Image Upload Wrong File Type

[The Little Guy]

OK... I make an image, save it as a bmp. If I change the file  extention to a .jpg it changes.

 

My site allows for uploads of jpg, gif, and png. Since the above is actually a bmp, and some one tries to upload it with the jpg file extention, I get this error message:

 

Fatal error: Call to undefined function imagecreatefrombmp() in /home/.marble/ryannaddy/tzfiles.com/guestLoad.php(11) : eval()'d code on line 1

 

How can I stop that error from showing, and make my own error message saying somthing about it still being a bmp file, or exe, or html, etc. and only jpg, gif, and png are allowed?

 

The code:

(There is a function in the code: getext all it does is return the file extention)

<?php
include"db.php";
session_start();
function createThumbnail($imageDirectory, $imageName, $thumbDirectory, $thumbWidth, $quality){
$details = getimagesize("$imageDirectory/$imageName") or die('<div class="container">
	<div class="content">
		Please only upload images.
	</div>
</div>');
$type = preg_replace('@^.+(?<=/)(.+)$@', '$1', $details['mime']);
eval('$srcImg = imagecreatefrom'.$type.'("$imageDirectory/$imageName");');
$thumbHeight = $details[1] * ($thumbWidth / $details[0]);
$thumbImg = imagecreatetruecolor($thumbWidth, $thumbHeight);
imagecopyresampled($thumbImg, $srcImg, 0, 0, 0, 0, $thumbWidth, $thumbHeight, $details[0], $details[1]);
eval('image'.$type.'($thumbImg, "$thumbDirectory/$imageName"'.(($type=='jpeg')?', $quality':'').');');
imagedestroy($srcImg);
imagedestroy($thumbImg);
}
$a = 1;
foreach ($_FILES["file"]["error"] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
	$tmp_name = $_FILES["file"]["tmp_name"][$key];
	$name = $_FILES["file"]["name"][$key];
	$file = getext($name);
	$time = time();
	$string = "abcdefghijklmnopqrstuvwxyz0123456789";
	$randnum = '';
	for($i=0;$i<25;$i++){
		$pos = rand(0,36);
		$randnum .= $string{$pos};
	}
	$dircnt=0;
	$dirarr = array();
	foreach(ListDescendantDirectories('guest_images') as $dir){
		array_push($dirarr,$dir);
		$dircnt++;
	}
	$filee = array_rand($dirarr);
	$savelocation = $dirarr[$filee];

	#1 equals overwrite
	$guestTypes = array(".jpg",".gif",".png");
	if(in_array($file,$guestTypes)){
		move_uploaded_file($tmp_name, $savelocation."/".$time.$randnum.$name);
		createThumbnail($savelocation, $time.$randnum.$name, $savelocation.'/thumbs', 120, 80);
		$_SESSION['guestfile'.$a] = "http://tzfiles.com/$savelocation/".$time.$randnum.$name;
		$_SESSION['guestfile'.$a.'error'] = 1;
		$saveFile = $time . $randnum . $name;
		mysql_query("INSERT INTO guest_images (`directory`,`file`) VALUES ('$savelocation','$saveFile')");
	}else{
		$_SESSION['guestfile'.$a.'error'] = 2;
		if(!in_array($file,$guestTypes)){
			$_SESSION['guestfile'.$a.'error_txt'] .= '<span style="color:red">Incorrect File Type .jpg, .gif, .png only</span>';
		}
	}
}
$a++;
}
header("Location: guestTxt.php");
exit;
?> 

[neel_basu]

Use imagecreatefromwbmp()

Instead of

imagecreatefrombmp()

Cause No such Function exists in php with this name imagecreatefrombmp()

[craygo]

I use this for my image uploads

<?php
$absolute_path = "/path/to/image/folder"; //Absolute path to where files are uploaded
$thumb_path = "/path/to/thumbnail/folder";  //Absolute path to where thumbs are to be stored if you want this
$size_limit = "yes"; //do you want a size limit yes or no.
$limit_size = "600000"; //How big do you want size limit to be in bytes
$limit_ext = "yes"; //do you want to limit the extensions of files uploaded
$ext_count = "3"; //total number of extensions in array below
$extensions = array(".jpg", ".png", ".gif"); //List extensions you want files uploaded to be

function resampimage($maxwidth, $maxheight, $sourcefile, $imgcomp=0)
   {
   $g_imgcomp=100-$imgcomp;
   if(file_exists($sourcefile))
       {
       $g_is=getimagesize($sourcefile);
       $w_adjust = ($maxwidth / $g_is[0]);
       $h_adjust = ($maxheight / $g_is[1]);
       if($w_adjust <= $h_adjust)
           {
           $new_width=($g_is[0]*$w_adjust);
           $new_height=($g_is[1]*$w_adjust);
           }
           else
           {
           $new_width=($g_is[0]*$h_adjust);
           $new_height=($g_is[1]*$h_adjust);
           }
       	//SEARCHES IMAGE NAME STRING TO SELECT EXTENSION (EVERYTHING AFTER . )
    $image_type = strrchr($sourcefile, ".");

    //SWITCHES THE IMAGE CREATE FUNCTION BASED ON FILE EXTENSION
	switch($image_type) {
		case '.jpg':
			$img_src = imagecreatefromjpeg($sourcefile);
			break;
		case '.png':
			$img_src = imagecreatefrompng($sourcefile);
			break;
		case '.gif':
			$img_src = imagecreatefromgif($sourcefile);
			break;
		default:
			echo("Error Invalid Image Type");
			die;
			break;
		}
       $img_dst=imagecreatetruecolor($new_width,$new_height);
       imagecopyresampled($img_dst, $img_src, 0, 0, 0, 0, $new_width, $new_height, $g_is[0], $g_is[1]);
       imagejpeg($img_dst);
       imagedestroy($img_dst);
       imagedestroy($img_src);
       return true;
       }
       else
       return false;
   }

if(!isset($_POST['submit'])){
$extens = '';

        if (($extensions == "") or ($extensions == " ") or ($ext_count == "0") or ($ext_count == "") or ($limit_ext != "yes") or ($limit_ext == "")) {
           $extens = "any extension";
        } else {
        $ext_count2 = $ext_count+1;
        for($counter=0; $counter<$ext_count; $counter++) {
            $extens .= "  $extensions[$counter]";
        }
        }
        if (($limit_size == "") or ($size_limit != "yes")) {
            $limit_size = "any size";
        } else {
            $limit_size .= " bytes";
            $mb_size = ($limit_size/1000000);
        }
        $pichead = "<li><font size=\"2\" color=660000>File extension must be $extens<b>";
        $pichead .="</b></font>
        <li><font size=\"2\" color=660000>Maximum file size is $limit_size ($mb_size MB)</font></li>
        <li><font size=\"2\" color=660000>No spaces in the filename</font></li>";
?>
<html>
<head>
<title>HTML Form for uploading image to server</title>
</head>
<body>
<form action="" method="post" enctype="multipart/form-data">
<html>
<title>Add Vehicle Form</title>
<body>
<p><? echo $pichead; ?></p>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<p>Pictures:<br />
1 <input type="file" name="pictures[]" /><br />
2 <input type="file" name="pictures[]" /><br />
3 <input type="file" name="pictures[]" /><br />
4 <input type="file" name="pictures[]" /><br />
5 <input type="file" name="pictures[]" /><br />
6 <input type="file" name="pictures[]" /><br />
<input type="submit" name=submit value="Send" />
</p>
</form>
<?php
} else {
$i=0;
$photoarray = array();
  foreach ($_FILES["pictures"]["error"] as $key => $error) {
  $file_name =  $_FILES["pictures"]['name'][$i]; // can call this anything you like this will take the original name
  $file =  $_FILES["pictures"]['tmp_name'][$i];
  $file_size = $_FILES["pictures"]['size'][$i];
  $photoarray[$i+1]= $file_name;
  $endresult = "<font size=\"4\" color=990000>$file_name uploaded successfully</font>";
    if ($file_name == "") {
    $pic = $i+1;
    $endresult = "<font size=\"4\" color=990000>Pic#$pic Not selected</font>";
    }else{
      if(file_exists("$absolute_path/$file_name")) {
      $endresult = "<font size=\"4\" color=990000>File Already Existed</font>";
      } else {
        if (($size_limit == "yes") && ($limit_size < $file_size)) {
        $endresult = "<font size=\"4\" color=990000>File was to big</font>";
        } else {
        $ext = strrchr($file_name,'.');
          if (($limit_ext == "yes") && (!in_array($ext,$extensions))) {
          $endresult = "<font size=\"4\" color=990000>File is wrong type</font>";
          }else{
          // Save full size image with max width/height
          resampimage(1000,1000,$file,"$absolute_path/$file_name",0);
          // Save thumb image with max width/height of 200
          // resampimage(200,200,$file,"$thumb_path/$file_name",0);
          }
        }
      }
    }
  $i++;
  echo $endresult."<br>";
  }
}
?>
</body>
</html>

 

Set your paths above and uncomment the thumbnail line in the function. And change the message in the function to your liking

 

Ray

[The Little Guy]

You might be missing the point... Or Im not understanding.

 

The images are actually image.bmp, but if the person renames it to image.jpg, the file is accepted, but can not be read, because the file is still a bmp file, only it has a different extention name.

 

If that still doesn't make sense... Try it with these steps:

 

1. create a bmp image

2. upload to the server

3. you will recieve my custom error message

4. rename the file on your computer, remove the bmp extention and replace it with a jpg extention

5. upload the file with the new extention

6. You will recieve the Fatal Error Message

Link - http://tzfiles.com

 

I don't want step 6. to take place, instead I would like step 3. to take place. I want my custom error to display no matter what type of file it is, so if it was renamed from exe, bmp, tiff, psd, html, php. and so on, I would like my custom error not the fatal error.

 

Does that maybe clear things up?

 

Here is a bmp...

 

[attachment deleted by admin]

[craygo]

ok sorry.

 

You can add a check.

<?php
if(!imagecreatefrom'.$type.'("$imageDirectory/$imageName")){
  if(!imagecreatefromwbmp("$imageDirectory/$imageName"){
  echo "could not create image";
  die;
  } else {
  echo "Image Created";
  }
} else {
echo "Image created";
}
?>

 

I have not tested it but on that concept

 

Ray

[The Little Guy]

does that only work on bmp?

[only one]

if (($HTTP_POST_FILES['file']['type']=="image/gif") || ($HTTP_POST_FILES['file']['type']=="image/pjpeg") || ($HTTP_POST_FILES['file']['type']=="image/jpeg") || ($HTTP_POST_FILES['file']['type']=="image/png")) {

let it go on

}else{

dont...

 

 

edit bold bits