PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
This script is meant for my visitors to be able to upload images (gif/jpeg/png/whatever) to my server. My visitors are cookied before they get to this script, and if they have the cookie it asigns them a folder to upload to. This script works perfectly, just how I want it... except its not specific to images. Users can upload any file they want, even harmfull files. What is the most secure way to limit the types of files that can be uploaded? If anyone has time to help me out I would appreciate it! If its a pain I might could paypal you something for your trouble.. just let me know!
Again, this script works fine! I just don't think letting people upload any filetype is very secure!
of course you'll have to change the array to the values getimagesize would return. (i forget off the top of my head)
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Ok, I haven't slept in forever so forgive me if this is a stupid question. How do I get getimagesize() to check the file before it puts it into the path (to prevent bad files from uploading)? When I put the code in my script, it can't find the file to check... See below:
if(isset($save_path) && $save_path!="")
{
// check file to see if its an image
list($width, $height, $type, $attr) = getimagesize($file['name']);
if ($type == 1 or $type == 2 or $type == 3) {
// good file type, so move it
$name = split('/',$file['name'][$i]);
move_uploaded_file($file['tmp_name'][$i], $save_path . $name[count($name)-1]);
} else {
// bad file
echo "<p><font face='Verdana'>Bad filetype. Try again!<p>";
}
}
}
When I use this, I get this error:
Warning: getimagesize(Array) [function.getimagesize]: failed to open stream: No such file or directory in /home/southern/public_html/upload.php on line 97
Thank you very much! Great function I never knew existed! And looks really easy to implement if I can get over the little things.
$picture_info = getimagesize($_FILES['field_name']['tmp_name']);
// change "field_name" to the name of your file upload form element
$allowed = array('gif','jpg','png');
if(!in_array($picture_info[2],$allowed)){
echo 'not allowed';
}
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
$picture_info = getimagesize($_FILES['field_name']['tmp_name']);
// change "field_name" to the name of your file upload form element
$allowed = array('gif','jpg','png');
if(!in_array($picture_info[2],$allowed)){
echo 'not allowed';
}
Thanks! That got it working
The only thing is the way it is now, if the user only uploads 1 file, the other two (blank fields) show as bad files.
For example, if you upload one file, this is the result:
I tried several IF statements to determine if $file['name'][$i] is set, it would display the url, but if not, it would do nothing. But it always shows the url. Somehow it either thinks that variable is set reguardless, or there is something with the way I'm writing it that I'm not doing right.
foreach($_FILES['field_name']['name'] AS $v){
if(!empty($v)){
// do your stuff here
}
}
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.