check filetype

[jonniejoejonson]

I want to copy a file from another server which is failry simple... However I want to check that this file is a jpeg/giff and not a virus before I copy it to my server. Is there a way to check filetype? thanks to any responders J.

[hitman6003]

Use fileinfo.

 

http://www.php.net/fileinfo

 

Or the depreciated, mime_content_type.

 

http://www.php.net/mime_content_type

[p2grace]

You could also explode it into a string

 

$filename = "whatever.vr1.jpeg"; // I have multiple periods to show you that the code below will still work

$filename_arr = explode(".",$filename);
$filetype = $filename_arr[(count($filename_arr) - 1)];
if($filetype == "jpeg" || $filetype == "gif"){
// is a jpeg or a gif
}else{
// error only jpeg or gif is allowed
}

[hitman6003]

You could also explode it into a string

...

 

That doesn't check the file content, which makes it easier to rename a script to "whatever.jpg", and then execute it remotely.

 

If the content type returns as something you don't want, you simply don't save the file.

[jonniejoejonson]

Thanks guys,

 

Do you think that the following is enough protection when allowing people to copy ONLY jpeg or giff images from a server to your server?

 

$contentType=mime_content_type($urlImage);

 

if($contentType=='image/gif'||$contentType=='image/jpeg'){

copy($urlImage,"../images/".$saveImg)or die ('Could not copy'); }

else

{exit();}

 

 

thanks J.