How to add restrictions on my little code?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
lobski
Forum Newbie
Posts: 4
Joined: Thu Jul 24, 2008 1:09 am

How to add restrictions on my little code?

Post by lobski »

Greetings.

I followed the PHP uploading tutorial, and I want to change a few things to it. First is to restrict the uploaded file to ONLY image files, such as jpeg, gif, png, etc.

I am following the tutorial here:
http://www.tizag.com/phpT/fileupload.php

So far I have this code:

<?php
$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has successfully been uploaded.";
} else{
echo "There was an error uploading the file, please try again!";
}
?>
What would I have to change to restrict the files to images?
Last edited by lobski on Thu Jul 24, 2008 1:55 am, edited 1 time in total.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: How to add restrictions on my little code?

Post by s.dot »

You wouldn't change anything on the HTML end. You would in the PHP.

Code: Select all

if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
    die('Please upload an image only.');
}
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
lobski
Forum Newbie
Posts: 4
Joined: Thu Jul 24, 2008 1:09 am

Re: How to add restrictions on my little code?

Post by lobski »

scottayy wrote:You wouldn't change anything on the HTML end. You would in the PHP.

Code: Select all

if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
    die('Please upload an image only.');
}
Yeah, I realized I pasted in the wrong code. I edited in the correct one :D
lobski
Forum Newbie
Posts: 4
Joined: Thu Jul 24, 2008 1:09 am

Re: How to add restrictions on my little code?

Post by lobski »

I tried your code, and its giving me an error... What newbish mistake did I make? :oops:

Code: Select all

<?php
$target_path = "uploads/";
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
 
if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
    die('Please upload image files only.');
    }
    
    else(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has successfully been uploaded.";
    } else{
    echo "There was an error uploading the file, please try again!";
}
 
 
    
    
?>
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: How to add restrictions on my little code?

Post by VladSun »

Be aware of getimagesize() file type validation:
http://ha.ckers.org/blog/20070604/passi ... imagesize/

Also, always rename the uploaded file, or at least rename the file extension to a permitted one.
There are 10 types of people in this world, those who understand binary and those who don't
lobski
Forum Newbie
Posts: 4
Joined: Thu Jul 24, 2008 1:09 am

Re: How to add restrictions on my little code?

Post by lobski »

Thanks, I think I'll put in the rename thing.
Here's my code:

Code: Select all

<?php
$target_path = "uploads/";
 
if(getimagesize($_FILES['uploadedfile']['tmp_name'])) {
 
 
 
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "Upload successful. The link to your image is: http://absolutely-corrupt.com/" .$target_path . "<br />" ."<br />". "Signature code: <FONT size=4>[img]http://absolutely-corrupt.com/"%20.%20"$target_path"%20.%20"<FONT%20size=4>[/img]";
} else{
    echo "There was an error uploading the file, please try again!";
   }
 
} else {
  die("You may only upload image files!");
}
?>
Is it possible to rename filenames to numbers?
Post Reply