Warptweet Posted December 27, 2006 Share Posted December 27, 2006 Umm... somebody tried helping before, but it didnt work.How can I add a file extension restriction to this code?I know this has been done a million times, but I dont know where to add a file extension restriction code in this... can you help me?[code]<head><title>Warptweet.com - Uploader</title><style type="text/css"><!--body {background-color: white; color: white;}a {color: white;}a:hover {font-size: 110%;}--></style></head><body><div align="center"><fieldset><legend>Warptweet.com File Upload</legend><?phpif ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . ""; }else { echo "Filename: " . $_FILES["file"]["name"] . ""; echo "Type: " . $_FILES["file"]["type"] . ""; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb"; }if (file_exists("filer/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "filer/" . $_FILES["file"]["name"]); echo "Stored in: " . "http://www.warptweet.com/wh/filer/" . $_FILES["file"]["name"]; }?><center><a href="index.htm"><--Back Home[/url]</center></body></html> [/code] Quote Link to comment Share on other sites More sharing options...
trq Posted December 27, 2006 Share Posted December 27, 2006 What kind of files are you wanting to accept? Judging a file by its extension is not secure. If you only want to allow images your best to use [url=http://php.net/getimagesize]getimagesize[/url], this will allways return false if the file is not an image. Quote Link to comment Share on other sites More sharing options...
Warptweet Posted December 27, 2006 Author Share Posted December 27, 2006 I only want .gm6 files, .gm5 files, .gmd files, and .zip files to be allowed to be uploaded.Regardless of security, it DOES cut the image file uploads being annoyingly uploaded. Quote Link to comment Share on other sites More sharing options...
trq Posted December 27, 2006 Share Posted December 27, 2006 Well all you need do is check the extension against an array of extensions. Something like....[code]<?php $allowed = array('gm6','gm5','gmd','zip'); foreach($_FILES as $file) { if (!inarray(substr($file['type'],-3,3),$allowed)) { // file not allowed. } }?>[/code] Quote Link to comment Share on other sites More sharing options...
Warptweet Posted December 27, 2006 Author Share Posted December 27, 2006 The only thing is, I don't know WHERE inside the code to put that.Could you put it in the right spot?I'm afraid that if I put that code in the wrong line or spot inside my code, it might screw up.Do you know where? If you can add it to my code, that would be great.Thanks! Quote Link to comment Share on other sites More sharing options...
SharkBait Posted December 27, 2006 Share Posted December 27, 2006 You could probably put it in the [code=php:0]else[/code] section below the [code=php:0] if($_FILES['file']['error'] > 0) [/code] So if there were no file errors, then you look through the files that were uploaded and check to see if any were invalid extension.If they were all the correct extention, then you can do you [code=php:0]move_uploaded_file()[/code] to move the tempoary file to the correct location. Quote Link to comment Share on other sites More sharing options...
Warptweet Posted December 28, 2006 Author Share Posted December 28, 2006 Errrrr.... *cough*......les de intelligance language?Ummmm....I dont get it.Considering that code has the<? phpand ends with the?>it kind confuses me what to take away and on, can you please do it for me?I'm REALLY sorry, but at least all it takes is to copy and paste it onto my code. :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.