Page 1 of 1

How to add restrictions on my little code?

Posted: Thu Jul 24, 2008 1:11 am
by lobski
Greetings.

I followed the PHP uploading tutorial, and I want to change a few things to it. First is to restrict the uploaded file to ONLY image files, such as jpeg, gif, png, etc.

I am following the tutorial here:
http://www.tizag.com/phpT/fileupload.php

So far I have this code:

<?php
$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has successfully been uploaded.";
} else{
echo "There was an error uploading the file, please try again!";
}
?>
What would I have to change to restrict the files to images?

Re: How to add restrictions on my little code?

Posted: Thu Jul 24, 2008 1:54 am
by s.dot
You wouldn't change anything on the HTML end. You would in the PHP.

Code: Select all

if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
    die('Please upload an image only.');
}

Re: How to add restrictions on my little code?

Posted: Thu Jul 24, 2008 1:58 am
by lobski
scottayy wrote:You wouldn't change anything on the HTML end. You would in the PHP.

Code: Select all

if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
    die('Please upload an image only.');
}
Yeah, I realized I pasted in the wrong code. I edited in the correct one :D

Re: How to add restrictions on my little code?

Posted: Thu Jul 24, 2008 2:02 am
by lobski
I tried your code, and its giving me an error... What newbish mistake did I make? :oops:

Code: Select all

<?php
$target_path = "uploads/";
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
 
if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
    die('Please upload image files only.');
    }
    
    else(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name']). 
    " has successfully been uploaded.";
    } else{
    echo "There was an error uploading the file, please try again!";
}
 
 
    
    
?>

Re: How to add restrictions on my little code?

Posted: Thu Jul 24, 2008 2:25 am
by VladSun
Be aware of getimagesize() file type validation:
http://ha.ckers.org/blog/20070604/passi ... imagesize/

Also, always rename the uploaded file, or at least rename the file extension to a permitted one.

Re: How to add restrictions on my little code?

Posted: Thu Jul 24, 2008 3:43 am
by lobski
Thanks, I think I'll put in the rename thing.
Here's my code:

Code: Select all

<?php
$target_path = "uploads/";
 
if(getimagesize($_FILES['uploadedfile']['tmp_name'])) {
 
 
 
 
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
    echo "Upload successful. The link to your image is: http://absolutely-corrupt.com/" .$target_path . "<br />" ."<br />". "Signature code: <FONT size=4>[img]http://absolutely-corrupt.com/"%20.%20"$target_path"%20.%20"<FONT%20size=4>[/img]";
} else{
    echo "There was an error uploading the file, please try again!";
   }
 
} else {
  die("You may only upload image files!");
}
?>
Is it possible to rename filenames to numbers?