SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    Non-Member
    Join Date
    Feb 2005
    Posts
    737
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Help checking a file mime type?

    Hi All,

    I'm putting together a script which checks for an allowd file extention, and also checks that files mime type:

    PHP Code:
    <?php
    if (isset($_POST['Submit'])) {

     
    $errors     = array();
     
    $byte     "2097152";
     
    $media_01 $_FILES['file_one']['name'][0];
     
     
    //Check to see if file is too big
      
    if($_FILES['file_one']['error'][0] == 1) {
      
    $errors[] = "Your first file uploaded is too big.";
     } 
     
     
    //Check the file extention is a valid one
      
    $ext1=strrchr(basename($media_01),'.'); 
      
    $FileType = array (".jpg"".jpeg"".JPG"".JPEG"".gif"".GIF"".png"".PNG"".pdf"".PDF"".tiff"".TIFF"".doc"".DOC"".docx"".DOCX"".mp3"".MP3"".txt"".TXT"".odt"".ODT"".ods"".ODS"".wmv"".WMV"".mpg"".MPG"".mpeg"".MPEG");  
      if(!
    in_array(substr($_FILES['file_one']['name'][0],strrpos($_FILES['file_one']['name'][0],".")),$FileType)) {
        
    $errors[] = "Your first image is not a recognised filetype we accept.<br />"
      } 
      
      
    //Check the Mimetype
      
    $parts getimagesize($media_01);
      
    $allowedMimes = array('image/jpg''image/png''image/gif');
      if(!
    in_array($parts['mime'], $allowedMimes)) {
        
    $errors[] = "Dodgy Mimetype.<br />"
      } 
     
     
    // If first browse button not filled in then don't process the first image, otherwise do
     
    if (!empty($media_01) && count($errors) == 0){ 
     
      
    //GO ON AND PROCESS THIS FILE
      
      
    $error 'Thank you we have recieved the information you have submitted';  

      } else {
       
    $error "<span style='color:#c00'>" implode(' '$errors) . "</span>"
      }  
     
      } 
    //End of Submit
    ?>
    <form action="" method="post" enctype="multipart/form-data" id="form_submission" class="media fw-1">
    <?php echo $error;?>
      <fieldset>
       <legend>Please fill in your details below</legend> 
       <p> 
       <label for="file_one">Media 1:</label> 
       <input name="file_one[]" type="file" id="file_one" />
       </p>

       <p>
        <input name="Submit" type="submit" value="Submit" style="margin-top:5px; width:150px" />
       </p>
      </fieldset> 
     </form>
    Now, I have a couple of questions. First of all everything works apart from the mimetype check. I get the error

    Code:
    Warning: getimagesize(file.jpg) [function.getimagesize]: failed to open stream
    And my second question is can anyone see any problems that there would be with the script - ie dodgy files that could get through and any suggestions to improve security?

    Thanks

  2. #2
    Utopia, Inc. silver trophy
    ScallioXTX's Avatar
    Join Date
    Aug 2008
    Location
    The Netherlands
    Posts
    9,036
    Mentioned
    152 Post(s)
    Tagged
    2 Thread(s)
    You should perform getimagesize on $_FILES['file_one']['tmp_name'][0], not on $_FILES['file_one']['name'][0], since the former indicates where the uploaded file is stored on the system and the latter indicates the filename of the file as it was on the user's system.

    As for the mimetypes, I'm not al too familiar with them as well, so I will let someone else with more authority on the subject answer that question
    Rémon - Hosting Advisor

    Minimal Bookmarks Tree
    My Google Chrome extension: browsing bookmarks made easy

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  4. #4
    SitePoint Wizard
    Join Date
    Mar 2008
    Posts
    1,149
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    header("Content-Disposition: attachment"); 
    (When showing the file.)

  5. #5
    PHP Developer W1LL's Avatar
    Join Date
    Apr 2001
    Location
    Leicester, UK
    Posts
    459
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    When you're checking/validating the MIME type, note that some IE browsers use "image/pjpeg" instead of "image/jpeg" for some JPG's.

    Weird I know, but IE always has to be different!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •