dozure Posted April 25, 2003 Posted April 25, 2003 that can be returned by $_FILES['userfile']['type'] I'm trying to restrict my upload script to only image files. for example: >if ($file_type != "image/gif") { die ("File is not a image. Try again"); } can i use a wildcard so I can just put: >if ($file_type != "image/*") { die ("File is not a image. Try again"); } I know that exactly won't work, because I tried it, but is there a way I dont know about to use a wildcard in that? Quote
TCH-Sales Posted April 25, 2003 Posted April 25, 2003 My php knowlege is sparce to say the least, I'm just now learning more about it but I doubt you could use a wildcard there. That would be more like if you wanted to get every .gif file in the folder. I'd say try listing just all the diffrent image formats you can, or put in a sub title that you only accept a certain type of file, and create a "don't list" if it would be simpler. Hope this helps a little! Quote
dozure Posted April 25, 2003 Author Posted April 25, 2003 yea i put image files only, but ive already had a couple mp3s and some zips pop up in there. I'm worried about someone uploading a php file and going nutty before I catch it. Quote
TCH-JimE Posted April 25, 2003 Posted April 25, 2003 Hi, If the gif one works, then you can do multi lists and just list all the image tags. Using a *.* would not work Jim Quote
TCH-JimE Posted April 25, 2003 Posted April 25, 2003 Hi, I just googled a bit and found this, : >[PHP] <?php ############################################# // START SETTINGS // Path to save upload (no end slash!!) $GLOBALS['Upload_path'] = "/dir/to/upload"; // Allowed types $GLOBALS['allowed_types'] = array( "application/x-gzip-compressed", "application/x-shockwave-flash", "application/x-tar", "application/x-zip-compressed", "image/bmp", "image/gif", "image/jpeg", "image/pjpeg", "image/png", "image/psd", "image/tiff", "image/iff" ); // Maximum size of upload allowed (in bytes) $GLOBALS['max_filesize'] = 1000000; // Maximum dimentions for image uploads (in pixels) $GLOBALS['max_image_height'] = 1240; $GLOBALS['max_image_width'] = 1600; // END SETTINGS ############################################# // Tells whether the file submitted to be uploaded if(is_uploaded_file($_FILES['userfile'])) { // returns error if file type not in allowed types if(!in_array($_FILES['userfile']['type'], $GLOBALS['allowed_types'])) { echo "File not allowed"; exit(); } // returns error if file size is bigger than defined file size if($_FILES['userfile']['size'] > $GLOBALS['max_filesize']) { echo "File size too large"; exit(); } // checks if file is image, if so then checks the width and height against defined settings above if(eregi("image", $_FILES['userfile']['type']) && (in_array($_FILES['userfile']['type'], $GLOBALS['allowed_types']))) { $imagesize = GetImageSize($_FILES['userfile']['tmp_name']); // Checks width if ($imagesize[0] > $GLOBALS['max_image_width']) { echo "Your image should be no wider than " . $GLOBALS['max_image_width'] . " Pixels"; exit(); } // Checks height if ($imagesize[1] > $GLOBALS['max_image_height']) { echo "Your image should be no higher than " . $GLOBALS['max_image_height'] . " Pixels"; exit(); } } // if the file is not uploaded correctly, it will return a unsuccessful if(!@copy($_FILES['userfile']['tmp_name'], $GLOBALS['Upload_path'] . "/" . $_FILES['userfile']['name'])) { echo "Upload was not successful"; exit(); // else it will return successful } else { echo "Upload successful<br>"; echo "File: <b>" . $_FILES['userfile']['name'] . "</b><br>"; echo "Size: <b>" . $_FILES['userfile']['size'] . "</b><br>"; echo "Type: <b>" . $_FILES['userfile']['type'] . "</b><br>"; exit(); } // shows the form if no file has been submitted } else { ?> <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data"> <input type="file" name="userfile" size="50"> <br><br> <input type="submit" value="Upload!"> </form> <? } ?> [/PHP] Should do the trick for you Jim Quote
dozure Posted April 25, 2003 Author Posted April 25, 2003 thanks those are the ones i have in my list now, i was just seeing if anyone knew of any others Quote
dozure Posted April 25, 2003 Author Posted April 25, 2003 this is what I've got anybody see anything wrong, or a better way I could have done something? $superdat is the variable thats the filename they put in to upload >//define allowed file types $allowed = array( "image/bmp", "image/gif", "image/jpeg", "image/pjpeg", "image/png", "image/psd", "image/tiff", "image/iff" ); //convert filenames to lowercase $superdat_name = strtolower($superdat_name); //remove spaces from file names and replace them with underscores $superdat_name = str_replace(" ", "_", $superdat_name); //check to see if filetype is allowed if(!in_array($superdat_type, $allowed)) { //if not allowed show error and link back to main page echo "<BR><center><a href = 'http://upload.dozure.net'>Try again</a><br><br>"; echo "If you believe you got this error mistakenly, contact dozure with the error below<br><br>"; die ("ERROR: Files of type <font color = 'red'>$superdat_type</font> are not images.</center>"); } Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.