While the board was down (looks like you'v updated the forum) I went onto another php forum and asked a similair topic (and there wasn't a great amount of feedback to say the least!) I got given this peice of code for music uploads:
Code: Select all
<?php
// ==============
// Configuration
// ==============
$uploaddir = "uploads"; // Where you want the files to upload to - Important: Make sure this folders permissions is 0777!
$allowed_ext = "mp3, wav"; // These are the allowed extensions of the files that are uploaded
$max_size = "50000"; // 50000 is the same as 50kb
// Check Extension
$extension = pathinfo($_FILES['file']['name']);
$extension = $extension[extension];
$allowed_paths = explode(", ", $allowed_ext);
for($i = 0; $i < count($allowed_paths); $i++)
{
if ($allowed_paths[$i] == "$extension")
{
$ok = "1";
}
}
// Check File Size
if ($ok == "1")
{
if($_FILES['file']['size'] > $max_size)
{
print "File size is too big!";
exit;
}
// The Upload Part
if(is_uploaded_file($_FILES['file']['tmp_name']))
{
move_uploaded_file($_FILES['file']['tmp_name'],$uploaddir.'/'.$_FILES['file']['name']);
print "Your file has been uploaded successfully! Yay!";
}
else
{
print "Incorrect file extension!";
}
}
?>With images I check a few things and then actully recreate the image resized, which means I am sure that what is being uploaded is an image. With this example all we are doig is checking the file extension, which doesnt stop someone just adding such an extension to any file at all.
Question - I want to upload into a public directory. Is this above code a no go? If it is unsuitable, any tips on what I could do to improve it? (I am unsure of functions that would allow me to do this, unlike with images)