PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
ljCharlie
Forum Contributor
Posts: 289 Joined: Wed May 19, 2004 8:23 am
Post
by ljCharlie » Wed Oct 27, 2004 12:37 pm
Why is this not working?
Code: Select all
if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
unlink($HTTP_POST_FILES['userfile']['tmp_name']);
die('file was wrong image-type');
}
I kept getting the
file was wrong image-type . I tried to upload a .jpeg file.
By the way, can anyone point me to an explanation on the use of this
^, $ or (?<=x) .
ljCharlie
ljCharlie
Forum Contributor
Posts: 289 Joined: Wed May 19, 2004 8:23 am
Post
by ljCharlie » Wed Oct 27, 2004 1:04 pm
Here is the full code.
Code: Select all
<?php
$uploaddir = '/www/home/alumni/images/gallery/';
$uploadfile = $uploaddir . $HTTP_POST_FILES['userfile']['name'];
$fileName = $HTTP_POST_FILES['userfile']['name'];
if(!is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])){
die('Hacking Attempt!');
}
list($width, $height, $type, $size) = getimagesize($HTTP_POST_FILES['userfile']['tmp_name']);
echo "Size: ".$size."<br>";
if($size == false){
unlink($HTTP_POST_FILES['userfile']['tmp_name']);
die('file wasn''t an image');
}
echo "Explode: ".explode('/',$size['type']);
list(,$type) = explode('/',$size['type']);
if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
unlink($HTTP_POST_FILES['userfile']['tmp_name']);
die('file was wrong image-type');
}
if (move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'], $uploadfile)) {
print "File is valid, and was successfully uploaded.<br>";
list($width, $height, $type, $attr) = getimagesize("/www/home/alumni/images/gallery/".$fileName);
print "Here's some more debugging info:\n";
print_r($HTTP_POST_FILES);
} else {
print "Possible file upload attack! Here's some debugging info:\n";
print_r($HTTP_POST_FILES);
}
print "</pre>";
?>
If I delete this part:
Code: Select all
if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
unlink($HTTP_POST_FILES['userfile']['tmp_name']);
die('file was wrong image-type');
} then it works.
ljCharlie
kettle_drum
DevNet Resident
Posts: 1150 Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England
Post
by kettle_drum » Wed Oct 27, 2004 1:58 pm
Have you tried to echo the value of the file type? As if you have you may notice that it doesnt hold just "gif" or "png" but "image/gif" and "image-xpng" etc.
ljCharlie
Forum Contributor
Posts: 289 Joined: Wed May 19, 2004 8:23 am
Post
by ljCharlie » Wed Oct 27, 2004 2:06 pm
Many thanks for the response. You mean this:
I got nothing when I tried that. If that's not what you mean, will you show me?
ljCharlie
kettle_drum
DevNet Resident
Posts: 1150 Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England
Post
by kettle_drum » Wed Oct 27, 2004 2:34 pm
Code: Select all
echo $HTTP_POST_FILES['userfile']['type'];
you should also think about not using regex but instead hold the allowed image types in an array and then do a inarray() check instead - might make things easier for you.
ljCharlie
Forum Contributor
Posts: 289 Joined: Wed May 19, 2004 8:23 am
Post
by ljCharlie » Wed Oct 27, 2004 2:40 pm
I got this
image/jpeg when do this
Code: Select all
echo $HTTP_POST_FILES['userfile']['type'];
ljCharlie
Forum Contributor
Posts: 289 Joined: Wed May 19, 2004 8:23 am
Post
by ljCharlie » Wed Oct 27, 2004 2:42 pm
By the way, what do yoou mean by not using regex?
kettle_drum
DevNet Resident
Posts: 1150 Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England
Post
by kettle_drum » Wed Oct 27, 2004 2:49 pm
By using something like this instead:
Code: Select all
$allowed = array('image/gif', 'image/jpeg');
if(in_array($HTTP_POST_FILES['userfile']['type'], $allowed)){
//allowed
}else{
//not allowed
}
(Edit: corrected inarray() to in_array())
Last edited by
kettle_drum on Wed Oct 27, 2004 3:05 pm, edited 1 time in total.
ljCharlie
Forum Contributor
Posts: 289 Joined: Wed May 19, 2004 8:23 am
Post
by ljCharlie » Wed Oct 27, 2004 3:01 pm
Well, that certainly makes more sense. However, do I have to manually declare inarray function? I got an error saying Fatal error: Call to undefined function: inarray() .
kettle_drum
DevNet Resident
Posts: 1150 Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England
Post
by kettle_drum » Wed Oct 27, 2004 3:04 pm
Im sorry i made a mistake its missing the underscore:
timvw
DevNet Master
Posts: 4897 Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium
Post
by timvw » Wed Oct 27, 2004 3:04 pm
well, if you consult the manual for inarray thus ->
http://www.php.net/inarray you get a list with relevant thingies -> and the 2nd is the function in_array
ljCharlie
Forum Contributor
Posts: 289 Joined: Wed May 19, 2004 8:23 am
Post
by ljCharlie » Wed Oct 27, 2004 3:23 pm
You guys are AWSOME! It works!
Many thanks for the help.
ljCharlie
kettle_drum
DevNet Resident
Posts: 1150 Joined: Sun Jul 20, 2003 9:25 pm
Location: West Yorkshire, England
Post
by kettle_drum » Wed Oct 27, 2004 3:34 pm
No problem. Just remember next time that you can code the same thing in php in many different ways. So when you get stuck going down one road, back up and try taking a different route.