Problems with file upload

[webmanUK]

Hi all,

 

I need help with the following bit of code:

 

//Сheck that we have a file
if((!empty($_FILES["uploaded_file"])) && ($_FILES["uploaded_file"]["error"] == 0)) {
  //Check if the file is one of the accepted file formats and is less than 200MB or 209715200 bytes - 50MB would be 52428800 bytes
  $filename = basename($_FILES["uploaded_file"]["name"]);
  $ext = substr($filename, strrpos($filename, '.') + 1);
  if (($ext == "wav") && ($_FILES["uploaded_file"]["type"] == "audio/wav") || 
      ($ext == "avi") && ($_FILES["uploaded_file"]["type"] == "video/avi") || 
  ($ext == "mpg") && ($_FILES["uploaded_file"]["type"] == "audio/mpeg") || 
  ($ext == "mpg") && ($_FILES["uploaded_file"]["type"] == "video/mpeg") || 
  ($ext == "wma") && ($_FILES["uploaded_file"]["type"] == "audio/x-ms-wma") || 
  ($ext == "mp3") && ($_FILES["uploaded_file"]["type"] == "audio/mpeg") && ($_FILES["uploaded_file"]["size"] < 52428800)) 
  {
    //Determine the path to which we want to save this file
      $newname = dirname(__FILE__).'/uploaded-files/'.$filename;
      //Check if the file with the same name is already exists on the server
      if (!file_exists($newname)) {
        //Attempt to move the uploaded file to it's new place
        if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) {
        
	    //send email

	} else {
           echo "<h2>Error</h2><p>A problem occurred during file upload.</p><p><a href='javascript:history.go(-1)' onMouseOver='self.status=document.referrer;return true'>Use this link to return to the previous page</a> or use your browsers 'Back' button.</p>";
        }
      } else {
         echo "<h2>Error</h2><p>File ".$_FILES["uploaded_file"]["name"]." already exists. Please check you have selected the correct file.</p><p><a href='javascript:history.go(-1)' onMouseOver='self.status=document.referrer;return true'>Use this link to return to the previous page</a> or use your browsers 'Back' button.</p>";
      }
  } else {
     echo "<h2>Error</h2><p>Only .mp3, .wav, .wma, .mpg and .avi files under 50MB are accepted for upload.</p><p><a href='javascript:history.go(-1)' onMouseOver='self.status=document.referrer;return true'>Use this link to return to the previous page</a> or use your browsers 'Back' button.</p>";
  }
} else {
echo "<h2>Error</h2><p>No file selected for upload. Please try again.</p><p><a href='javascript:history.go(-1)' onMouseOver='self.status=document.referrer;return true'>Use this link to return to the previous page</a> or use your browsers 'Back' button.</p>";
}
} else {
echo "<h2>Error</h2><p>The email address entered is not valid. Please check and try again.</p><p><a href='javascript:history.go(-1)' onMouseOver='self.status=document.referrer;return true'>Use this link to return to the previous page</a> or use your browsers 'Back' button.</p>>";
}

 

When I test it and try to upload one of the specified file types it tells me I'm trying to upload the wrong file types.

 

Also to be honest I'm a bit concerned about security.

 

Can anyone offer advice as it's driving me crazy as I'm sure at one point it was working fine!

 

Thanks

 

[webmanUK]

Hi All, anyone have any thoughts?

[cooldude832]

don't use the raw file extension to determine its validness the $_FILES['uploadname']['type'] is sufficient.

 

If you want to make sure its really what it is you can try and read some of the file in a manner that a normal file be read i.e load an image into GD and return some size data on it.  If it can do that then you know it is valid.

 

Also make sure your type are correct via trying

<?php
print_r($_FILES);
?>

and see what valid file types are

[webmanUK]

Thanks cooldude,

 

Works fine except for mp3 files. Hmmm.

 

Cheers

[cooldude832]

you have audio/mpg shouldn't it be audio/mp3 ???

[webmanUK]

Yes good point. But just tried it and still doesn't work