Upload img with some validation

[mmarif4u]

Hi guys:

I have a upload script which is just simple but now i want to add some more additional things to it.

1- The script will know that the uploaded content is either png,gif,pdf,doc,jpg.I know that i have to these in array, but how can i validate that.

2- Max file size.

3- Error on empty upload like [ if ($image =='' ){do nothing} ]

4- Make it more secure and validated.

 

The code i have:

 

<?php

   if(isset($_POST['btnupload'])) {
     $filename = $_FILES['uploadfile']['name'];

     if($filename){
      $nruser=$session_nruser;
      $uploaddir = photo_imgdir($nruser);
      set_dir($uploaddir);
      $uploadfile = $uploaddir.$_FILES['uploadfile']['name'];

      print "<pre>";

      if (move_uploaded_file($_FILES['uploadfile']['tmp_name'], $uploadfile)){
       $sql="Update m_user set txphoto ='$filename' where nruser=$nruser";
       db_execute($sql);
       echo $cons_msg_success_upload;
      //send_msg($cons_msg_success_upload,"-2");
      }else{
      echo "error".$cons_msg_success_upload;

       //send_msg($cons_msg_file_error,"-2");
      }
      print "</pre>";
    }else{
      send_msg("aaacons_msg_file_error","-2");
      //send_msg($cons_msg_file_error,"-2");
    }
   }
?>

 

Thanks in advance for any response.

[teng84]

$_FILES['uploadfile']['type'] == to those thing you want

$_FILES['uploadfile']['size]

$_FILES['uploadfile']['type'] !=to those thing you want

 

how to get those??

if your code is running then ...

echo $_FILES['uploadfile']['type']  and use the result as the conditioning valu

 

 

 

ASTIG!!!

[mmarif4u]

it means that i have to put these in array like:

$_FILES['uploadfile']['type'] == array('png', and so on)

 

Am i right.

[teng84]

perhaps but are telling me to use the array as the conditioned variable ??

that was a biggggg no.

 

extract those from an array

[TheFilmGod]

Here's a script I use for my website. Read it over and see if you can use it. It is very complex and does all you want it to do. Here it is:

 

<?php
// define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 51200);

if (array_key_exists('upload', $_POST)) {
  // define constant for upload folder
  define('UPLOAD_DIR', '../upload/');
  // replace any spaces in original filename with underscores
  // at the same time, assign to a simpler variable
  $file = str_replace(' ', '_', $_FILES['image']['name']);
  // convert the maximum size to KB
  $max = number_format(MAX_FILE_SIZE/1024, 1).'KB';
  // create an array of permitted MIME types
  $permitted = array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/png');
  // begin by assuming the file is unacceptable
  $sizeOK = false;
  $typeOK = false;
  
  // check that file is within the permitted size
  if ($_FILES['image']['size'] > 0 && $_FILES['image']['size'] <= MAX_FILE_SIZE) {
    $sizeOK = true;
}

  // check that file is of an permitted MIME type
  foreach ($permitted as $type) {
    if ($type == $_FILES['image']['type']) {
      $typeOK = true;
  break;
  }
}
  
  if ($sizeOK && $typeOK) {
    switch($_FILES['image']['error']) {
  case 0:
        // check if a file of the same name has been uploaded
	if (!file_exists(UPLOAD_DIR.$file)) {
	  // move the file to the upload folder and rename it
	  $success = move_uploaded_file($_FILES['image']['tmp_name'], UPLOAD_DIR.$file);
	  }
	else {
	  // get the date and time
	  ini_set('date.timezone', 'Europe/London');
	  $now = date('Y-m-d-His');
	  $success = move_uploaded_file($_FILES['image']['tmp_name'], UPLOAD_DIR.$now.$file);
	  }
	if ($success) {
          $result = "$file uploaded successfully";
      }
	else {
	  $result = "Error uploading $file. Please try again.";
	  }
    break;
  case 3:
	$result = "Error uploading $file. Please try again.";
  default:
        $result = "System error uploading $file. Contact webmaster.";
  }
    }
  elseif ($_FILES['image']['error'] == 4) {
    $result = 'No file selected';
}
  else {
    $result = "$file cannot be uploaded. Maximum size: $max. Acceptable file types: gif, jpg, png.";
}
  }
?>

[mmarif4u]

@teng84 thanks for reply.

 

@Thanks TheFilmGod for ur post and code,

Yeh it seems a little bit complex but i will give it a try.

[TheFilmGod]

The code I gave you goes before any code on the your page. Before <html> tags! Very FIRST!!!

 

Here is the code for the upload form. Its the code in between the html tags:

 

<!-- Upload Section (php) -->

				<tr>
                      <td height="111" align="center" valign="middle" style="padding: 0px;">
<?php
// if the form has been submitted, display result
if (isset($result)) {
  echo '<p><span class="blue">$result</span></p>';
  }
?>
<form action="" method="post" enctype="multipart/form-data" name="uploadImage" id="uploadImage">
    <p>
	<label for="image">Upload image:</label>
	<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
        <input type="file" name="image" id="image" /> 
    </p>
    <p>
        <input type="submit" name="upload" id="upload" value="Upload" />
    </p>
</form>
</td>
                    </tr>

[mmarif4u]

Thanks for further info.