Page 1 of 1

quick mp3 upload script problem

Posted: Mon Oct 05, 2009 9:23 pm
by scarface222
Hey guys, quick problem, I have this upload script and when I choose to upload an mp3 it just echos 'Please upload a mp3 file!' even if it is one. The other functions seem fine. Could this be a problem with the form? The input is part of a large form.

Code: Select all

if ($_FILES['file']['name'] != "") {
if (($_FILES['file']['type'] == "audio/mpeg") || ($_FILES['file']['type'] == "application/force-download")) {
if ($_FILES["file"]["size"] < 4097152) {
move_uploaded_file($_FILES["file"]["tmp_name"], "usercontent/$user/audio/" . $_FILES["file"]["name"]);
echo "File has been stored in your uploads directory.";}
else { echo "Please upload a file that is under 4 mb!";return;}
} else {
echo "Please upload a mp3 file!";
return;
exit;}
} else { echo "Please enter a file.";return;}
form: mp3 input
<form name="titleform" action="" method="POST" enctype="multipart/form-data">
<input type="file" name="file" size="40" />
</form>

Re: quick mp3 upload script problem

Posted: Mon Oct 05, 2009 9:45 pm
by requinix
You can't trust $_FILES['file']['type'] to give the right MIME type for a file. It's best to check the type yourself.

Since MP3 files are tricky to identify you might consider just checking the file extension.

Re: quick mp3 upload script problem

Posted: Mon Oct 05, 2009 9:48 pm
by jmaker

Code: Select all

 
if(substr($file, -4) == ".mp3")
  // do something
 

Re: quick mp3 upload script problem

Posted: Mon Oct 05, 2009 10:00 pm
by scarface222
thanks guys like jmaker suggested? Is there a better way to check if the file is mp3 than just checking extension. What if someone changes extension and uploads a virus.

Re: quick mp3 upload script problem

Posted: Mon Oct 05, 2009 10:42 pm
by jmaker
Hmm, not sure.

You might want to look into the fileinfo functions.

http://us3.php.net/manual/en/ref.fileinfo.php