Here you go. I made a better approach and a less sloppy way of doing it. I also created a short Youtube
video for you to see the results. In the video, I only showed the use with images. But the same can be done with videos since this snippet allows generic video formats like mp4
, avi
, and webm
. You can modify it to use any kind of mime
type that you desire.
<?php
// TESTED ONLY WITH PHP 7!!!!
// THIS SNIPPET MAY NOT WORK WITH OTHER VERSIONS OF PHP
// The proper way of checking if the form was submitted through POST
if($_SERVER['REQUEST_METHOD'] == 'POST') {
$dir = 'uploads/'; // The directory the files should be stored in
// Create an array of desired mime types.
// Generally, mime types start with the category the file belongs in.
// Then followed by either the extension or the actual type of file it is.
// Here is a complete list of mime types if you are not familiar with them.
// https://sitepoint.com/web-foundations/mime-types-complete-list/
$array = array(
'image/png',
'image/jpg',
'image/jpeg',
'image/gif',
'video/mp4',
'video/webm',
'video/avi',
'video/mpeg',
);
// These are just the generic mime types for images and videos. If you want to allow other image formats and video formats, you'll need to add them into the array yourself.
$name = $_FILES['fileToUpload']['name']; // Create the $name variable and append the name field to it.
$tmp = $_FILES['fileToUpload']['tmp_name']; // Create the $tmp variable and append the tmp_name field to it.
$size = $_FILES['fileToUpload']['size']; // Create the $size variable and append the size field to it.
// Check the mime type of the file
// Remember, mime_content_type won't work if the file is larger than the expected file size within your php.ini file.
// mime_content_type will also not work if you are not running on PHP 7.
// It was marked as deprecated and would complain when you used it.
// An alternative is to use finfo_file()
// The example usage can be found at http://php.net/manual/en/function.finfo-file.php
$mime = mime_content_type($tmp);
// Take the mime type of the temp file and check it against the array we created above.
// We DO NOT want to take the "type" field from the default $_FILES[...]['type'] field,
// Because this is not reliable and only contains the current mime type of the file extension.
// It does not contain the original mime type that the file was created from.
if(in_array($mime, $array)) {
// In this if/else statement, we are checking to see if the file is an image or not.
// Apparently, you are asking for less of a file size for images than for video files.
// So we check to see if the image is larger than 5,000,000 bytes.
// If the file is, tell the user that the file is too big.
// If the file is not, proceed to uploading the file.
// Again, this is just a few generic mime types for images.
// If you want to allow other image formats, you'll have to add them in yourself.
$imageType = array(
'image/png',
'image/jpg',
'image/jpeg',
'image/gif'
);
// Check for the very last period. This generally is the file extension.
// We are doing this because we want to know the file extension of the file.
// If the file has made it this far, we will assume that the file is either an image or a video.
// So it's safe to use the file's old extension.
// Normally, you wouldn't want to use the user's file extension and you would append your own.
// But this is just a snippet to demonstrate that we can do this.
$ext = substr(strrchr($name, '.'), 1);
// Generate a hash using the current timestamp in Unix along with sha256.
// You can generate the file name any way you'd like.
// It doesn't have to be exactly like how everyone wants you to do it.
$name = hash('sha256', time());
// Combine the 3 variables ($dir, $name, $ext) together and append a period before the extension.
// This will give you a random file name along with the original file extension. Like so.
// 91f56c7596fdfaa1d0b64a0e9461eff5314dcca1cb51d2c8c89b830388d053f8.jpg
// Or
// c3e7d43db3d7be99d77112d8283cd3fff8f720ee6d8a2283b69c706493cbd003.mp4
$file = $dir . $name . '.' . $ext;
// Check to see if the mime content type of the temp file is an image.
if(in_array($mime, $imageType)) {
// Check to see if the image is larger than 5,000,000 bytes.
if($size > 5000000) {
print('Sorry, your file is too large.'); // Tell the user that their image size is too big.
} else {
// The image is just perfect so move the image to the upload directory along with
// the new file name.
if(move_uploaded_file($tmp, $file)) {
print('Good'); // A successful upload 'twas is.
} else {
print('Bad upload'); // Hmm, looks like the upload was a failure.
// Check to make sure that the directory has the right permissions for you to
// Upload files to.
// Also, make sure that the directory you specified exists.
}
}
} else {
// The file was not an image based on the mime type.
// We will assume it is a video if it gets this far.
// Check to see if the video is larger than 5,000,000,000 bytes.
if($size > 5000000000) {
print('Sorry, your file is too large.');// Tell the user that their video size is too big.
} else {
// The video is just perfect so move the video to the upload directory along with
// the new file name.
if(move_uploaded_file($tmp, $file)) {
print('Good'); // A successful upload 'twas is.
} else {
print('Bad upload'); // Hmm, looks like the upload was a failure.
// Check to make sure that the directory has the right permissions for you to
// Upload files to.
// Also, make sure that the directory you specified exists.
}
}
}
} else {
print('Bad'); // It looks like the original mime type of the file does not meet our standards.
}
} else {
header('Location: /'); // Redirect the user back to whatever page they came from.
// I would suggest changing this line if this current PHP file is located some where else
// Or if the file used to target this current PHP file is named something different.
}
NOTE
SINCE THIS IS JUST A SAMPLE SNIPPET, THIS IS NOT PRODUCTION READY EVEN THOUGH IT HAS BEEN TESTED ON A DEVELOPMENT PHP 7. YOU SHOULD STILL DO MORE SECURITY CHECKS.
I AM NOT RESPONSIBLE FOR ANY ERRORS AFTER THIS POST. IF ANYONE HAPPENS TO MODIFY THIS WORKING SAMPLE SNIPPET AND RECEIVES ERRORS, DO NOT BLAME ME NOR THE SAMPLE SNIPPET FOR YOUR OWN MODIFICATIONS.