Page 1 of 1
file upload script questions
Posted: Fri Oct 03, 2003 11:52 am
by webgodjj
I am using a script to upload files in my code. There are two stumbling blocks I need to solve:
1. mime types. I am trying to only allow jpegs be uploaded. However, there seem to be more than one (3) mime types for jpegs. I want to know what they are and how to add them in.
2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.
also, is this the best way to handle file uploads?
Code: Select all
if (!empty($_FILES['Menu_pict']['name'])) {
if ($_FILES['Menu_pict']['type'] == "image/jpeg")
{
copy ($_FILES['Menu_pict']['tmp_name'], "../images/food/".$_FILES['Menu_pict']['name'])
or die ("Could not copy");
echo "<B>Name:</B> ".$_FILES['Menu_pict']['name']." ";
echo "<B>Size:</B> ".$_FILES['Menu_pict']['size']." ";
echo "<B>Type:</B> ".$_FILES['Menu_pict']['type']." ";
echo "<FONT COLOR="CC0000">Copy Done....</FONT>";
}
else
{
echo "<br><br>";
echo "Could Not Copy, Wrong Filetype (".$_FILES['Menu_pict']['name'].")<br>";
echo ($_FILES['Menu_pict']['name']) ."<BR>";
}
}
// End File Upload
Re: file upload script questions
Posted: Fri Oct 03, 2003 1:30 pm
by delorian
webgodjj wrote:
1. mime types. I am trying to only allow jpegs be uploaded. However, there seem to be more than one (3) mime types for jpegs. I want to know what they are and how to add them in.
There can be also image/jpg and image/pjpeg, of course someone could make his own jpeg MIME like, e.g. x-image/x-jpg, but yours and mine two should be enough. As for the script:
Code: Select all
if (($_FILES['Menu_pict']['type'] == "image/jpeg") || ($_FILES['Menu_pict']['type'] == "image/jpg") || ($_FILES['Menu_pict']['type'] == "image/pjpeg"))
webgodjj wrote:
2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.
After the above if condition you may use something like this:
Code: Select all
if (($_FILES['Menu_pict']['size'] < 150*1024))
webgodjj wrote:
also, is this the best way to handle file uploads?
No, it isn't the best, as a matter of fact, there is no "the best" way.
But here's the "full" version:
Code: Select all
if (!empty($_FILES['Menu_pict']['name'])) {
if (($_FILES['Menu_pict']['type'] == "image/jpeg") || ($_FILES['Menu_pict']['type'] == "image/jpg") || ($_FILES['Menu_pict']['type'] == "image/pjpeg"))
{
if (($_FILES['Menu_pict']['size'] < 150*1024)) {
copy ($_FILES['Menu_pict']['tmp_name'], "../images/food/".$_FILES['Menu_pict']['name'])
or die ("Could not copy");
echo "<B>Name:</B> ".$_FILES['Menu_pict']['name']." ";
echo "<B>Size:</B> ".$_FILES['Menu_pict']['size']." ";
echo "<B>Type:</B> ".$_FILES['Menu_pict']['type']." ";
echo "<FONT COLOR="CC0000">Copy Done....</FONT>";
} else { echo "The picture it's to heavy "; }
}
else
{
echo "<br><br>";
echo "Could Not Copy, Wrong Filetype (".$_FILES['Menu_pict']['name'].")<br>";
echo ($_FILES['Menu_pict']['name']) ."<BR>";
}
}
// End File Upload
Re: file upload script questions
Posted: Fri Oct 03, 2003 1:33 pm
by scorphus
At the moment I can answer to your second question:
webgodjj wrote:2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.
You can limit the file size in the <form>.
upload.php:
Code: Select all
<html>
<body>
<form enctype="multipart/form-data" action="upload2.php" method="post">
<input type="hidden" name="MAX_FILE_SIZE" value="153600">
File: <input type="file" name="userfile">
<input type="submit" name="submit" value="Upload">
</form>
</body>
</html>
Why 153600? The MAX_FILE_SIZE is in bytes, 1 K = 1024 bytes and 153 x 1024 = 153600.
upload2.php:
Code: Select all
<?
$errCode = array(
'No error',
'Exceeds max file-size specified in php.ini',
'Exceeds max file-size specified in the form',
'File incompletely sent',
'No file was sent'
);
echo "<html><body>";
$upload_dir = '/var/www/uploads/';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $upload_dir.$_FILES['userfile']['name']))
echo '<br>File uploaded!<br>';
else {
echo '<br>Error uploading file:<br>';
echo $errCode[$_FILES['userfile']['error']];
}
echo '<pre>';
echo `ls -la /var/www/uploads/`;
print_r($_FILES);
print_r($errCode);
echo '</pre>';
echo '</body></html>';
?>
Sorry, I can't get this script to work right now so I could place an output here, I've got a rootkit on my Linux box last night.
You can see the various
error codes (0 to 4) that are stored in $_FILES['userfile']['error'].
Take the time to read the [url=
http://www.php.net/features.file-upload]Handling file uploads[url] section of the PHP Manual.
I will try to clarify my ideas to help you with your first question.
Regards,
Scorphus.
Re: file upload script questions
Posted: Fri Oct 03, 2003 1:50 pm
by delorian
scorphus wrote:At the moment I can answer to your second question:
webgodjj wrote:2. Size. I would like to restrict the size of the file to be <150k. I see that there is a size variable in this script. However, i dont' know where to insert the test of size.
You can limit the file size in the <form>.
Yes, that's right, but you should check the file size in your script also, because someone could write a form on his private computer and send some BIG jpeg to your script easily, and that's not good.

Posted: Fri Oct 03, 2003 2:02 pm
by scorphus
Very nice recommendation/advice. Perhaps because I've being always checking the referer for preventing this kind of things, I even thought about this. Thanks delorian.
Have a nice day,
Scorphus.