"); $db = mysql_select_db($database, $connection) or die ("Could not connect to Database"); $username = $_SESSION['username']; $query = "UPDATE members SET picture = '$filepath' WHERE user_name='$username'"; $result = mysql_query($query) or die ("could not add picture.");}}?>[/code] Quote Link to comment https://forums.phpfreaks.com/topic/30631-file-extensions-and-overwriting-existing-files/#findComment-141157 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.