Page 1 of 1

no faking it - File type

Posted: Wed Feb 09, 2005 3:49 am
by malcolmboston
need to know a way of being certain of exactly what type of file PHP is dealing with.

Im building some PHP images functions and need to be sure of what typoe of file is being sent to the script (png, jpeg, EXE!!)

thanks
Mal

Posted: Wed Feb 09, 2005 4:00 am
by n00b Saibot
try exif_imagetype() if you are dealing only with images.

Posted: Wed Feb 09, 2005 4:02 am
by malcolmboston
basically its for an image thumbnail generator

it needs to work with all file types as the user can, in theory, attack the server by uploading an incorrect filetype.

i initially would like to scan for the extension and THEN scan for image type if i cant do it all in one.

Thanks
Mal

Posted: Wed Feb 09, 2005 4:08 am
by n00b Saibot
Just use the aforesaid function. Refer the PHP Manual for it. it basically tell you the type of image file it is. For generating thumbnails You can
use this info. first of all generate error if user uploads incorrect file. and if user tries to outsmart by changing its extension the function I mentioned will return the type of image only. if image-type returns unknown you can just reject the file and tell the user that it was an invalid file. :)

Posted: Wed Feb 09, 2005 4:14 am
by malcolmboston
great, thanks

Mal

Posted: Wed Feb 09, 2005 8:37 am
by feyd
getimagesize() also can read and report back info on many differing image types. It doesn't require GD either :)

...

Posted: Wed Feb 09, 2005 10:00 am
by s.dot
as feyd said, getimagesize($image) would be very helpful as it returns the extension of the file in index 2

Do this:

Code: Select all

// Get the imagesize indexes, including file type //
$type = getimagesize($image);

// All possible types returned by getimagesize(), edit to your liking //

$allowabletypes = array("GIF", "JPG", "PNG", "SWF", "PSD", "TIFF", "JPC", "JP2", "JPX", "JP2", "SWC", "IFF", "WMPB", "XBM");

// Check to see if the file type is in the allowed types array //

if(!in_array($typeї'2'], $allowabletypes)) { die("invalid file type"); } ELSE { // code here }
Hope this helps.

Or this

Posted: Wed Feb 09, 2005 10:29 am
by s.dot
Or you can alternatively do this, which will basically do the same thing

Code: Select all

// Get image type //

$imagtype = getimagesize($source);

// Check file type //

switch ( $imagetypeї2] ) { 

// Create cases for all file types you would like to allow //

case 2: $fileext = 'jpg'; break; 
case 3: $fileext = 'png'; break; 
default:

// File type not allowed, so report error //

echo ("Invalid File Type"); break; }

Posted: Wed Feb 09, 2005 10:30 am
by feyd
you know you can edit your post right?