file upload script questions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
webgodjj
Forum Newbie
Posts: 2
Joined: Fri Oct 03, 2003 11:52 am

file upload script questions

Post by webgodjj »

I am using a script to upload files in my code. There are two stumbling blocks I need to solve:

1. mime types. I am trying to only allow jpegs be uploaded. However, there seem to be more than one (3) mime types for jpegs. I want to know what they are and how to add them in.

2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.

also, is this the best way to handle file uploads?

Code: Select all

if (!empty($_FILES['Menu_pict']['name'])) {
	if ($_FILES['Menu_pict']['type'] == "image/jpeg")
		{
		copy ($_FILES['Menu_pict']['tmp_name'], "../images/food/".$_FILES['Menu_pict']['name']) 
		or die ("Could not copy");

		echo "<B>Name:</B> ".$_FILES['Menu_pict']['name']." ";
		echo "<B>Size:</B> ".$_FILES['Menu_pict']['size']." ";
		echo "<B>Type:</B> ".$_FILES['Menu_pict']['type']." ";
		echo "<FONT COLOR="CC0000">Copy Done....</FONT>";
    }
	else
    {
		echo "<br><br>";
		echo "Could Not Copy, Wrong Filetype (".$_FILES['Menu_pict']['name'].")<br>";
		echo ($_FILES['Menu_pict']['name']) ."<BR>";
    }
}
// End File Upload
User avatar
delorian
Forum Contributor
Posts: 223
Joined: Sun May 04, 2003 5:20 pm
Location: Olsztyn, Poland

Re: file upload script questions

Post by delorian »

webgodjj wrote: 1. mime types. I am trying to only allow jpegs be uploaded. However, there seem to be more than one (3) mime types for jpegs. I want to know what they are and how to add them in.
There can be also image/jpg and image/pjpeg, of course someone could make his own jpeg MIME like, e.g. x-image/x-jpg, but yours and mine two should be enough. As for the script:

Code: Select all

if (($_FILES['Menu_pict']['type'] == "image/jpeg") || ($_FILES['Menu_pict']['type'] == "image/jpg") || ($_FILES['Menu_pict']['type'] == "image/pjpeg"))
webgodjj wrote: 2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.
After the above if condition you may use something like this:

Code: Select all

if (($_FILES['Menu_pict']['size'] < 150*1024))
webgodjj wrote: also, is this the best way to handle file uploads?
No, it isn't the best, as a matter of fact, there is no "the best" way. ;)

But here's the "full" version:

Code: Select all

if (!empty($_FILES['Menu_pict']['name'])) {
	if (($_FILES['Menu_pict']['type'] == "image/jpeg") || ($_FILES['Menu_pict']['type'] == "image/jpg") || ($_FILES['Menu_pict']['type'] == "image/pjpeg"))
		{
 if (($_FILES['Menu_pict']['size'] < 150*1024)) {
		copy ($_FILES['Menu_pict']['tmp_name'], "../images/food/".$_FILES['Menu_pict']['name']) 
		or die ("Could not copy");

		echo "<B>Name:</B> ".$_FILES['Menu_pict']['name']." ";
		echo "<B>Size:</B> ".$_FILES['Menu_pict']['size']." ";
		echo "<B>Type:</B> ".$_FILES['Menu_pict']['type']." ";
		echo "<FONT COLOR="CC0000">Copy Done....</FONT>";
 } else { echo "The picture it's to heavy "; }
    }
	else
    {
		echo "<br><br>";
		echo "Could Not Copy, Wrong Filetype (".$_FILES['Menu_pict']['name'].")<br>";
		echo ($_FILES['Menu_pict']['name']) ."<BR>";
    }
}
// End File Upload
User avatar
scorphus
Forum Regular
Posts: 589
Joined: Fri May 09, 2003 11:53 pm
Location: Belo Horizonte, Brazil
Contact:

Re: file upload script questions

Post by scorphus »

At the moment I can answer to your second question:
webgodjj wrote:2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.
You can limit the file size in the <form>.

upload.php:

Code: Select all

<html>
<body>
<form enctype="multipart/form-data" action="upload2.php" method="post">
	<input type="hidden" name="MAX_FILE_SIZE" value="153600">
	File: <input type="file" name="userfile">
	<input type="submit" name="submit" value="Upload">
</form>
</body>
</html>
Why 153600? The MAX_FILE_SIZE is in bytes, 1 K = 1024 bytes and 153 x 1024 = 153600.

upload2.php:

Code: Select all

<?
$errCode = array(
	'No error',
	'Exceeds max file-size specified in php.ini',
	'Exceeds max file-size specified in the form',
	'File incompletely sent',
	'No file was sent'
);
echo "<html><body>";
$upload_dir = '/var/www/uploads/';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir.$_FILES['userfile']['name']))
	echo '<br>File uploaded!<br>';
else {
	echo '<br>Error uploading file:<br>';
	echo $errCode[$_FILES['userfile']['error']];
}
echo '<pre>';
echo `ls -la /var/www/uploads/`;
print_r($_FILES);
print_r($errCode);
echo '</pre>';
echo '</body></html>';
?>
Sorry, I can't get this script to work right now so I could place an output here, I've got a rootkit on my Linux box last night.

You can see the various error codes (0 to 4) that are stored in $_FILES['userfile']['error'].

Take the time to read the [url=http://www.php.net/features.file-upload]Handling file uploads[url] section of the PHP Manual.

I will try to clarify my ideas to help you with your first question.

Regards,
Scorphus.
User avatar
delorian
Forum Contributor
Posts: 223
Joined: Sun May 04, 2003 5:20 pm
Location: Olsztyn, Poland

Re: file upload script questions

Post by delorian »

scorphus wrote:At the moment I can answer to your second question:
webgodjj wrote:2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.
You can limit the file size in the <form>.
Yes, that's right, but you should check the file size in your script also, because someone could write a form on his private computer and send some BIG jpeg to your script easily, and that's not good. :D
User avatar
scorphus
Forum Regular
Posts: 589
Joined: Fri May 09, 2003 11:53 pm
Location: Belo Horizonte, Brazil
Contact:

Post by scorphus »

Very nice recommendation/advice. Perhaps because I've being always checking the referer for preventing this kind of things, I even thought about this. Thanks delorian.

Have a nice day,
Scorphus.
Post Reply