PHP Browser Compatibility Issues expert advice appreciated..

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

PHP Browser Compatibility Issues expert advice appreciated..

Post by scarface222 »

Hey guys I am in the final stages of testing my site before I release a beta and was just wondering if any of you guys new what is up. I am testing on a local WAMP server on my laptop and I get problems with uploading files. For example, in Opera everything is fine but in Internet Explorer or Google Chrome I get file type error when I do these checks.

Code: Select all

$types_array = array('image/gif','image/jpeg','image/x-png', 'image/jpg');
 
if(!in_array($_FILES['file']['type'], $types_array))
{
     echo"<script>
alert(\"That file type is not allowed!\");
</script>";
return;
}
Why would php function in different browsers if it is a server-side language? Is it because I am using a localserver?

Any advice is greatly appreciated. Thank you in advance.
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by requinix »

You can never rely on $_FILES[]["type"]. Find out the file type by yourself.

For images, a call to getimagesize can tell you (a) whether it's an image, and (b) what type of image it is.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by scarface222 »

thanks man what about for an mp3 though, because I used the same method? It seems to work but is there a better way or only for images?

Code: Select all

$types_array = array('audio/mpeg','audio/mpeg3','audio/mpg','audio/mp3');
 
if(!in_array($_FILES['file']['type'], $types_array))
{
     echo"<script>
alert(\"This is not an mp3!\");
</script>";
return;
 
}
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by requinix »

The problem applies to all file types, really. The file type is provided by the browser and that means it can be forged by a malicious user. That, and not all browsers on all operating systems (cough IE and Windows) know the right MIME type for a file.

Audio files are harder to check. Take MP3s: they can start with an ID3 tag, but lots of audio files can begin with that - one does not imply the other.

I don't know any tricks to verifying an MP3 file - or any audio file, for that matter. For those you might just want to check the file extension. Yes, that can be faked too, but for most people the file extension dictates how it's handled: an executable with a .mp3 will still try to be played as an audio file.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by scarface222 »

Thanks for your help man I appreciate it. I will figure something out, I found a good article with respect to file uploads. One of the main ideas was storing files outside of the web root. Thanks for the advice.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by Eran »

If you can install extensions on your server, the fileinfo extension is the best solution for recognizing file types - http://php.net/manual/en/book.fileinfo.php
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by scarface222 »

Yeah I can, I needed to for php apc so I am going to start with a virtual private server but I did not know of a file info function, thanks a lot man that is a good suggestion, appreciate it.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by scarface222 »

Hey I did some more reading on the function and there is pretty limited documentation of using the function for upload verification. I was wondering if maybe you could give an example of testing if a file is an image or mp3? As far as I understand the function outputs the file type but how can you use php to verify that is the one you want? Thanks again.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by Eran »

As far as I understand the function outputs the file type
What more do you need to verify that it's the type you want? I'm not sure what is the question here. It should be a similar check to what you were doing at the beginning, only it's much more reliable than $_FILES[]["type"]
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by AbraCadaver »

You need to use the 'tmp_name' to test the actual file;

Code: Select all

$finfo = finfo_open(FILEINFO_MIME_TYPE);
if(!in_array(finfo_file($finfo, $_FILES['file']['tmp_name']), $types_array)) {
    // error
}
finfo_close($finfo);
 
Although if you're on linux maybe:
 

Code: Select all

$type = exec('file -bi ' . $_FILES['file']['tmp_name']); 
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by scarface222 »

Thanks for your reply man, I just have some quick questions

1. on the line finfo_open(FILEINFO_MIME_TYPE); what is 'FILEINFO_MIME_TYPE' represent? In documentation it says 'resource $finfo'?

2. Also the $types_array, is it just the desired array of file types such as image/gif that I designate?

3. Finally correct me if I am wrong, but in your example the code will check the file against the types array using finfo and if it does not match can echo the error?

Thanks a lot man for your assistance, it is too bad there isn't more documentation on the function.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by AbraCadaver »

1. finfo_open() returns a resource, but the first arg is a constant from here: http://us2.php.net/manual/en/fileinfo.constants.php that tells it what you want. The resource is the first arg for finfo_file().
2. Yes
3. Yes
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
scarface222
Forum Contributor
Posts: 354
Joined: Thu Mar 26, 2009 8:16 pm

Re: PHP Browser Compatibility Issues expert advice appreciated..

Post by scarface222 »

Thanks a lot man, appreciate it. PS toy story is a sick movie.
Post Reply