prevent anything except images from being uploaded

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
cjkeane
Forum Contributor
Posts: 217
Joined: Fri Jun 11, 2010 1:17 pm

prevent anything except images from being uploaded

Post by cjkeane »

Hi.
I'm using this script to allow image uploads, but even though there are error messages at the end of the script, they don't display. Any type of file can still be uploaded. Any help would be appreciated. Files do get uploaded, but I need only images to be uploaded. thanks.

Code: Select all

/* Function to change profile picture */
function changeProfilePic() {
	$post = isset($_POST) ? $_POST: array();
	$max_width = "500"; 
	//$userId = isset($post['hdn-profile-id']) ? intval($post['hdn-profile-id']) : 0;
	$userId = $_SESSION['user'];
	$path = 'images/profile_pictures/' . $userId;
	$valid_formats = array("jpg", "png", "gif", "jpeg, JPEG, PNG, GIF ");
	$name = $_FILES['profile-pic']['name'];
	$size = $_FILES['profile-pic']['size'];
	if(strlen($name)) {
		list($txt, $ext) = explode(".", $name);
		if(in_array($ext,$valid_formats)) {
			if($size<(1024*1024)) {
				$actual_image_name = 'avatar' .'_'.$userId .'.'.$ext;
				$filePath = $path .'/'.$actual_image_name;
				$tmp = $_FILES['profile-pic']['tmp_name'];
				if (!is_dir($path)) {
					mkdir($path, 0777, true);
				}
				if(move_uploaded_file($tmp, $filePath)) {
					$width = getWidth($filePath);
					$height = getHeight($filePath);
					//Scale the image if it is greater than the width set above
					if ($width > $max_width){
						$scale = $max_width/$width;
						$uploaded = resizeImage($filePath,$width,$height,$scale, $ext);
					} else {
						$scale = 1;
						$uploaded = resizeImage($filePath,$width,$height,$scale, $ext);
					}					
					echo "<img id='photo' file-name='".$actual_image_name."' class='' src='".$filePath.'?'.time()."' class='preview'/>";
				}
				else
				echo "failed";
			}
			else
			echo "Image file size max 1 MB"; 
		}
		else
		echo "Invalid file format.."; 
	}
	else
	echo "Please select image..!";
	exit;
}
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: prevent anything except images from being uploaded

Post by Christopher »

Your code should work. Which if the error message are you getting? Is the a call to move_uploaded_file() somewhere else?

You might want to check the acutal mime type of the temp file instead of extensions. Here is code from the PHP manual page ()

Code: Select all

    $finfo = new finfo(FILEINFO_MIME_TYPE);
    $ext = array_search(
        $finfo->file($_FILES['upfile']['tmp_name']),
        array(
            'jpg' => 'image/jpeg',
            'png' => 'image/png',
            'gif' => 'image/gif',
        ),
        true
        ));
    if (false === $ext} {
    }
PS - I wound not recommend using exit; inside a funtion
(#10850)
cjkeane
Forum Contributor
Posts: 217
Joined: Fri Jun 11, 2010 1:17 pm

Re: prevent anything except images from being uploaded

Post by cjkeane »

Yes I was thinking of checking mimetypes instead of just the extensions.
I'm not receiving any error message, it allows the upload of a txt file and/or any other file.
I'll change the code to include the mimetype array as you suggest and see if it helps. thanks.
why is exit not recommended inside a function?
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: prevent anything except images from being uploaded

Post by Christopher »

Have you checked the value in $ext? Why is this line succeeding:

Code: Select all

    if(in_array($ext,$valid_formats)) {
(#10850)
Post Reply