Page 1 of 1

upload form: file types

Posted: Fri Oct 27, 2006 4:57 am
by sh33p1985
my upload form should only allow jpegs to be uploaded but the following code keeps identifying jpegs as *not jpegs*:

if ($_FILES['uploadImage']['type'] == "image/jpeg"){
//continue with upload
}
else{
//error handling
}

i double checked the mime for jpeg and that is correct and should cover all alternatives such as jpg jpe and jpeg but i continually get thrown to the else clause.

Posted: Fri Oct 27, 2006 5:03 am
by volka
Do not rely on $_FILES[...]['type']. The value is take from the client's input.
If I like I can send an executable and mark it as mage/jpeg. Your script would buy it.

Use getimagesize, exif_imagetype or mime_content_type instead
http://de2.php.net/getimagesize
http://de2.php.net/exif_imagetype
http://de2.php.net/mime_content_type

Posted: Fri Oct 27, 2006 5:36 am
by sh33p1985
went with the mime_content_type, uncommented:

extension=php_mime_magic.dll

and added in:

mime_magic.debug = On
mime_magic.magicfile = "C:\Program Files\EasyPHP1-8\php\magic.mime"


still getting a call to undefined function tho at runtime.

if (mime_content_type($filename) == "image/jpeg"){
//blah
}
else{
//blahblah
}

Posted: Fri Oct 27, 2006 5:38 am
by volka
Did you restart the webserver after you made changes to the php.ini?

Posted: Fri Oct 27, 2006 5:43 am
by sh33p1985
i did, but to make sure im going to do a system reboot, bare with me.

Posted: Fri Oct 27, 2006 5:47 am
by sh33p1985
yup still calling an undefined function.

Posted: Fri Oct 27, 2006 6:17 am
by volka
Call

Code: Select all

<?php phpinfo(); ?>
does it refelect the changes you made to the php.ini?
Change something else, display_errors e.g. Does phpinof() reflect that change?

Posted: Fri Oct 27, 2006 6:24 am
by sh33p1985
hmm, changed display_errors to off, restarted web server and refreshed my test page with phpinfo() in it. still said errors were on.

Posted: Fri Oct 27, 2006 7:44 am
by sh33p1985
fixed it.

thanks for your help though.