SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    upload only certain files, jpg. pdf, etc

    I've been working on this all day long, I still really new to php so I'm not sure where I'm making my mistake. I want the user to be able to upload only certain types of files. My code as it is allows the user to upload virtually anything. I want it to give them an error message before going any further when they try to upload anything that isn't in the array. Here is my code, any help would be greatly appreciated.

    The number of files available to upload is determined by a form on the previously viewed page.

    <?
    // start of dynamic form
    $uploadNeed = $_POST['uploadNeed'];
    for($x=0;$x<$uploadNeed;$x++){
    ?>
    <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
    </p>
    <?
    // end of for loop
    }
    ?>
    <p>
    <input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
    <input name="filename" type="hidden" id="filename" value="
    <?
    $UploadExts = array('gif','jpeg','jpg');
    $uploadNeed = $_POST['uploadNeed'];

    // start for loop
    for($x=0;$x<$uploadNeed;$x++){

    // strip file_name of slashes
    $file_name = stripslashes($file_name);
    $file_name = str_replace("'","",$file_name);
    $file_name = $_FILES['uploadFile'. $x]['name']['type'];
    $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

    //File Extension Check
    if (!in_array($file_ext, $FILE_EXTS))
    $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
    else
    $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";

    // check if successfully copied
    if($copy){
    echo "$file_name | uploaded Successfully!><br>";
    }else{
    echo "$file_name | Could Not Be Uploaded!<br>";
    }
    }
    // end of loop
    ?>">

  2. #2
    SitePoint Enthusiast
    Join Date
    Dec 2005
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    if (!in_array($file_ext, $FILE_EXTS))

    should be:
    if (!in_array($file_ext, $UploadExts))

    and also that's a flawed way of finding out the file extension, because if the user uploads a file with lots of random . in it then it wont work.

    I would use this instead:
    $file_ext = substr(strtolower(strrchr($file_name,'.')),1);

    Try it.

  3. #3
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay I tried that and it didn't work. Am I leaving anything out?

    <?
    // start of dynamic form
    $uploadNeed = $_POST['uploadNeed'];
    for($x=0;$x<$uploadNeed;$x++){
    ?>
    <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
    </p>
    <?
    // end of for loop
    }
    ?>
    <p>
    <input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
    <input name="filename" type="hidden" id="filename" value="
    <?
    $UploadExts = array('gif','jpeg','jpg');
    $uploadNeed = $_POST['uploadNeed'];

    // start for loop
    for($x=0;$x<$uploadNeed;$x++){

    // strip file_name of slashes
    $file_name = stripslashes($file_name);
    $file_name = str_replace("'","",$file_name);
    $file_name = $_FILES['uploadFile'. $x]['name']['type'];
    $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

    //File Extension Check
    $file_ext = substr(strtolower(strrchr($file_name,'.')),1);
    $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
    else
    $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";

    // check if successfully copied
    if($copy){
    echo "$file_name | uploaded Successfully!><br>";
    }else{
    echo "$file_name | Could Not Be Uploaded!<br>";
    }
    }
    // end of loop
    ?>">

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    //File Extension Check
    $file_ext substr(strtolower(strrchr($file_name,'.')),1);
    $copy copy($_FILES['uploadFile'$x]['tmp_name'],$file_name);
    else
    $message "Sorry, $file_name($file_type) is not allowed to be uploaded."
    You don't actually check the extension here even though your comment says you will. And you have the word "else" just floating in the middle of unrelated code.

  5. #5
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay I took the else out. But it still doesn't prevent you from uploading files like a zip file. Here is the code again is there something else I'm missing?

    <?
    // start of dynamic form
    $uploadNeed = $_POST['uploadNeed'];
    for($x=0;$x<$uploadNeed;$x++){
    ?>
    <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
    </p>
    <?
    // end of for loop
    }
    ?>
    <p>
    <input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
    <input name="filename" type="hidden" id="filename" value="
    <?
    $UploadExts = array('gif','jpeg','jpg');
    $uploadNeed = $_POST['uploadNeed'];

    // start for loop
    for($x=0;$x<$uploadNeed;$x++){

    // strip file_name of slashes
    $file_name = stripslashes($file_name);
    $file_name = str_replace("'","",$file_name);
    $file_name = $_FILES['uploadFile'. $x]['name']['type'];
    $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

    //File Extension Check
    $file_ext = substr(strtolower(strrchr($file_name,'.')),1);
    $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
    $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";

    // check if successfully copied
    if($copy){
    echo "$file_name | uploaded Successfully!><br>";
    }else{
    echo "$file_name | Could Not Be Uploaded!<br>";
    }
    }
    // end of loop
    ?>">

  6. #6
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yes, you're still missing any code at all that compares the extension to the list of allowed extensions. Chris provided that for you, just paste it in there before you copy().

  7. #7
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have every bit of code I know in there and it still allows you to upload other files. Here is the code again. If you could make a change to the actual code I would apprecaiate it. I'm still a php newbie.

    <?
    // start of dynamic form
    $uploadNeed = $_POST['uploadNeed'];
    for($x=0;$x<$uploadNeed;$x++){
    ?>
    <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
    </p>
    <?
    // end of for loop
    }
    ?>
    <p>
    <input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
    <input name="filename" type="hidden" id="filename" value="
    <?
    $UploadExts = array('gif','jpeg','jpg');
    $uploadNeed = $_POST['uploadNeed'];

    // start for loop
    for($x=0;$x<$uploadNeed;$x++){

    // strip file_name of slashes
    $file_name = stripslashes($file_name);
    $file_name = str_replace("'","",$file_name);
    $file_name = $_FILES['uploadFile'. $x]['name']['type'];
    $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

    //File Extension Check
    if (!in_array($file_ext, $UploadExts))
    $file_ext = substr(strtolower(strrchr($file_name,'.')),1);
    $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
    else
    $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";

    // check if successfully copied
    if($copy){
    echo "$file_name | uploaded Successfully!><br>";
    }else{
    echo "$file_name | Could Not Be Uploaded!<br>";
    }
    }
    // end of loop
    ?>">

  8. #8
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rewrite this chunk... it's out of order:

    PHP Code:
    //File Extension Check
    $file_ext substr(strtolower(strrchr($file_name,'.')),1);
    if (
    in_array($file_ext$UploadExts)) {
        
    $copy copy($_FILES['uploadFile'$x]['tmp_name'],$file_name);
    } else {
        
    $message "Sorry, $file_name($file_type) is not allowed to be uploaded.";
        echo 
    $message;

    Last edited by Dan Grossman; Apr 28, 2006 at 05:09.

  9. #9
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Okay I did that and it's still uploading zip files.

    <?
    // start of dynamic form
    $uploadNeed = $_POST['uploadNeed'];
    for($x=0;$x<$uploadNeed;$x++){
    ?>
    <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
    </p>
    <?
    // end of for loop
    }
    ?>
    <p>
    <input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
    <input name="filename" type="hidden" id="filename" value="
    <?
    $UploadExts = array('gif','jpeg','jpg');
    $uploadNeed = $_POST['uploadNeed'];

    // start for loop
    for($x=0;$x<$uploadNeed;$x++){

    // strip file_name of slashes
    $file_name = stripslashes($file_name);
    $file_name = str_replace("'","",$file_name);
    $file_name = $_FILES['uploadFile'. $x]['name']['type'];
    $file_ext = strtolower(substr($file_name,strrpos($file_name,".")));

    //File Extension Check
    $file_ext = substr(strtolower(strrchr($file_name,'.')),1);
    if (!in_array($file_ext, $UploadExts)) {
    $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
    } else {
    $message = "Sorry, $file_name($file_type) is not allowed to be uploaded.";
    echo $message;
    }

    // check if successfully copied
    if($copy){
    echo "$file_name | uploaded Successfully!><br>";
    }else{
    echo "$file_name | Could Not Be Uploaded!<br>";
    }
    }
    // end of loop
    ?>">

  10. #10
    SitePoint Guru
    Join Date
    Aug 2004
    Location
    Earth
    Posts
    739
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I use something like:

    PHP Code:
    $allowed_file_types = array(
    'application/x-zip-compressed' => 'x-zip-compressed',
    'image/jpeg' => 'jpg',
    'image/gif' => 'gif'); 
    then:

    PHP Code:
        if(!array_key_exists($_FILES['uploadFile']['type'][$x], $allowed_file_types)) {
        echo 
    '<font color="ff0000">'.$_FILES['uploadFile']['name'][$x].'</font> is not an accepted file type for uploading<br />';
        
    }else{ 

  11. #11
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Where do I put this code? I'm not a big code guy, just trying to experiment until I get something that works. Thanks

  12. #12
    SitePoint Member Jion72's Avatar
    Join Date
    Apr 2006
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Another idea I have just embraced is doing it client side and not server side with javascript

    Look at this thread with an example that only allows you to load a .jpg or .jpeg file

    http://www.sitepoint.com/forums/showthread.php?t=374750

  13. #13
    SitePoint Member
    Join Date
    Apr 2006
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's not working for me either. Maybe I'm putting the code in the wrong place? Here's the complete code.


    <?
    // start of dynamic form
    $uploadNeed = $_POST['uploadNeed'];
    for($x=0;$x<$uploadNeed;$x++){
    ?>
    <input name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
    </p>
    <?
    // end of for loop
    }
    ?>
    <p>
    <input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
    <input name="filename" type="hidden" id="filename" value="
    <?
    $uploadNeed = $_POST['uploadNeed'];

    // start for loop
    for($x=0;$x<$uploadNeed;$x++){

    // strip file_name of slashes
    $file_name = stripslashes($file_name);
    $file_name = str_replace("'","",$file_name);

    // check if successfully copied
    if($copy){
    echo "$file_name | uploaded Successfully!><br>";
    }else{
    echo "$file_name | Could Not Be Uploaded!<br>";
    }
    }
    // end of loop
    ?>">
    <script type="text/javascript">
    function checkMe(form)
    {
    var input = form.getElementsByTagName('input');
    for( var i = 0; i <= input.length; i++ ) {
    thetype = input[i].getAttribute("type");
    //alert(thetype);
    if( thetype == 'file' ) {
    //alert(thetype + " is file");
    thefile = input[i].getAttribute("value");
    // alert(input[i].getAttribute("value"));
    if( !new RegExp('\.jpe?g$').test(thefile) )
    {
    alert('Field is not a JPEG file!');
    return false;
    }
    }
    }
    }
    </script>

  14. #14
    SitePoint Zealot
    Join Date
    Mar 2006
    Posts
    122
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can do file restrictions pretty simple with PHP. You can do a simple if and run through the array to check the extensions and exit if not allowed. Put the code during the beggining (around the beggining).


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •