I been trying to make a multiple file upload with restrictions that only allow you to upload .gif, .jpg, .png, .mp3, .wav, and .mid file types.
So if someone could help me or supply a code that would be great.
multiple file upload
Moderator: General Moderators
- aceconcepts
- DevNet Resident
- Posts: 1424
- Joined: Mon Feb 06, 2006 11:26 am
- Location: London
Re: multiple file upload
What have you done so far?
Re: multiple file upload
So far this is what I have, but I can't figure out how to make it for it restricts certain format/filetypes and to make it multi upload.
Index.html
Uploader.php
Uploads folder must have file permissions of 777
But i also found this code at: http://www.w3schools.com/php/php_file_upload.asp
It's supposed to put restricions on it but I can't figure out how to apply it to my upload script
Index.html
Code: Select all
<html>
<head>
<title>Upload Media</title>
</head>
<body>
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td>
</tr>
<tr>
<td><form enctype="multipart/form-data" action="uploader.php" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="120000000" />
Choose a file to upload: <input name="uploadedfile" type="file" /><br />
<input type="submit" value="Upload File" />
</form></td>Code: Select all
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript:select();' value='". basename( $_FILES['uploadedfile']['name']).
"'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/". basename( $_FILES['uploadedfile']['name']).
"'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>
But i also found this code at: http://www.w3schools.com/php/php_file_upload.asp
It's supposed to put restricions on it but I can't figure out how to apply it to my upload script
Code: Select all
<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Stored in: " . $_FILES["file"]["tmp_name"];
}
}
else
{
echo "Invalid file";
}
?>Re: multiple file upload
If anyone could help that'de be great. 
-
TheBrandon
- Forum Commoner
- Posts: 87
- Joined: Tue May 20, 2008 8:55 am
Re: multiple file upload
Just try using these parts:
If you're using the $_FILES super global (which it looks like you are) then you just have to make an if/else for the filetype.
Basically, if the $_FILES super global's type is image/gif, do this.
Do a print_r($_FILES); in your script. It really opened my eyes to WHY that code worked and what data it contained.
I had to tackle a project similar to this and it drove me crazy because I didn't understand the $_FILES global array.
Try something like this:
Code: Select all
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))Basically, if the $_FILES super global's type is image/gif, do this.
Do a print_r($_FILES); in your script. It really opened my eyes to WHY that code worked and what data it contained.
I had to tackle a project similar to this and it drove me crazy because I didn't understand the $_FILES global array.
Try something like this:
Code: Select all
<center>
<table cellspacing="0" border="1" bordercolor="black">
<tr><td background="http://rphosting.net/dir_images/tableheader.png" colspan="2"><center><font color="white">Upload Media</font></td></tr>
<tr>
<td>
<?php
$target_path = "/home/rphost/public_html/upload/";
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
//////////////////////////////////////
if ((($_FILES["file"]["type"] == "image/gif"){
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "The file ". basename( $_FILES['uploadedfile']['name']).
" has been uploaded";
} else{
echo "There was an error uploading the file, please try again!";
}
//////////////////////////////////////
}else{
echo "Sorry, not the write file type.";
}
?>
</td>
</tr>
<tr>
<td>
<br>
<small>File Name:</small><br>
<?php echo "<input type='text' size='25' onclick='javascript:select();' value='". basename( $_FILES['uploadedfile']['name']).
"'>";?>
<br>
Preview:<br>
<?php echo "<img src='http://rphosting.net/uploads/". basename( $_FILES['uploadedfile']['name']).
"'>";?></td>
</tr>
<tr>
<td><center><form action="index.php" method="post"><input type="submit" value="Return to Upload Page"></center></td>
</tr>
</table>Re: multiple file upload
Hi,
please don't use this:
The 'type' of a file is send by the http header, so you can easily modify it and upload e.g. a '.php' file with image/jpeg as type (just modify the header your browser send, there are many firefox plugins for this purpose).
To make sure, that someone can just upload mp3, gif and jpg files, check the extension:
But this is also insecure, because you can just change the file extension. (Change the extension of e.g. a html File to .gif and open this with IE6. IE6 will display correct html file. If the .html file now contains some javascript, you can redirect users who view this image or infect the user with a trojan horse).
So for images you can use:
But this doesn't work for mp3.
So you have to move the uploaded files into a seperated folder, where the direct access is not possible (e.g. put a .htaccess with 'deny from all' into the folder). The user than can access the file via a php-script, which sends the correct mime header depending on the file extension.
please don't use this:
Code: Select all
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))To make sure, that someone can just upload mp3, gif and jpg files, check the extension:
Code: Select all
$ext = strrchr($_FILES["file"]["name], ".");
echo "Extension: $ext"; //I hope this work
But this is also insecure, because you can just change the file extension. (Change the extension of e.g. a html File to .gif and open this with IE6. IE6 will display correct html file. If the .html file now contains some javascript, you can redirect users who view this image or infect the user with a trojan horse).
So for images you can use:
Code: Select all
$info = getimagesize($_FILES['datei']['tmp_name']);
if($info[2] == IMAGETYPE_GIF || $info[2] == IMAGETYPE_JPEG)
echo "Thats an image!";
So you have to move the uploaded files into a seperated folder, where the direct access is not possible (e.g. put a .htaccess with 'deny from all' into the folder). The user than can access the file via a php-script, which sends the correct mime header depending on the file extension.