Jump to content

[SOLVED] Uploading types

Asday

By Asday
in PHP Coding Help

Recommended Posts

Asday Member

Asday

Posted
Posted

I have some code that uploads a file, and now I want to restrict types.

 

I want to let people upload:

 

bmp, jpg, gif, (done)

php, htm, html, xml, (Don't know how)

 

If someone could please post the necessary filetypes for the second list please.  (jpg = image/jpeg, bmp = image/bmp, gif = image/gif)

Link to comment
https://forums.phpfreaks.com/topic/59091-solved-uploading-types/
Share on other sites
Asday Member

Asday

Posted
  • Author
Posted

Well, I don't understand the code samples there...  I was thinking more like this:

 

<?php
if (($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/bmp")
// || ($_FILES["file"]["type"] == "php/php")
|| ($_FILES["file"]["type"] == "text/plain"))
?>

 

You seriously do not want people to be able to upload php files. Doing so could quite easily wipe out your entire site.

 

Not just my site.  My entire server.  All they need is the System command, I believe.  PHP genius next to me just told me.  (He's hard at work, though)

 

EDIT:

 

I need the MIME type, please.  That would have made things simple.

Yesideez Advanced Member

Yesideez

Posted
Posted

That should work OK. If the user is trying to hide a file type (I've seen this happen before) by renaming one file as another this should stop it. Using eregi() will only check the filename, not the file itself.

 

I've not checked using this method so I think HTML, HTM, PHP and XML files would show as "text/plain"

Asday Member

Asday

Posted
  • Author
Posted

That should work OK. If the user is trying to hide a file type (I've seen this happen before) by renaming one file as another this should stop it. Using eregi() will only check the filename, not the file itself.

 

I've not checked using this method so I think HTML, HTM, PHP and XML files would show as "text/plain"

 

That code I just posted allows only .jpg .bmp .gif and .txt files.  I want to be able to upload .html .htm .xml and .php too.  They are not text/plain files, as when I try to upload any of them it fails.

Asday Member

Asday

Posted
  • Author
Posted

Do you get an error message? Showign some code would also be a start...

 

Nope, blank page.

 

Here's my code:

 

<?php

if (($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/bmp")
// || ($_FILES["file"]["type"] == "php/php")
|| ($_FILES["file"]["type"] == "text/plain"))
{
if ($_FILES["file"]["error"] > 0)
{
	echo "Error:  " . $FILES["file"]["error"] . "<br />";
}
else
{
	echo "Upload:  " . $_FILES["file"]["name"] . "<br />";
	echo "Type:  " . $_FILES["file"]["type"] . "<br />";
	echo "Size:  " . (($_FILES["file"]["size"] / 1024) / 1024) . "MB<br />";
	echo "Stored in:  " . $_FILES["file"]["tmp_name"] . "<br /><br />";

		if (file_exists("upload/" . $_FILES["file"]["name"]))
		{
			echo $_FILES["file"]["name"] . " already exists, foof!";
			echo '<a href="javascript:history.go(-1)"  onMouseOver="self.status=document.referrer;return true">Return</a>' . ' to the page you were on.';
		}
		else
		{
			move_uploaded_file($_FILES["file"]["tmp_name"],
			"upload/" . $_FILES["file"]["name"]);
			echo 'It`s now <a href="/upload/' . $_FILES["file"]["name"] . '">here.</a>  Tell your friends!<br />';
			echo '<a href="javascript:history.go(-1)"  onMouseOver="self.status=document.referrer;return true">Return</a>' . ' to the page you were on.';
		}
}
}

?>

Yesideez Advanced Member

Yesideez

Posted
Posted

Without knowing what the variables are containing its a little tricky reading through it. One thing I do when I get if() statements that don't appear to be behaving is place a load of "echo" lines throughout the script just displaying numbers.

 

One before if(), one inside each condition and see what I get in my browser.

Asday Member

Asday

Posted
  • Author
Posted

Not quite sure what you're trying to achieve.  It's meant to do nothing if it get's a file I don't want uploaded.

 

The way to make it stop doing that, is to add another OR for another MIME type at the top, which is what I want to do.

 

All I want, is to know what the mime types for htm, html, php and xml are.

 

The ones on filext for php didn't work, so I've come here.

 

EDIT:  Found the mimetypes for html and xml:

 

...
if (($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/bmp")
|| ($_FILES["file"]["type"] == "text/html")
|| ($_FILES["file"]["type"] == "text/xml")
// || ($_FILES["file"]["type"] == "php/php")
|| ($_FILES["file"]["type"] == "text/plain"))
...

Asday Member

Asday

Posted
  • Author
Posted

application/xml

text/xml xml

text/html html htm

 

No PHP - guess it's not present!

 

Surely there isn't all the MIME types ever.  For instance, there is no torrent.  No psd.  No exe.

 

EDIT:  Apparently, php has no MIME type.  (I got the script to echo it)

 

EDIT2:  Also apparently, what I want to do is impossible.  Well, I could get it to check systematically EVERY SINGLE MIME type ever, and if it is, disallow it.  Needless to say, I won't do that.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.