Page 1 of 1

Can not upload file, please help.

Posted: Wed Oct 27, 2004 12:37 pm
by ljCharlie
Why is this not working?

Code: Select all

if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file was wrong image-type');
	}
I kept getting the file was wrong image-type. I tried to upload a .jpeg file.

By the way, can anyone point me to an explanation on the use of this ^, $ or (?<=x).

ljCharlie

Posted: Wed Oct 27, 2004 1:04 pm
by ljCharlie
Here is the full code.

Code: Select all

<?php
$uploaddir = '/www/home/alumni/images/gallery/';
$uploadfile = $uploaddir . $HTTP_POST_FILES['userfile']['name'];
$fileName = $HTTP_POST_FILES['userfile']['name'];

if(!is_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'])){
	die('Hacking Attempt!');
	}
list($width, $height, $type, $size) = getimagesize($HTTP_POST_FILES['userfile']['tmp_name']);
echo "Size: ".$size."<br>";
if($size == false){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file wasn''t an image');
	}
echo "Explode: ".explode('/',$size['type']);
list(,$type) = explode('/',$size['type']);

if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file was wrong image-type');
	}
if (move_uploaded_file($HTTP_POST_FILES['userfile']['tmp_name'], $uploadfile)) {
   	print "File is valid, and was successfully uploaded.<br>";
	list($width, $height, $type, $attr) = getimagesize("/www/home/alumni/images/gallery/".$fileName);

   print "Here's some more debugging info:\n";
   print_r($HTTP_POST_FILES);
} else {
   print "Possible file upload attack!  Here's some debugging info:\n";
   print_r($HTTP_POST_FILES);
}
print "</pre>";
?>
If I delete this part:

Code: Select all

if(!preg_match('#^(gif|jpg|jpe?g|png)$#i',$type)){
  	unlink($HTTP_POST_FILES['userfile']['tmp_name']);
  	die('file was wrong image-type');
	}
then it works.

ljCharlie

Posted: Wed Oct 27, 2004 1:58 pm
by kettle_drum
Have you tried to echo the value of the file type? As if you have you may notice that it doesnt hold just "gif" or "png" but "image/gif" and "image-xpng" etc.

Posted: Wed Oct 27, 2004 2:06 pm
by ljCharlie
Many thanks for the response. You mean this:

Code: Select all

echo "<br>Type: ".$type."<br>";
I got nothing when I tried that. If that's not what you mean, will you show me?

ljCharlie

Posted: Wed Oct 27, 2004 2:34 pm
by kettle_drum

Code: Select all

echo $HTTP_POST_FILES['userfile']['type'];
you should also think about not using regex but instead hold the allowed image types in an array and then do a inarray() check instead - might make things easier for you.

Posted: Wed Oct 27, 2004 2:40 pm
by ljCharlie
I got this image/jpeg when do this

Code: Select all

echo $HTTP_POST_FILES['userfile']['type'];

Posted: Wed Oct 27, 2004 2:42 pm
by ljCharlie
By the way, what do yoou mean by not using regex?

Posted: Wed Oct 27, 2004 2:49 pm
by kettle_drum
By using something like this instead:

Code: Select all

$allowed = array('image/gif', 'image/jpeg');
if(in_array($HTTP_POST_FILES['userfile']['type'], $allowed)){
//allowed
}else{
//not allowed
}
(Edit: corrected inarray() to in_array())

Posted: Wed Oct 27, 2004 3:01 pm
by ljCharlie
Well, that certainly makes more sense. However, do I have to manually declare inarray function? I got an error saying Fatal error: Call to undefined function: inarray().

Posted: Wed Oct 27, 2004 3:04 pm
by kettle_drum
Im sorry i made a mistake its missing the underscore:

Code: Select all

in_array();

Posted: Wed Oct 27, 2004 3:04 pm
by timvw
well, if you consult the manual for inarray thus -> http://www.php.net/inarray you get a list with relevant thingies -> and the 2nd is the function in_array ;)

Posted: Wed Oct 27, 2004 3:23 pm
by ljCharlie
You guys are AWSOME! It works!

Many thanks for the help.

ljCharlie

Posted: Wed Oct 27, 2004 3:34 pm
by kettle_drum
No problem. Just remember next time that you can code the same thing in php in many different ways. So when you get stuck going down one road, back up and try taking a different route.