Upload mp3 to folder directory to database

skyhighweb · July 4, 2018, 7:35am

i have an image uploaded that does this but i need it to also except audio files is there a way i can add an except audio file code to it

<?php 
/*************** AVTAR UPLOAD SCRIPT ******************************/
//By nay27uk
// License: Free
/***********************************************/
include 'includes/common.inc.php';

$query = "SELECT * FROM " . $DBPrefix . "users WHERE id = " . $user->user_data['id'];
$result = mysql_query($query);
$system->check_mysql($result, $query, __LINE__, __FILE__);
if($_POST['Submit'] == 'Upload') 
{
 
// This is the unique user_id
$id = $user->user_data['id'];

if (!empty ($_FILES['ifile']['tmp_name']))
{

/* Thumbnail class is required */

include_once('phpthumb/ThumbLib.inc.php');

/* GetImageSize() function pulls out valid info about image such as image type, height etc. If it fails 
then it is not valid image. */

 if (!getimagesize($_FILES['ifile']['tmp_name']))
  { 
   die("Invalid Image File.");
  
  }

$imgtype = array('1' => '.gif', '2' => '.jpg' , '3' => '.png');
  
  // extract the width and height of image
   
  list($width, $height, $type, $attr) = getimagesize($_FILES['ifile']['tmp_name']);
 
 // Extract the image extension
 
  switch ($type)
  {
  case 1: $ext='.gif'; break;
  case 2: $ext = '.jpg';break;
  case 3: $ext='.png'; break;
  }
  // Dont allow gif files to upload as it may  contain harmful code
  
  if ( $ext == '.gif') {
    die("Sorry - GIF not allowed. Please use only PNG or JPEG formats");
    }
  
 /* Specify maximum height and width of users uploading image */
 
   if ($width > 2400 || $height > 2400)
  {
   die("Maximum width and height exceeded. (max 2400 x 2400 pixels)");
   
  }
  /* Specify maximum file size here in bytes */
   
  if ($_FILES['ifile']['size'] > 2000000 )
    {
    die("Error: Large File size. (max 200kb)");
    
    }
     
    /******** IMAGE RESIZING *********************/
    // Before we start resizing, we first have to move the image file to server
    // save it there under a unique name and then do the final resizing and save the resized image.
    
    // Specify which directory you want to upload. It should be a subfolder where the script is present
    // We also generate a unique name for picture FILE-USERID-XXX where xxx is random number
    // The uploads folder must have writable permissions.
    
    $uploaddir = 'uploaded/avatar/';
    $secondname = rand(100,99);
    $uploadfile =  $uploaddir . "img-$id-$secondname". $ext;
    
    if (!move_uploaded_file($_FILES['ifile']['tmp_name'], $uploadfile ))
     {
       die("Error moving the uploaded file");
     }
    
    $thumb = PhpThumbFactory::create($uploadfile);
    
    //specify the height and width of avatar image to resize
    
    $thumb->resize(150,150);
    $thumb->save($uploadfile);
    //$thumb->show();
    
    //MySQL query to update avatar filename in the database. You need to create a field avatar
    
    $query = "UPDATE " . $DBPrefix . "users SET avatar = '" . $uploadfile . "' WHERE id = " . $user->user_data['id'];
    $system->check_mysql(mysql_query($query), $query, __LINE__, __FILE__);
    $user->user_data['avatar'] = $uploadfile;
    
    //$thumb->destruct();
    }
 } 
 
header ("Location: user_menu.php?cptab=avatarupload");
exit;
  
?>

thanks

chorn · July 4, 2018, 8:07am

You first have to move all the image functions to a separate code part that is triggered for images only.

droopsnoot · July 4, 2018, 9:26am

You can see where it is determining the file type by the extension name of the uploaded file - so one of the things you can do there is add on your acceptable audio file type extensions. You then need to deal with not trying to create a thumbnail from an audio file, and not trying to check the dimensions. And all the bottom end of that code seems to be setting the uploaded image to be the users avatar, so of course if they upload an audio file, that needs to be changed to something more suitable.

I haven’t done this myself, but I have read many times on here that checking a file type simply by looking at the filename extension is not the correct way to do it. There are plenty of threads on here describing more secure methods of checking that the files are those you want.

On that same subject, you’re using the no-longer-supported mysql_ functions - while you’re getting this working, you need to drop them and switch to mysqli or PDO, and use prepared statements.

I’d presumed the audio upload will be an entirely separate bit of code as this seems to only be for setting a single avatar for the user. It’s strange code, really - for example I’m not sure why it needs to add a random number onto the image filename during upload, as the filename also contains the user-id which is described earlier as unique.

skyhighweb · July 18, 2018, 4:10pm

yeah it really was a strange code i had to spend time on it and did what u said adding the extension and re naming some id to point to the new extension did d trick, thanks alot

system · October 17, 2018, 11:10pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.