File extensions and overwriting existing files

HuggieBear · December 14, 2006

Try something really simple like this, and it will help you to understand the values assigned to each element of the array when it's uploaded.

[code]<?php
echo <<<HTML
<form name="upload" method="POST" action="{$_SERVER['PHP_SELF']}" enctype="multipart/form-data">
<input type="file" name="image"><br>
<input type="submit" name="submit" value="Upload"><br><br>
</form>
HTML;

if (isset($_FILES)){
echo "<pre>\n";
print_r($_FILES);
echo "</pre>\n";
}
?>[/code]

Huggie

Accurax · December 14, 2006

i understand the different parts of the $_FILES array .... i just have never used the erro part before, the upload itself works... the problem seems to be with the checking of file types :(

HuggieBear · December 14, 2006

OK, got to do some work now.

I'll review your whole code this evening and correct it for you.

Regards
Huggie

Accurax · December 14, 2006

ok mate thanks i really appreciate your help :)

HuggieBear · December 14, 2006

OK, I've read the code and I've been a complete muppet.

Try this:

[code]<?php
session_start();
include("Vars.inc");
if ( $_SESSION['login'] != "true" )
{
header("location: hacker.php");
}

else
{
if ($_FILES['filename']['type'] != "image/jpeg" && $_FILES['filename']['type'] != "image/pjpeg" && $_FILES['filename']['type'] != "image/gif")
{
echo "Sorry you must upload only files of the type .jpg .jpeg or .gif, Click <a href='picturemanager.php'>Here</a> to try again";
}
else
{

$filetype = $_FILES['filename']['type'];
$username = $_SESSION['username'];
$filename = $_FILES['filename']['name'];
preg_match('/\.\w{3,4}$/', $filename, $matches);
$new_filename = $username."1".$matches[0];

$myFile = $new_filename;
unlink("pictures/".$myFile);

$filepath = "pictures/".$new_filename;
echo "<h1 align = 'center'>Your File has been uploaded. Click <a href='picturemanager.php'>Here</a>to Return</h1>";

$source = "pictures";
move_uploaded_file($_FILES['filename']['tmp_name'],
"../xxx/xxx/$source/".$new_filename); // this line is for local host
/*"../xxx/$source/".$_FILES['filename']['name']);*/ //this line is for remote server

$connection=mysql_connect($host, $user, $passwd)
or die ("Could not connect !");
$db = mysql_select_db($database, $connection)
or die ("Could not connect to Database");

$username = $_SESSION['username'];
$query = "UPDATE members SET picture = '$filepath' WHERE user_name='$username'";
$result = mysql_query($query)
or die ("could not add picture.");
}
}

?>[/code]

The || (or) was producing a true result everytime. We needed && (and) to produce a negative result and output the correct details.

My work here is done, incidently, you could cut your code down by removing duplicate values, like this:

[code]<?php
session_start();
include("Vars.inc");
if ( $_SESSION['login'] != "true" ){
header("location: hacker.php");
}
else {
if ($_FILES['filename']['type'] != "image/jpeg" && $_FILES['filename']['type'] != "image/pjpeg" && $_FILES['filename']['type'] != "image/gif"){
echo "Sorry you must upload only files of the type .jpg .jpeg or .gif, Click <a href='picturemanager.php'>Here</a> to try again";
}
else{
preg_match('/\.\w{3,4}$/', $_FILES['filename']['name'], $matches);
$new_filename = $_SESSION['username']."1".$matches[0];

unlink("pictures/".$new_filename);

$filepath = "pictures/".$new_filename;
echo "<h1 align = 'center'>Your File has been uploaded. Click <a href='picturemanager.php'>Here</a>to Return</h1>";

$source = "pictures";
move_uploaded_file($_FILES['filename']['tmp_name'],
"../xxx/xxx/$source/".$new_filename); // this line is for local host
/*"../xxx/$source/".$_FILES['filename']['name']);*/ //this line is for remote server

$connection=mysql_connect($host, $user, $passwd) or die ("Could not connect !");
$db = mysql_select_db($database, $connection) or die ("Could not connect to Database");
$query = "UPDATE members SET picture = '$filepath' WHERE user_name='{$_SESSION['username']}'";
$result = mysql_query($query) or die ("could not add picture.");
}
}
?>[/code]

Regards
Huggie

Accurax · December 15, 2006

Omg ... That is some seriously perverted logic ..... Huggie you are an absolute superstar mate.... Im having real problems getting my head around ifelse statements, and i really cant thankyou enough.

I really appreciate it Huggie... Thankyou :)

HuggieBear · December 15, 2006

No problem, I was looking at some similar code that I've got and then I realised the difference, you were saying.... if file isn't equal to something or file isn't equal to something else, when I looked at my code it was saying if file IS equal to something or file IS equal to something else. So you were testing for negative and me for positive, hence the change from OR to AND.

Regards
Huggie

Sign In

File extensions and overwriting existing files

Recommended Posts

HuggieBear

Link to comment

Share on other sites

Accurax

Link to comment

Share on other sites

HuggieBear

Link to comment

Share on other sites

Accurax

Link to comment

Share on other sites

HuggieBear

Link to comment

Share on other sites

Accurax

Link to comment

Share on other sites

HuggieBear

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information