SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP Upload limit image type to JPG and Gif

    PHP Upload limit image type to JPG and Gif?

    Im trying to upload only gif and jpg filetypes.

    I can do it by getting the extension from the php susbtr function, but i would like to do it the correct way?

    Here is the code and it works for either gif or jpeg but i can seem to get the syntax correct for both i tried

    if ($uploaded_type != ("image/jpeg") | ("image/gif"){ along with a few other combos. Whats the correct way to do this?

    Here is the current bit of code...

    if ($uploaded_type != ("image/jpeg"){
    echo "This type of picture is no allowed. Please upload and try again!<br>";
    $ok=0;
    }

    Thanks Sitepoint!

  2. #2
    SitePoint Addict
    Join Date
    Mar 2003
    Location
    In a house in the USA
    Posts
    293
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, first thing I would suggest is going to: http://us2.php.net/manual/en/features.file-upload.php and taking a look at file uploads.

    If you want to only allow a few types of images, lets say: gif and jpg. You can create an array like:
    PHP Code:
    $types = array('image/jpeg''image/gif'); 
    Of course you can add more file types to your array as needed. Which can be found by doing a print_r on the $_FILES variable and taking the value from type.

    Then when you upload your file to make sure that it is a correct file type you can do:
    PHP Code:
    if (in_array($_FILES['inputname']['type'], $types)) {
    // Your file handing script here
    } else {
    // Error, filetype not supported

    Hope this helps a little
    Daniel
    http://www.wlscripting.com - PHP Tutorials and code snippets
    Notepad++ Function List plugin tip - for PHP developers

  3. #3
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thats perfect im trying that now!

    Big thanks for your help.

  4. #4
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Upload images via php

    Here is the image upload script modified . It requires an html form page with this code...
    HTML Code:
    <form enctype="multipart/form-data" action="upload.php" method="POST">
    Please choose a file: <input name="uploaded" type="file" /><br />
    <input type="submit" value="Upload" />
    </form>

    then a php page called upload.php that the form above posts to.

    the code was adapted from an about article.

    PHP Code:
    <?php
    $target 
    "images/";
    $target $target basename$_FILES['uploaded']['name']) ;
    $ok=1;

    //This is our size condition
    if ($uploaded_size 2097152){
    echo 
    "Your file is too large. We have a 2MB limit.<br>";
    $ok=0;
    }

    $types = array('image/jpeg''image/gif''image/png');

    if (
    in_array($_FILES['uploaded']['type'], $types)) {
    // file is okay continue
    } else {
    $ok=0;


    //Here we check that $ok was not set to 0 by an error
    if ($ok==0){
    Echo 
    "Sorry your file was not uploaded. It may be the wrong filetype. We only allow JPG, GIF, and PNG filetypes.";
    }

    //If everything is ok we try to upload it
    else{
    if(
    move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)){
    echo 
    "The file "basename$_FILES['uploadedfile']['name']). " has been uploaded";
    }
    else{
    echo 
    "Sorry, there was a problem uploading your file.";
    }
    }
    ?>
    It also requires a folder called images with write permissions.

  5. #5
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  6. #6
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php

    $target 
    dirname__FILE__ ) . '/images/';
    $ok true;

    $file $_FILES['uploaded'];

    if ( 
    $file['error'] > ) {
        
        
    // We have an error...
        
    $ok false;

    }

    if ( 
    2097152 filesize$file['tmp_name'] ) ) {

        
    // File to big.
        
    $ok false;
    }

    $type getimagesize$file['tmp_name'] );
    if ( 
    $type === false || !in_array$type[2], array( IMAGETYPE_GIFIMAGETYPE_JPEGIMAGETYPE_PNG ) ) ) {

        
    // File not correct type.
        
    $ok false;

    } else {

        
    $ext image_type_to_extension$type[2] );
        if ( !
    preg_match'/' preg_quote$ext ) . '$/i'$file['name'] ) ) {
            
    $file['name'] .= $ext;
        }

        
    $target .= $file['name'];

    }

    if ( 
    $ok ) {

        if ( 
    move_uploaded_file$file['tmp_name'], $target ) ) {

            
    // File is uploaded!
        
        
    } else {

            
    // Error...
        
        
    }

    } else {

        
    // Error...
        
    }
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  7. #7
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OMG... there is an image_type_to_extension

    ill use that code then.

    Thanks for the code update

  8. #8
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I seem to not have php 5 on my server. Lunarpages?

    call to undefined function.

  9. #9
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah... current version PHP Version 4.4.4

    what are they thinkin... lol

    I tried it on a hostmonster account with php version 5+ and it worked just fine

  10. #10
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Drop in replacement for image_type_to_extension should work in PHP 4
    PHP Code:
    if ( !function_exists('image_type_to_extension') ) {

        function 
    image_type_to_extension $type$dot true )
        {
            
    $e = array ( => 'gif''jpeg''png''swf''psd''bmp' 
                'tiff'
    'tiff''jpc''jp2''jpf''jb2''swc',
                
    'aiff''wbmp''xbm' );

            
    // We are expecting an integer.
            
    $type = (int)$type;
            if ( !
    $type ) {
                
    trigger_error'...come up with an error here...'E_USER_NOTICE );
                return 
    null;
            }

            if ( !isset( 
    $e$type ] ) ) {
                
    trigger_error'...come up with an error here...' E_USER_NOTICE );
                return 
    null;
            }

            return ( 
    $dot '.' '' ) . $e$type ];
        }
        

    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  11. #11
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you are just doing images, logic_earth's code should work fine. You will have to write your code all over again on the occasion that you need to handle other file types.

    It's correct that you should never rely on information in the $_FILES array for security. If we had no ethics here, most of the experienced members of this board could easily show you how to use cURL or socket functions to spoof that information, and get an executable PHP file onto a server that only checks $_FILES for type information. Suffice it to say, you don't want to know how easy it is.
    Visit my blog
    PHP && Life
    for technology articles and musings.

  12. #12
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I wrote an upload script for php-nuke last version was uploadit 3 google still has it as the #1 result

    the previous version did allow hackers to upload files like...

    hacktool.php.jpg

    I made sure the script renamed the file to something like 12312312.jpg

    Could cURL get past that?

  13. #13
    SitePoint Wizard Hammer65's Avatar
    Join Date
    Nov 2004
    Location
    Lincoln Nebraska
    Posts
    1,161
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mkoenig View Post
    I wrote an upload script for php-nuke last version was uploadit 3 google still has it as the #1 result

    the previous version did allow hackers to upload files like...

    hacktool.php.jpg

    I made sure the script renamed the file to something like 12312312.jpg

    Could cURL get past that?
    Look at it this way. The web server is the gateway to your web site. The web server decides what to do with a file based on the file extension. If the file extension is JPG, it isn't going to matter if it has PHP code in it or not. It's not going to get executed as such.

    The danger is in a file that might be called, hacktool.gif.php where your script only looks for the presence of the strings "jpg", "gif" or "png", instead of ensuring that that string is the "true" file extension.

    As long as you don't rely on the type information contained in the $_FILES array to ensure security, someone using cURL won't be able to affect your script in that manner. If you detect an attempt to subvert your system, leave the file in the temp directory to die, or better yet delete it. Don't leave it on your system to be exploited in some other way.
    Visit my blog
    PHP && Life
    for technology articles and musings.

  14. #14
    Jewish Juggernaut mkoenig's Avatar
    Join Date
    Aug 2007
    Posts
    1,227
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sounds good. I've been using php for about 5 years, but am still a novice.

    I once heard of a book called learn to program in 10 years, a title that was
    supposed to fly in the face of the normal 30-60day programs.

    Good things take time, I may need to break out the books again.

    Thanks Hammer65


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •