Can not upload file, please help.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Can not upload file, please help.

Post by ljCharlie »

Why is this not working?

Code: Select all

if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file was wrong image-type');
	}
I kept getting the file was wrong image-type. I tried to upload a .jpeg file.

By the way, can anyone point me to an explanation on the use of this ^, $ or (?<=x).

ljCharlie
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Here is the full code.

Code: Select all

<?php
$uploaddir = '/www/home/alumni/images/gallery/';
$uploadfile = $uploaddir . $HTTP_POST_FILES['userfile']['name'];
$fileName = $HTTP_POST_FILES['userfile']['name'];

if(!is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])){
	die('Hacking Attempt!');
	}
list($width, $height, $type, $size) = getimagesize($HTTP_POST_FILES['userfile']['tmp_name']);
echo "Size: ".$size."<br>";
if($size == false){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file wasn''t an image');
	}
echo "Explode: ".explode('/',$size['type']);
list(,$type) = explode('/',$size['type']);

if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file was wrong image-type');
	}
if (move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'], $uploadfile)) {
   	print "File is valid, and was successfully uploaded.<br>";
	list($width, $height, $type, $attr) = getimagesize("/www/home/alumni/images/gallery/".$fileName);

   print "Here's some more debugging info:\n";
   print_r($HTTP_POST_FILES);
} else {
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($HTTP_POST_FILES);
}
print "</pre>";
?>
If I delete this part:

Code: Select all

if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file was wrong image-type');
	}
then it works.

ljCharlie
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Have you tried to echo the value of the file type? As if you have you may notice that it doesnt hold just "gif" or "png" but "image/gif" and "image-xpng" etc.
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Many thanks for the response. You mean this:

Code: Select all

echo "<br>Type: ".$type."<br>";
I got nothing when I tried that. If that's not what you mean, will you show me?

ljCharlie
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Code: Select all

echo $HTTP_POST_FILES['userfile']['type'];
you should also think about not using regex but instead hold the allowed image types in an array and then do a inarray() check instead - might make things easier for you.
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

I got this image/jpeg when do this

Code: Select all

echo $HTTP_POST_FILES['userfile']['type'];
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

By the way, what do yoou mean by not using regex?
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

By using something like this instead:

Code: Select all

$allowed = array('image/gif', 'image/jpeg');
if(in_array($HTTP_POST_FILES['userfile']['type'], $allowed)){
//allowed
}else{
//not allowed
}
(Edit: corrected inarray() to in_array())
Last edited by kettle_drum on Wed Oct 27, 2004 3:05 pm, edited 1 time in total.
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

Well, that certainly makes more sense. However, do I have to manually declare inarray function? I got an error saying Fatal error: Call to undefined function: inarray().
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

Im sorry i made a mistake its missing the underscore:

Code: Select all

in_array();
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

well, if you consult the manual for inarray thus -> http://www.php.net/inarray you get a list with relevant thingies -> and the 2nd is the function in_array ;)
ljCharlie
Forum Contributor
Posts: 289
Joined: Wed May 19, 2004 8:23 am

Post by ljCharlie »

You guys are AWSOME! It works!

Many thanks for the help.

ljCharlie
kettle_drum
DevNet Resident
Posts: 1150
Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England

Post by kettle_drum »

No problem. Just remember next time that you can code the same thing in php in many different ways. So when you get stuck going down one road, back up and try taking a different route.
Post Reply