ibanez270dx Posted November 19, 2007 Share Posted November 19, 2007 Hello everyone, I'm having a problem with my upload.php script... It is meant to upload an MP3 file and it works fine, with a few exceptions. Firstly, it doesn't check the file extension as it should. If I try to upload a wav, it doesn't give me an error (which it should). Secondly, I tried to upload a file that was 5.8 megs and it didn't go through. If I try a small file at about 1 MB, it works fine. POST_MAX_SIZE is at 8 MB, so I don't exactly know whats going on. Do I have to change my MAX_EXECUTION_TIME ? It is currently at 30. I'm running PHP 4.3.11. The relevent code is as follows: $upload_dir = "mp3/"; $size_bytes = 8000000; $extlimit = "yes"; $limitedext = array(".mp3"); if(!is_dir("$upload_dir")) { die("The directory <b>$upload_dir</b> doesn't exist"); } if(!is_writeable("$upload_dir")) { die ("The MP3 directory is NOT writable, Please Chmod (777)"); } if(is_uploaded_file($_FILES['mp3']['tmp_name'])) { $size = $_FILES['mp3']['size']; if ($size > $size_bytes) { echo '<script>alert("File Too Large.");</script>'; echo '<META http-equiv="refresh" content="0;URL=upload.php" target="_top">'; exit(); } } if (($limit_file_type == "yes") && (!in_array($_FILES['mp3']['type'],$limitedext))) { echo '<script>alert("wrong file type");</script>'; echo '<META http-equiv="refresh" content="0;URL=upload.php" target="_top">'; exit(); } $filename = $_FILES['mp3']['name']; if(file_exists($upload_dir.$filename)) { echo '<script>alert("The filename already exists!");</script>'; echo '<META http-equiv="refresh" content="0;URL=upload.php" target="_top">'; exit(); } $uploadto = 'mp3/'; $uploadfile = $uploadto . basename($_FILES['mp3']['name']); if (move_uploaded_file($_FILES['mp3']['tmp_name'], $uploadfile)) { include("connect.php"); $sql = "INSERT INTO band_music (bm_type, bm_title, bm_desc, bm_file, bm_user, bm_date) VALUES ('$bm_type', '$bm_title', '$bm_desc', '$filename', '$bm_user', '$bm_date')"; $result = @mysql_query($sql,$connection) or die(mysql_error()); echo '<script>alert("MP3 Uploaded Successfully!");</script>'; echo '<META http-equiv="refresh" content="0;URL=refreshplaylist.php" target="_top">'; } } Any help is appreciated! Thanks in advance, - Jeff Quote Link to comment Share on other sites More sharing options...
rlindauer Posted November 19, 2007 Share Posted November 19, 2007 You are comparing the file type to a file extension. I believe the file type that php will have stored in the $_FILES array is "audio/mpeg". If you want to check against the file extension you are going to have to use the name value in the $_FILES array, although this is not a reliable method to validate files. It would allow people to upload malicious files that are simply named with an allowed extension. It would be best to compare Here is a really good guide for dealing with file uploads: http://shsc.info/FileUploadSecurity Quote Link to comment Share on other sites More sharing options...
ibanez270dx Posted November 19, 2007 Author Share Posted November 19, 2007 Hey, thanks for you input. The array("audio/mpeg"); seems to work fine - I'm not too worried about security right now though, this is just a small DB app for a small group of people. Anyway, I'm still having trouble with large files. I have changed upload_max_filesize, post_max_size, and memory_limit all to 8M and changed max_execution_time to 300. It still won't handle files more than a meg... It just uploads it then tells me that it is the wrong file type and refreshes the upload page. I tried taking out the part where it checks the file extension, but then it just refreshes the page after it uploads and nothing happens. No change to the DB, no file in my mp3 folder... Here is the relevent code: $upload_dir = "mp3/"; $size_bytes = 8000000; $limit_file_type = "yes"; $limitedext = array("audio/mpeg"); if(!is_dir("$upload_dir")) { die("The directory <b>$upload_dir</b> doesn't exist"); } if(!is_writeable("$upload_dir")) { die ("The MP3 directory is NOT writable, Please Chmod (777)"); } if(is_uploaded_file($_FILES['mp3']['tmp_name'])) { $size = $_FILES['mp3']['size']; if ($size > $size_bytes) { echo '<script>alert("File Too Large.");</script>'; echo '<META http-equiv="refresh" content="0;URL=upload.php" target="_top">'; exit(); } } // It seems to kick me out right here every time... if (($limit_file_type == "yes") && (!in_array($_FILES['mp3']['type'],$limitedext))) { echo '<script>alert("wrong file type");</script>'; echo '<META http-equiv="refresh" content="0;URL=upload.php" target="_top">'; exit(); } $filename = $_FILES['mp3']['name']; if(file_exists($upload_dir.$filename)) { echo '<script>alert("The filename already exists!");</script>'; echo '<META http-equiv="refresh" content="0;URL=upload.php" target="_top">'; exit(); } $uploadto = 'mp3/'; $uploadfile = $uploadto . basename($_FILES['mp3']['name']); if (move_uploaded_file($_FILES['mp3']['tmp_name'], $uploadfile)) { include("connect.php"); $sql = "INSERT INTO band_music (bm_type, bm_title, bm_desc, bm_file, bm_user, bm_date) VALUES '$bm_type', '$bm_title', '$bm_desc', '$filename', '$bm_user', '$bm_date')"; $result = @mysql_query($sql,$connection) or die(mysql_error()); echo '<script>alert("MP3 Uploaded Successfully!");</script>'; echo '<META http-equiv="refresh" content="0;URL=refreshplaylist.php" target="_top">'; } } Please help! This is getting very frustrating! Thanks very much, - Jeff Quote Link to comment Share on other sites More sharing options...
teng84 Posted November 19, 2007 Share Posted November 19, 2007 try this tutorial http://www.w3schools.com/php/php_file_upload.asp Quote Link to comment Share on other sites More sharing options...
ibanez270dx Posted November 19, 2007 Author Share Posted November 19, 2007 Thanks, I got it. It was the php.ini, but I was working in a subdomain and forgot to put my .htaccess there... duh. Thanks again, that tutorial did help Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.