SitePoint Sponsor

User Tag List

Results 1 to 15 of 15
  1. #1
    SitePoint Zealot
    Join Date
    Nov 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP image upload - only allow jpegs under a certain size?

    I have managed to get this far:
    Code:
    $file_name = $_FILES['uid']['name'];
    $user= 'FILENAME';
    $ext = pathinfo($file_name, PATHINFO_EXTENSION);
    $new_file_name=$user . '.' . $ext;
    $path= "uploads/images/users/".$new_file_name;
    if($uid !=none)
    {
    if(move_uploaded_file($_FILES['uid']['tmp_name'], $path))
    {
    echo "Successful<BR/>"; 
    echo "File Name :".$new_file_name."<BR/>"; 
    echo "File Size :".$_FILES['uid']['size']."<BR/>"; 
    echo "File Type :".$_FILES['uid']['type']."<BR/>"; 
    }
    else
    {
    echo "Error";
    }
    }
    This works nicely and renames my uploaded file but im struggling to make it accept only jpegs under a certain size. Everything I have tried has resulted in me getting an error message that i can only upload a jpeg (yet the file still gets uploaded) or nothing gets uploaded at all even if it is a jpeg. Any help is most appreciated. thank you.

  2. #2
    SitePoint Evangelist venkat6134's Avatar
    Join Date
    Jul 2010
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Like this;

    PHP Code:
    if (($_FILES["uid"]["type"] == "image/jpeg")
    && (
    $_FILES["uid"]["size"] < 20000)) // here maximum size of image is 20 kb 

  3. #3
    SitePoint Zealot
    Join Date
    Nov 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks so much for your swift reply - Where should this if statement be placed?

  4. #4
    SitePoint Evangelist venkat6134's Avatar
    Join Date
    Jul 2010
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    $file_name $_FILES['uid']['name'];
    $user'FILENAME';
    $ext pathinfo($file_namePATHINFO_EXTENSION);
    $new_file_name=$user '.' $ext;
    $path"uploads/images/users/".$new_file_name;

    if((
    $_FILES["uid"]["type"] == "image/jpeg") and ($_FILES["uid"]["size"] < 20000))
    {
    if(
    move_uploaded_file($_FILES['uid']['tmp_name'], $path))
    {
    echo 
    "Successful<BR/>"
    echo 
    "File Name :".$new_file_name."<BR/>"
    echo 
    "File Size :".$_FILES['uid']['size']."<BR/>"
    echo 
    "File Type :".$_FILES['uid']['type']."<BR/>"
    }
    else
    echo 
    "Error while uploading!";
    }
    else
    echo 
    "File format or size is not supported!"

  5. #5
    SitePoint Zealot
    Join Date
    Nov 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmm this gives me the error message "File format or size is not supported!"
    even when it is a jpeg and within the size restrictions - nothing gets uploaded (jpeg or any other format)??
    Thanks for your help so far.

  6. #6
    SitePoint Evangelist venkat6134's Avatar
    Join Date
    Jul 2010
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    change condition;
    some files as extension jpg and jpeg.
    if ((($_FILES["upload"]["type"] == "image/jpeg")
    || ($_FILES["upload"]["type"] == "image/jpg"))
    && ($_FILES["upload"]["size"] < 20000))

  7. #7
    SitePoint Zealot
    Join Date
    Nov 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Still doing the same unfortunately..i did notice you had put "upload" instead of "uid" so i changed that and tried again and once again its just the same error?
    Sorry to be a pain!

  8. #8
    Who turned the lights out !! Mandes's Avatar
    Join Date
    May 2005
    Location
    S.W. France
    Posts
    2,496
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    if your using IE as a browser you may need to accept

    MIME "image/pjpeg"

    too
    A Little Knowledge Is A Very Dangerous Thing.......
    That Makes Me A Lethal Weapon !!!!!!!!

    Contract PHP Programming

  9. #9
    SitePoint Zealot
    Join Date
    Nov 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so i would change to:
    if ((($_FILES["upload"]["type"] == "image/jpeg")
    || ($_FILES["upload"]["type"] == MIME "image/pjpeg")
    || ($_FILES["upload"]["type"] == "image/jpg"))
    && ($_FILES["upload"]["size"] < 20000))

    correct??

  10. #10
    SitePoint Evangelist venkat6134's Avatar
    Join Date
    Jul 2010
    Posts
    454
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    like this;
    if ((($_FILES["upload"]["type"] == "image/jpeg")
    || ($_FILES["upload"]["type"] == "image/pjpeg")
    || ($_FILES["upload"]["type"] == "image/jpg"))
    && ($_FILES["upload"]["size"] < 20000))

  11. #11
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Guys...seriously. STOP USING "type" it is insecure.

    PHP Code:

    $upload 
    $_FILES['upload-field-name'];

    // Is it a JPEG image?
    $info getimagesize$upload['tmp_name'] );
    if ( 
    $info[2] != IMAGETYPE_JPEG ) {
      
    // Not correct image type...
      
    exit;
    }

    // Is it smaller then 10 MB?
    if ( filesize$upload'tmp_name' ] ) > 10485760 ) {
      
    // Not correct file size...
      
    exit;

    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  12. #12
    SitePoint Zealot
    Join Date
    Nov 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    @ Venkat / Mandes - still the same problem
    @logic earth - I tried the following (could have got it very wrong:
    Code:
    $file_name = $_FILES['uid']['name']; 
    $user= 'FILENAME'; 
    $ext = pathinfo($file_name, PATHINFO_EXTENSION);
    $new_file_name=$user . '.' . $ext; 
    $path= "uploads/images/users/".$new_file_name;  
    $upload = $_FILES['uid']
    $info = getimagesize( $upload['tmp_name'] );
    if ( $info[2] != IMAGETYPE_JPEG ) {
    echo "File format is not supported!";
    }
    if ( filesize( $upload[ 'tmp_name' ] ) > 3485760 ) 
    {
    echo "The filesize is too large!";
    }  
    else(move_uploaded_file($_FILES['uid']['tmp_name'], $path)) 
    { 
    echo "Successful<BR/>";  
    echo "File Name :".$new_file_name."<BR/>";  
    echo "File Size :".$_FILES['uid']['size']."<BR/>";  
    echo "File Type :".$_FILES['uid']['type']."<BR/>";  
    }
    This results in unexpected T_VARIABLE..

  13. #13
    SitePoint Enthusiast
    Join Date
    Apr 2004
    Location
    Michigan
    Posts
    79
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    the error should also be telling you what line is 'offending'

  14. #14
    SitePoint Zealot
    Join Date
    Nov 2008
    Posts
    140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Line 8 starting $info = getimagesize

  15. #15
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,521
    Mentioned
    37 Post(s)
    Tagged
    1 Thread(s)
    $ext = pathinfo($file_name, PATHINFO_EXTENSION);

    If you don't fix that line, every other check proposed in this thread can still be maliciously bypassed.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •