file uploading

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

file uploading

Post by m3rajk »

currently my procedssing uploaded files looks like this:

Code: Select all

<?
    else{ # only bother to process any uploaded files and set the account to being usable if the confcode is right
      $images=array('main'=>'Main picture', 't1'=>'1st Thumbnail', 't2'=>'2nd Thumbnail', 't3'=>'3rd Thumbnail', 't4'=>'4th Thumbnail', 'salute'=>'Salute');
      foreach($images as $key=>$value){
	if($_FILES[$key]['name']){ # if they uploaded a file
	  if($_FILES[$key]['error'] !== (0 || 'UPLOAD_ERR_OK')){ # if there was an error
	    $picerr=TRUE; $warn=TRUE; $error=$_FILES[$key]['error'];
	    $warns[]="Uploading your $value caused an error: $error";
	  }
	  if(153600<$_FILES[$key]['size']){ # make sure it isn't over 150 KB
	    $picerr=TRUE; $warn=TRUE;
	    $warns[]="Your $value was too large. You may not upload a file over 153600 Bytes (150 KB)";
	  }
	  if('image/jpeg'!==$_FILES[$key]['type']){ # only accept jpegs
	    $picerr=TRUE; $warn=TRUE;
	    $warns[]="Your $value was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.";
	  }
	  if(!($picerr)){ # if there wasn't an issue, move to the awaiting approval bin -- humans will check it's ok
	    $un=$_COOKIE['un']; $to='/var/www/html/findyourdesire/unapproved/'.$key.'.'.$un.'.jpg';
	    move_uploaded_file($_FILES[$key]['tmp'], $to);
	    $warns[]="$value was uploaded sucessfully"; # incase something else went wrong
	  }
	}
      }
?>
however, that ALWAYS returns the error on the type. so i know it doesn't return it as 'image/jpeg' like i expected. does anyone knwo how it does denote them? i would prefer to know how it denotes thenm than to have someooone fix the code, because by being told how it denotes them i can avoid this problem in the future
pootergeist
Forum Contributor
Posts: 273
Joined: Thu Feb 27, 2003 7:22 am
Location: UK

Post by pootergeist »

var_dump($_FILES);

would tell you exactly how it returns it, though I would advise another approach

mid-note: move_uploaded_file($_FILES[$key]['tmp'], $to);
is wrong - the index needs to be ['tmp_name'] - anyway change

if('image/jpeg'!==$_FILES[$key]['type']){ # only accept jpegs
$picerr=TRUE; $warn=TRUE;
$warns[]="Your $value was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows.";

to

Code: Select all

$tipe = getimagesize($_FILES[$key]['tmp_name']);
if($tipe[2] !== 2)
 {
/* only accept jpegs */
       $picerr=TRUE; $warn=TRUE;
       $warns[]="Your $value was not a JPEG. JPEG encoded files traditionally end with .jpe, .jpg, and .jpeg on windows."; 
 }
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Re: file uploading

Post by m3rajk »

m3rajk wrote:currently my procedssing uploaded.... does anyone know how it does denote them? i would prefer to know how it denotes them than to have someone fix the code, because by being told how it denotes them i can avoid this problem in the future
so... anyone know of any place with a good write up on $_FILES[][]?
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

ok. i guess there is no write up on $_FILES anywhere... however i did find via a few dif sites that i was going about it the wrong way anyway and there's a much better way to do it.
Galahad
Forum Contributor
Posts: 111
Joined: Fri Jun 14, 2002 5:50 pm

Post by Galahad »

Here is a most informative write up about $_FILES: the php manual on handling uploads.

Note especially what it says about $_FILES['userfile']['type']. It is only available if the browser provides the information. I believe a "image/jpeg" can also be "image/jpg". pootergeist provided what seems to be a nice way around those issues through the use of the getimagesize function. It will look at the actual file and tell you what kind of image it is. Here is a quote from the manual page:
Returns an array with 4 elements. Index 0 contains the width of the image in pixels. Index 1 contains the height. Index 2 is a flag indicating the type of the image: 1 = GIF, 2 = JPG, 3 = PNG, 4 = SWF, 5 = PSD, 6 = BMP, 7 = TIFF(intel byte order), 8 = TIFF(motorola byte order), 9 = JPC, 10 = JP2, 11 = JPX, 12 = JB2, 13 = SWC, 14 = IFF.
So when pootergeist does this:

Code: Select all

if($tipe&#1111;2] !== 2)
it makes sure that the file is a jpg, without relying on the user's browser to provide correct information.

To answer your demand for information on how the mime-types are denoted, pootergeist recommended that you use

Code: Select all

var_dump($_FILES);
to see what the actual value your browser is passing is.

Code: Select all

print_r($_FILES);
would also work. If you want to read more about mime-types, read this page, or if you are on a linux box (I think other *nix and even bsd boxes have the same thing), read "/etc/mime.types" for a list of all the mime types your machine recognizes.

pootergeist answered your question how you wanted it (the var_dump idea) and then went on to recommend how he/she would approach your problem. Relax, pootergeist was trying to be helpful.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

someone else pointed out it's filled in by the browser when it feels like it andi aske dabout parsfile header. got directd to iptcparse which pointed me back to pootergeist's suggestion... the difference between there and how you posted versus how he did is that he gave a corrected version but no explanation. i wanted to know what's going wrong and why so i wont repeat it. as you point out here and was pointed out there, the issue with type in the $_FILES array is 2 fold-- it's only GUESSED at if it's even filled out.

when looking to parse the header i came across getimagesize, which actually helps because i want to tag all recieved pictures in an attempt to deter people taking the pictures from the site. i've noticed that's an issue others sites dealt with by tagging, using the tagging script graciously provided by marco, and knowing the width and height of my tag, i as well as the info prodived by getImageSize, i have not just fixed that, but added a check that now requires the uploaded image be larger than my tag... at least double the height (18 pixels for the tag) and a bit wider (my tag is 123 pixels, i restrict to a min of 130 pixels wide)

with any luck that will make it obvious the picture was altered if someone removes it
Post Reply