Page 1 of 1

Image Upload Script Issues

Posted: Sat Jun 21, 2003 5:46 pm
by rprins
Hey All! I have been looking around here for some time now and I have found some very useful info here. But, I have run into a snag in my code that I am creating for image uploads on my site. I can get the image to upload fine and that works. However, I cannot get it to check for a valid extention (in this case I want to have only *.jpg files uploaded) and to check the image size to make sure it will fit (I don't know the dimentions yet for this). So, if any of you could help me out that would be great. Also, if you find any errors let me know, I just whipped this up yesterday and am pretty new to upload scripting.

Issues w/ the code below:
1)I cannot get the extention part to work at all... that is why it is commented out.
2)For the image size, it returns Array and I don't know why or how to fix it.

Thanks,

rprins

Code: Select all

<?php
	require('auth.php'); 
	require('../includes/connect.php');

	$query = "SELECT * FROM user WHERE userid = '$PHP_AUTH_USER'";
	$result = mysql_query($query, $connection) or die("User Id Query Failed."); 
	while($row = mysql_fetch_array($result)){ 
		$usernumber = $row[usernumber];
		$username = $row[username];
		$userlevel = $row[userlevel];
		$userid = $row[userid];
	}

if($action){
	switch($action) {
		case "upload":
			// Display the form for uploading
			echo "<form name='upload' method='post' action='upload.php?action=process' enctype='multipart/form-data'>
					<p><font>Local Image Dir: </font><input name='source_file' type='file'><br><br>
   					<input name='process' type='submit' value='Upload Image'>
				  </form>";
			break;
		
		case "process":
				// set the login info that is needed
				$ftp_server = 'my ftp';	// FTP Server
				$ftp_user_name = 'myuser';				// FTP User Login
				$ftp_user_pass = 'my pass';			// FTP User Password
				
				// set up basic connection
				$conn_id = ftp_connect($ftp_server) or die("Couldn't connect to $ftp_server");
				
				// login with username and password
				$login_result = ftp_login($conn_id, $ftp_user_name, $ftp_user_pass); 
				
				// check connection
				if ((!$conn_id) || (!$login_result)) { 
					echo "FTP connection has failed!<br>";
					echo "Attempted to connect to $ftp_server for user $ftp_user_name"; 
					exit; 
				}
				/*
// Limit uploads to specific extentions -- THIS DOES NOT WORK! NEED HELP HERE

				$limitedext = array(".gif",".jpg",".png",".jpeg");
				$ext = strrchr($file_name,'.');
				if (!in_array($ext,$limitedext)) {
					die("The file you are uploading doesn't have the correct extension.");
					exit;
				}
				*/
				
				$filesize = filesize($source_file);
				if($filesize > 40960){
					echo "Your filesize, " . $filesize . " bytes, is too large.<br>
							It must be less than 40KB or 40960 bytes.";
					exit;
				}
				
				$file_extention = '.jpg';	// Define the file extention. MUST include the period before the extention
				$destination_path = '/www/images/roster/';	// Define path to the file on the server
				$destination_file = $destination_path . $usernumber . $file_extention;	// Define the file name
				$upload = ftp_put($conn_id, $destination_file, $source_file, FTP_ASCII); // upload the file
				
				if (!$upload) { 
					echo "FTP upload has failed!";
				} else {
					echo "Uploaded $source_file to $ftp_server as $destination_file<br>";
				}
				
				// Check image size -- THIS DOES NOT WORK! NEED HELP HERE
				$image = "../images/roster/" . $usernumber .  ".jpg";
				$size = getimagesize ($image);
				echo "<img src="". $image . "" {$size[3]}><br>";
				echo $image . $size . "<br>";
				
				$delete_temp = unlink($source_file); // Delete file in Temp Dir
				
				if($delete_temp) echo "<br>Success Deleting Temp Image";
				
				// close the FTP stream 
				ftp_close($conn_id); 
			break;
	}
}
?>

reply

Posted: Sat Jun 21, 2003 7:03 pm
by phpScott
As for getting the extension I could never get it to work either so I juse javascript to validate the extension first before I upload the picture.
I know this isn't the safest way of doing it and I'm sure one of the guru's around here can help you with that.

As for the demisions http://ca2.php.net/manual/en/function.getimagesize.php

What you want is array element [0] and [1] will get you the height and width
element[2] will get you the picture type depending on what it is. see url link for that list.
Element [3] is kind of handy as it will print out html for a heigh and width in an image tag.

here is a little snippet of code to show the array elements and a filesize call at the end for good measure.

Code: Select all

<?php
$size = getimagesize("phpScott.jpg");
  for($x=0; $x<4; $x++)
  {
     echo "size $x is ".$size[$x]."<br />";
  }
  $fSize=filesize("phpScott.jpg");
  echo "fSize is $fSize <br />";

?>
produded

Code: Select all

size 0 is 329
size 1 is 97
size 2 is 2
size 3 is width="329" height="97"
fSize is 4300
phpScott

Posted: Sat Jun 21, 2003 10:06 pm
by rprins
I got the image size to work. Thanks!

Now i just need a fix for the file extension.

Posted: Sat Jun 21, 2003 11:32 pm
by fractalvibes
FOr getting the image size,assuming a form field called propPhotoFile:

Get the size:
if ($propPhotoFile_size == 0) {
$DoUpload = false;
}

Check the type:
if ($DoUpload == True) {
if (!($propPhotoFile_type == "image/jpeg" or $propPhotoFile_type == "image/pjpeg" or $propPhotoFile_type == "image/png")) {
$uploaderror = "Cannot Upload Files of Type " . $propPhotoFile_type;
}

That should work - just omit image/png as an allowed type.

Phil J.

Posted: Sun Jun 22, 2003 5:26 am
by patrikG
Doing a client-side check of the MIME-type with Javascript has certain advantages over a server-side check - simply because it is checks before the upload.
Nothing like uploading a 2MB-file and then being told it's too big... :P

Posted: Sun Jun 22, 2003 4:40 pm
by rprins
patrikG wrote:Doing a client-side check of the MIME-type with Javascript has certain advantages over a server-side check - simply because it is checks before the upload.
Nothing like uploading a 2MB-file and then being told it's too big... :P
How would I go about doing this?

Posted: Mon Jun 23, 2003 11:06 am
by m3rajk
DO NOT CHECK BY EXTENSION!!!!!!!

i know sooooo many people that think simply changing the file from me.bmp to me.jpg encodes it to jpeg....



ALWAYS check by mime type. if i'm not mistaken it's not some lame ass microsoft thing that gets foold by extension but taken from other oses where they check the file itself to find out the type. also makes extensions irrelevant. something that's good if you don't know all the extentions, and you omitted the common jpe from the list of extensions. jpe, jpg, and jpeg are all common joeg encodeing extentions

i've got a form set up that i haven't tested for uploading yet but have the code written to utelize the $_files[][] array.

i suggest using that. you can get the remote name, temp name on the server, file size, error code and i think there was another thing

Posted: Mon Jun 23, 2003 5:14 pm
by rprins
Yeah, I know better than to change a BMP to a JPG file :) All I really want to do is check what the file type is so that it meets the requirements of some other code that I wrote. I could just simplify it all and put a SQL query to the DB and update the path of the file there. That probably would be easiest for this situation. But, still, I have gotten plenty of good info from those who posted. Also, one last thing, when I do a MIME check on ZIP archives, what would the MIME output look like? I hope that makes sense. I want to check to make sure the user is uploading a ZIP file.

Posted: Mon Jun 23, 2003 7:15 pm
by Judas
:!: let browser define (lin,Apache) before doing a thing

Code: Select all

&lt;input type="hidden" name="MAX_FILE_SIZE" value="500000"&gt;
:!: get HTTP vars

Code: Select all

<?php
$uploaded_raw=$HTTP_POST_FILES['<!--your_form_input_name-->']['name'];
$uploaded_array=explode(".",$uploaded_raw);
if (!empty($uploaded_array[1])){
  $image_extension=strtolower($uploaded_array[1]);
  }
 else{
   //file not compatible (no extension found)
   }
$image_size=$HTTP_POST_FILES['<!--your_form_input_name-->']['size'];
$image_error=$HTTP_POST_FILES['<!--your_form_input_name-->']['error'];
?>
:arrow: getting on try to get image info.

Code: Select all

<?php
$image_info=getimagesize('<!--your_jpg_file-->');
$image_width=$image_info[0];
$image_height=$image_info[1];
if ($image_info[2]==1){
  $image_extension='gif';
  }
if ($image_info[2]==2){
  $image_extension='jpg';
  }
if ($image_info[2]==3){
  $image_extension='png';
  }
if ($image_info[2]==4){
  $image_extension='swf';
  }
if ($image_info[2]==5){
  $image_extension='psd';
  }
if ($image_info[2]==6){
  $image_extension='bmp';
  }
if ($image_info[2]==7){
  $image_extension='tiff';
  //intel
  }
if ($image_info[2]==8){
  $image_extension='tiff';
  //motorola
  }
if ($image_info[2]==9){
  $image_extension='jpc';
  }
if ($image_info[2]==10){
  $image_extension='jp2';
  }
if ($image_info[2]==11){
  $image_extension='jpx';
  }
if ($image_info[2]==12){
  $image_extension='jb2';
  }
if ($image_info[2]==13){
  $image_extension='swc';
  }
if ($image_info[2]==14){
  $image_extension='iff';
  }

$image_tag=$image_info[3];
?>
:?: More ?