Page 1 of 1
PHP Browser Compatibility Issues expert advice appreciated..
Posted: Tue Dec 15, 2009 9:20 pm
by scarface222
Hey guys I am in the final stages of testing my site before I release a beta and was just wondering if any of you guys new what is up. I am testing on a local WAMP server on my laptop and I get problems with uploading files. For example, in Opera everything is fine but in Internet Explorer or Google Chrome I get file type error when I do these checks.
Code: Select all
$types_array = array('image/gif','image/jpeg','image/x-png', 'image/jpg');
if(!in_array($_FILES['file']['type'], $types_array))
{
echo"<script>
alert(\"That file type is not allowed!\");
</script>";
return;
}
Why would php function in different browsers if it is a server-side language? Is it because I am using a localserver?
Any advice is greatly appreciated. Thank you in advance.
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Tue Dec 15, 2009 9:39 pm
by requinix
You can never rely on $_FILES[]["type"]. Find out the file type by yourself.
For images, a call to
getimagesize can tell you (a) whether it's an image, and (b) what type of image it is.
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Tue Dec 15, 2009 10:51 pm
by scarface222
thanks man what about for an mp3 though, because I used the same method? It seems to work but is there a better way or only for images?
Code: Select all
$types_array = array('audio/mpeg','audio/mpeg3','audio/mpg','audio/mp3');
if(!in_array($_FILES['file']['type'], $types_array))
{
echo"<script>
alert(\"This is not an mp3!\");
</script>";
return;
}
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Tue Dec 15, 2009 11:16 pm
by requinix
The problem applies to all file types, really. The file type is provided by the browser and that means it can be forged by a malicious user. That, and not all browsers on all operating systems (cough IE and Windows) know the right MIME type for a file.
Audio files are harder to check. Take MP3s: they can start with an ID3 tag, but lots of audio files can begin with that - one does not imply the other.
I don't know any tricks to verifying an MP3 file - or any audio file, for that matter. For those you might just want to check the file extension. Yes, that can be faked too, but for most people the file extension dictates how it's handled: an executable with a .mp3 will still try to be played as an audio file.
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Tue Dec 15, 2009 11:25 pm
by scarface222
Thanks for your help man I appreciate it. I will figure something out, I found a good article with respect to file uploads. One of the main ideas was storing files outside of the web root. Thanks for the advice.
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 3:49 am
by Eran
If you can install extensions on your server, the fileinfo extension is the best solution for recognizing file types -
http://php.net/manual/en/book.fileinfo.php
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 10:18 am
by scarface222
Yeah I can, I needed to for php apc so I am going to start with a virtual private server but I did not know of a file info function, thanks a lot man that is a good suggestion, appreciate it.
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 3:05 pm
by scarface222
Hey I did some more reading on the function and there is pretty limited documentation of using the function for upload verification. I was wondering if maybe you could give an example of testing if a file is an image or mp3? As far as I understand the function outputs the file type but how can you use php to verify that is the one you want? Thanks again.
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 3:30 pm
by Eran
As far as I understand the function outputs the file type
What more do you need to verify that it's the type you want? I'm not sure what is the question here. It should be a similar check to what you were doing at the beginning, only it's much more reliable than $_FILES[]["type"]
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 3:49 pm
by AbraCadaver
You need to use the 'tmp_name' to test the actual file;
Code: Select all
$finfo = finfo_open(FILEINFO_MIME_TYPE);
if(!in_array(finfo_file($finfo, $_FILES['file']['tmp_name']), $types_array)) {
// error
}
finfo_close($finfo);
Although if you're on linux maybe:
Code: Select all
$type = exec('file -bi ' . $_FILES['file']['tmp_name']);
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 4:33 pm
by scarface222
Thanks for your reply man, I just have some quick questions
1. on the line finfo_open(FILEINFO_MIME_TYPE); what is 'FILEINFO_MIME_TYPE' represent? In documentation it says 'resource $finfo'?
2. Also the $types_array, is it just the desired array of file types such as image/gif that I designate?
3. Finally correct me if I am wrong, but in your example the code will check the file against the types array using finfo and if it does not match can echo the error?
Thanks a lot man for your assistance, it is too bad there isn't more documentation on the function.
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 5:30 pm
by AbraCadaver
1. finfo_open() returns a resource, but the first arg is a constant from here:
http://us2.php.net/manual/en/fileinfo.constants.php that tells it what you want. The resource is the first arg for finfo_file().
2. Yes
3. Yes
Re: PHP Browser Compatibility Issues expert advice appreciated..
Posted: Wed Dec 16, 2009 6:18 pm
by scarface222
Thanks a lot man, appreciate it. PS toy story is a sick movie.