Posted: Thu Jul 08, 2004 2:48 pm
I tried your exact code and it still uploads .php files :S
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
$file = $_POST['file'];
if(strstr($file,"php"))
{
echo "This file type is not allowed."; //Do not use a variable to hold the error
exit;
}
if ($HTTP_POST_VARS['submit']) {
print_r($HTTP_POST_FILES);
if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
unlink($HTTP_POST_FILES['file']['tmp_name']);
print "File has been successfully uploaded!";
exit;
}
}
}Code: Select all
<?php
include("dbcon/connect_db.inc.php");
$file = $_POST['file'];
if (eregi(".php", $file))
{
echo "This file type is not allowed."; //Do not use a variable to hold the error
exit;
}
if ($HTTP_POST_VARS['submit']) {
print_r($HTTP_POST_FILES);
if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
unlink($HTTP_POST_FILES['file']['tmp_name']);
print "File has been successfully uploaded!";
exit;
}
}
}
?>
<html>
<head></head>
<body>
<form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data">
<?=$error?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>Code: Select all
<?php
include("dbconnection/connect_db.inc.php");
if ($HTTP_POST_VARS['submit']) {
list($filename, $fileext) = split(".", $HTTP_POST_FILES['file']);
print_r($HTTP_POST_FILES);
print_r($fileext);
if (!is_uploaded_file($HTTP_POST_FILES['file']['tmp_name'])) {
$error = "You did not upload a file!";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//a file was uploaded
$maxfilesize=3000000;
if ($fileext == "php")
{
$error = "This file type is not allowed.";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['size'] > $maxfilesize) {
$error = "This file is too large";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} elseif ($HTTP_POST_FILES['file']['type'] != "text/plain") {
$error = "This file type is not allowed";
unlink($HTTP_POST_FILES['file']['tmp_name']);
// assign error message, remove uploaded file, redisplay form.
} else {
//File has passed all validation, copy it to the final destination and remove the temporary file:
copy($HTTP_POST_FILES['file']['tmp_name'],"faqs/".$HTTP_POST_FILES['file']['name']);
unlink($HTTP_POST_FILES['file']['tmp_name']);
print "File has been successfully uploaded!";
print "$filename";
print "$fileext";
exit;
}
}
}
?>
<html>
<head></head>
<body>
<form action="<?=$PHP_SELF?>" method="post" enctype="multipart/form-data">
<?=$error?>
<br><br>
Choose a file to upload:<br>
<input type="file" name="file"><br>
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>