Help

steviez · July 28, 2007

Hi,

I have a upload site and i want the site to perform differently if its uploading certain file types. For example it the file type is jpg then i want it to act as a image host. How do i get it to identify different file types on upload?

I tryed this:

$ext_value= array('jpeg','mpeg','etc');
if($variable in_array($arr_value)){
//then do some stuff here
}
[code]

But it wont work,

Please could someone help

[/code]

teng84 · July 28, 2007

Hi,

I have a upload site and i want the site to perform differently if its uploading certain file types. For example it the file type is jpg then i want it to act as a image host. How do i get it to identify different file types on upload?

I tryed this:
$ext_value= array('jpeg','mpeg','etc');
if($variable in_array($arr_value)){
//then do some stuff here
}
[code]

But it wont work,

Please could someone help 
[/code]

i notice its my code try to change the

if($variable in_array($arr_value)){

into

if(in_array($variable ,$arr_value)){

steviez · July 28, 2007

that does not work

teng84 · July 28, 2007

can you show me your code ?

steviez · July 28, 2007

can you show me your code ?

This is my code:


<?php

require_once("admin/config.php"); 
include("login_database.php");
include("login.php");
require_once("conn.php");
require_once("functions.php");
if($_REQUEST['human_check'] != $_SESSION['human_check_code']){
alert("Human verification failed. Please try again and enter verification code correctly.");
goto(SITE_URL);
exit();
}
if($_FILES["fupload"]["size"] <= (MAX_SIZE*1048576)) {
$_SESSION['key'] = randomNumber();
$_SESSION['del_key'] = randomNumber();
$strSql = "select * from xl_files where `key` = '".$_SESSION['key']."'";
$strSql2 = "select * from xl_files where `del_key` = '".$_SESSION['del_key']."'";
$rsChkKey = $conn->execute($strSql);
$rsChkKey2 = $conn->execute($strSql2);

//This is our limit file type condition
$arr_value = array('text/php','mpeg','etc');
if(in_array($variable ,$arr_value)){
alert("No PHP Files"); 
goto(SITE_URL);
} 

if(!$rsChkKey->EOF){
while($rsChkKey->fields['key'] == $_SESSION['key']){
$strSql = "select * from xl_files where `key` = '".$_SESSION['key']."'";
$rsChkKey = $conn->execute($strSql);
$_SESSION['key'] = randomAlphaNumeric(;
}
}

if(!$rsChkKey2->EOF){
while($rsChkKey2->fields['del_key'] == $_SESSION['del_key']){
$strSql2 = "select * from xl_files where `del_key` = '".$_SESSION['del_key']."'";
$rsChkKey2 = $conn->execute($strSql2);
$_SESSION['del_key'] = randomAlphaNumeric(;
}
}

$newfilename = $_FILES["fupload"]["name"];
$newfilename = preg_replace('/\s+/', ' ', $newfilename);
$newfilename = ereg_replace(" ","_",$newfilename);
$newfilename = ereg_replace("[^a-z,A-Z,0-9,_.]","_",$newfilename);
$newfilename = preg_replace('/\_+/', '_', $newfilename);        


if(strlen($newfilename)>62){
$filename_array_dot = explode(".", $newfilename);
$filename_array_count = count($filename_array_dot);
$ext  = $filename_array_dot[$filename_array_count-1];
$newfilename = substr($newfilename,0,(65-strlen($ext+1)));
$newfilename = $newfilename.".".$ext;
}

$upload_folder = UPLOAD_FOLDER;
$incr = 0;
while (file_exists($upload_folder.$newfilename)){
$incr++;
$newfilename = $incr."_".$newfilename;
}

$upload = copy($_FILES["fupload"]["tmp_name"], $upload_folder.$newfilename); 
if(!$upload) { 
echo "error in uploading...";
} else {
$strSql = "INSERT INTO `xl_files` (
`fileid` , `key` , `del_key` , `mailto` , `mailfrom` , 
`mailmessage` , `filename` , `foldername`, `filesize` , `username`, `uploadtime` , 
`ip`, `downloads`)  VALUES (
'', '".$_SESSION['key']."',
'".$_SESSION['del_key']."', 
'".$_REQUEST['mailto']."', 
'".$_REQUEST['mailfrom']."', 
'".$_REQUEST['message']."',
'$newfilename', 
'$upload_folder',
'".$_FILES["fupload"]["size"]."',
'".$_SESSION['username']."',
'".time()."', 
'".$_SERVER['REMOTE_ADDR']."',
'0')";

$conn->execute($strSql);

if(empty($_REQUEST['mailto'])){
$mailto = "none";
}else{
$mailto = $_REQUEST['mailto'];
}

$strSql = "select * from ".DB_TABLE_PREFIX."template_emails where email_id = '1001'";
$rsMail = $conn->execute($strSql);
$strMessage = $rsMail->fields['email_matter'];
$strMessage = ereg_replace(chr(13),"<br>", stripslashes($strMessage));
$strMessage = ereg_replace("{filename}",$newfilename,$strMessage);
$strMessage = ereg_replace("{filesize}",number_format($_FILES["fupload"]["size"]/1024,2),$strMessage);
$strMessage = ereg_replace("{mailto}",$mailto,$strMessage);
$strMessage = ereg_replace("{message}",ereg_replace(chr(13),"<br>",stripslashes($_REQUEST['message'])),$strMessage);
$strMessage = ereg_replace("{fileurl}","<a href=".SITE_URL."/v/".$_SESSION['key']."/$newfilename>".SITE_URL."/v/".$_SESSION['key']."/$newfilename.html</a>",$strMessage);

if(!empty($_REQUEST['mailfrom'])){
despatchMail($mailfrom , MAIL_FROM_NAME , ADMIN_EMAIL, $rsMail->fields['email_subject'] , ereg_replace(chr(13),"<br>",stripslashes($strMessage)));
}	

$strSql = "select * from ".DB_TABLE_PREFIX."template_emails where email_id = '1000'";
$rsMail = $conn->execute($strSql);
$strMessage = $rsMail->fields['email_matter'];
$strMessage = ereg_replace(chr(13),"<br>", stripslashes($strMessage));
$strMessage = ereg_replace("{filename}",$newfilename,$strMessage);
$strMessage = ereg_replace("{filesize}",number_format($_FILES["fupload"]["size"]/1024,2),$strMessage);
$strMessage = ereg_replace("{mailfrom}",$mailfrom,$strMessage);
$strMessage = ereg_replace("{message}",ereg_replace(chr(13),"<br>",stripslashes($_REQUEST['message'])),$strMessage);
$strMessage = ereg_replace("{fileurl}","<a href=".SITE_URL."/v2/".$_SESSION['key']."/$newfilename>".SITE_URL."/v2/".$_SESSION['key']."/$newfilename.html</a>",$strMessage);

if(!empty($_REQUEST['mailto'])){
sendMail($_REQUEST['mailto'], MAIL_FROM_NAME, $mailfrom , $rsMail->fields['email_subject'], ereg_replace(chr(13),"<br>",stripslashes($strMessage)));
}
}
// Send message to admin
$to = "admin@".EMAIL_URL."";
$subject = "New File Uploaded!";

$message = "
<html>
<head>
<title>New File Uploaded</title>
</head>
<body>
<p>This is an automated message to tell you that a new file has been uploaded to your site, Bellow are the file details:<br></p>
  <P>File Name: ".$newfilename."<br>
     File Size: ".number_format($_FILES["fupload"]["size"]/1024,2)." KB<br>
 Uploaders IP: ".$_SERVER['REMOTE_ADDR']."<br>
  </p>
<p>Please check the file to make sure it complies with the terms of service!<br/><br/>

Best regards,<br/> 
Your Server </p>
</body>
</html>
";

// Always set content-type when sending HTML email
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";

// More headers
$headers .= 'From: <newfile@'.EMAIL_URL.'>' . "\r\n";

mail($to,$subject,$message,$headers);

goto("success.php");
}else{
$_SESSION['key'] = "";
alert("File size exceeds the maximum allowed limit.");
goto("index.php");
} 
?>

teng84 · July 28, 2007

you dont initialize the variable try

$arr_value = array('text/php','mpeg','etc');

if(in_array($_FILES["fupload"]["name"] ,$arr_value)){

alert("No PHP Files");

goto(SITE_URL);

}

steviez · July 29, 2007

you dont initialize the variable try

$arr_value = array('text/php','mpeg','etc');

if(in_array($_FILES["fupload"]["name"] ,$arr_value)){

alert("No PHP Files");

goto(SITE_URL);

}

It does not detect mime types, I need it to do this on upload. Any ideas?

corbin · July 29, 2007

Some browsers supposedly supply mimetypes, but they're unreliable and trickable....

I would check the file extension and not mimetypes...

Sign In

Help

Recommended Posts

steviez

Link to comment

Share on other sites

teng84

Link to comment

Share on other sites

steviez

Link to comment

Share on other sites

teng84

Link to comment

Share on other sites

steviez

Link to comment

Share on other sites

teng84

Link to comment

Share on other sites

steviez

Link to comment

Share on other sites

corbin

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information