Page 1 of 1
How to add restrictions on my little code?
Posted: Thu Jul 24, 2008 1:11 am
by lobski
Greetings.
I followed the PHP uploading tutorial, and I want to change a few things to it. First is to restrict the uploaded file to ONLY image files, such as jpeg, gif, png, etc.
I am following the tutorial here:
http://www.tizag.com/phpT/fileupload.php
So far I have this code:
<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has successfully been uploaded.";
} else{
echo "There was an error uploading the file, please try again!";
}
?>
What would I have to change to restrict the files to images?
Re: How to add restrictions on my little code?
Posted: Thu Jul 24, 2008 1:54 am
by s.dot
You wouldn't change anything on the HTML end. You would in the PHP.
Code: Select all
if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
die('Please upload an image only.');
}
Re: How to add restrictions on my little code?
Posted: Thu Jul 24, 2008 1:58 am
by lobski
scottayy wrote:You wouldn't change anything on the HTML end. You would in the PHP.
Code: Select all
if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
die('Please upload an image only.');
}
Yeah, I realized I pasted in the wrong code. I edited in the correct one

Re: How to add restrictions on my little code?
Posted: Thu Jul 24, 2008 2:02 am
by lobski
I tried your code, and its giving me an error... What newbish mistake did I make?
Code: Select all
<?php
$target_path = "uploads/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if (!$imageInfo = @getimagesize($_FILES['uploadedfile']['tmp_name']))
{
die('Please upload image files only.');
}
else(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has successfully been uploaded.";
} else{
echo "There was an error uploading the file, please try again!";
}
?>
Re: How to add restrictions on my little code?
Posted: Thu Jul 24, 2008 2:25 am
by VladSun
Be aware of getimagesize() file type validation:
http://ha.ckers.org/blog/20070604/passi ... imagesize/
Also, always rename the uploaded file, or at least rename the file extension to a permitted one.
Re: How to add restrictions on my little code?
Posted: Thu Jul 24, 2008 3:43 am
by lobski
Thanks, I think I'll put in the rename thing.
Here's my code:
Code: Select all
<?php
$target_path = "uploads/";
if(getimagesize($_FILES['uploadedfile']['tmp_name'])) {
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "Upload successful. The link to your image is: http://absolutely-corrupt.com/" .$target_path . "<br />" ."<br />". "Signature code: <FONT size=4>[img]http://absolutely-corrupt.com/"%20.%20"$target_path"%20.%20"<FONT%20size=4>[/img]";
} else{
echo "There was an error uploading the file, please try again!";
}
} else {
die("You may only upload image files!");
}
?>
Is it possible to rename filenames to numbers?