PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Hey guys I am in the final stages of testing my site before I release a beta and was just wondering if any of you guys new what is up. I am testing on a local WAMP server on my laptop and I get problems with uploading files. For example, in Opera everything is fine but in Internet Explorer or Google Chrome I get file type error when I do these checks.
$types_array = array('audio/mpeg','audio/mpeg3','audio/mpg','audio/mp3');
if(!in_array($_FILES['file']['type'], $types_array))
{
echo"<script>
alert(\"This is not an mp3!\");
</script>";
return;
}
The problem applies to all file types, really. The file type is provided by the browser and that means it can be forged by a malicious user. That, and not all browsers on all operating systems (cough IE and Windows) know the right MIME type for a file.
Audio files are harder to check. Take MP3s: they can start with an ID3 tag, but lots of audio files can begin with that - one does not imply the other.
I don't know any tricks to verifying an MP3 file - or any audio file, for that matter. For those you might just want to check the file extension. Yes, that can be faked too, but for most people the file extension dictates how it's handled: an executable with a .mp3 will still try to be played as an audio file.
Thanks for your help man I appreciate it. I will figure something out, I found a good article with respect to file uploads. One of the main ideas was storing files outside of the web root. Thanks for the advice.
Yeah I can, I needed to for php apc so I am going to start with a virtual private server but I did not know of a file info function, thanks a lot man that is a good suggestion, appreciate it.
Hey I did some more reading on the function and there is pretty limited documentation of using the function for upload verification. I was wondering if maybe you could give an example of testing if a file is an image or mp3? As far as I understand the function outputs the file type but how can you use php to verify that is the one you want? Thanks again.
As far as I understand the function outputs the file type
What more do you need to verify that it's the type you want? I'm not sure what is the question here. It should be a similar check to what you were doing at the beginning, only it's much more reliable than $_FILES[]["type"]
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Thanks for your reply man, I just have some quick questions
1. on the line finfo_open(FILEINFO_MIME_TYPE); what is 'FILEINFO_MIME_TYPE' represent? In documentation it says 'resource $finfo'?
2. Also the $types_array, is it just the desired array of file types such as image/gif that I designate?
3. Finally correct me if I am wrong, but in your example the code will check the file against the types array using finfo and if it does not match can echo the error?
Thanks a lot man for your assistance, it is too bad there isn't more documentation on the function.
1. finfo_open() returns a resource, but the first arg is a constant from here: http://us2.php.net/manual/en/fileinfo.constants.php that tells it what you want. The resource is the first arg for finfo_file().
2. Yes
3. Yes
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.