Image size and ext filter

[emediastudios]

I have been testing my image filters and have a few problems, for some reason it blocks .exe, .rar, .zip and a few others i have tested and does the if else code, but .psd .pdf (i have yet to test more)slip through the else code(they dont get uploaded but it creates a empty record. Not what i want. (why would it do that when in my array i only include, jpg, jpeg, gif and png files)

The other problem is that it recongnises a jpeg if over the size limit and does the else code but png files bigger that the allowed size skip the else code and create an empty record(they dont get uploaded either)  ??? ??? ???

 

Here is my full file

<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "restricted.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>




<?php 
//***FUNCTIONS

//filter extensions
function valid_ext($file_name)
{
$valid = array("jpeg","jpg","png","gif");
$extension = strtolower(substr($file_name,-3,3));
return (in_array($extension, $valid));
}


//filter by size,
function valid_size($size)
{
return ($size <= 1048576);
}


//This is the directory where images will be saved 
$path = '../images/';


//This gets all the other information from the form 
$name=$_POST['name']; 
$suburb=$_POST['suburb']; 
$price=$_POST['price']; 
$content=$_POST['content']; 
$content2=$_POST['content2']; 
$agentmobile=$_POST['agentmobile']; 
$agentemail=$_POST['agentemail']; 
$uploadFile0=($_FILES['uploadFile0']['name']); 
$uploadFile1=($_FILES['uploadFile1']['name']);
$uploadFile2=($_FILES['uploadFile2']['name']); 
$uploadFile3=($_FILES['uploadFile3']['name']);
$uploadFile4=($_FILES['uploadFile4']['name']);
$uploadFile5=($_FILES['uploadFile5']['name']);
$uploadFile6=($_FILES['uploadFile6']['name']);
$uploadFile7=($_FILES['uploadFile7']['name']);
$uploadFile8=($_FILES['uploadFile8']['name']);

// Connects to your Database 
mysql_connect("localhost", "root", "5050888202") or die(mysql_error()) ; 
mysql_select_db("gcproperty") or die(mysql_error()) ; 

// Uploads Images
$uploadNeed = $_POST['uploadNeed'];

// start for loop
$copied = 0;//the number of files successfully uploaded
for($x=0;$x<$uploadNeed;$x++)
{
$file_name = $_FILES['uploadFile'. $x]['name'];

//test
$Size = $_FILES['uploadFile'. $x]['size'];

//Test Check
$Valid = false;
if(valid_ext($file_name))
{
	echo " {$file_name} valid ext";
	$Valid = true;
}else{
	print "<meta http-equiv=\"refresh\" content=\"0;URL=invalid_extension.php\">";
    exit();
}
echo "</br>";
if(valid_size($Size))
{
	echo " {$file_name} valid size</br>";
}else{
	$Valid = false;
	print "<meta http-equiv=\"refresh\" content=\"0;URL=invalid_size.php\">";
	exit(); 
}
if($Valid)
{
	// strip file_name of slashes
	$file_name = stripslashes($file_name);
	$file_name = str_replace("'","",$file_name);
	if(file_exists($path . $file_name) ) {
		print "<meta http-equiv=\"refresh\" content=\"0;URL=file_exists.php\">";
        exit();
	}else {
		$copy = move_uploaded_file($_FILES['uploadFile'. $x]['tmp_name'], $path . $file_name);
		$copied++;//increment our counter
	}	
}
}



if($copied > 0) {

//do your insert stuff

if($copied != $uploadNeed) {

$not_uploaded = $uploadNeed - $copied;

		print "<meta http-equiv=\"refresh\" content=\"0;URL=upload_error.php\">";
        exit();


  }

}


// check if successfully copied

if($copied == $uploadNeed)
{
 print "<meta http-equiv=\"refresh\" content=\"0;URL=property_added_successfully.php\">";
 //Writes the information to the database

mysql_query("INSERT INTO `employees` VALUES ('$name', '$suburb', '$price', '$content', '$content2','$agentmobile', '$agentemail','$uploadFile0','$uploadFile1', '$uploadFile2', '$uploadFile3', '$uploadFile4', '$uploadFile5', '$uploadFile6', '$uploadFile7', '$uploadFile8')") ;
}else{

            echo "<br>$file_name The File(s) could not be uploaded!<br>The file must be under 1 meg and be of a valid extension type, jpeg, jpg, png or gif!<br />
<br />
Please go <a href=\"property_add.php\">back</a> and try again";
}



// end of loop



many thanks
?>