...

View Full Version : Limiting file type uploads help!



dancrew32
07-20-2007, 12:13 AM
Hey guys I'm kinda diving into my first php file uploader and I need some of your almighty direction. I only know how to limit individual file types, but writing a section to block every other filetype in the world is going to make this thing huge.

My goal: only allow people to upload these video filetypes:

.AVI, .MOV, .MPG, .MPEG, .MPEG2, .WMV

If any of you guys could possibly help me out, that would mean the world to me! Seriously.

Here's my current upload.php file:

<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$ok=1;

//Size condition
if ($uploaded_size > 350000)
{
echo "Your file is too large.<br>";
$ok=0;
}

//Limit file type condition
if ($uploaded_type =="text/php")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="text/cgi")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="text/html")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="text/asp")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="text/pl")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="image/gif")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="image/jpg")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="image/png")
{
echo "Not an approved file type.<br>";
$ok=0;
}
if ($uploaded_type =="image/tif")
{
echo "Not an approved file type.<br>";
$ok=0;
}

//Check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}

//If everything is ok
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ".
basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>

Thanks in advance for any help you can provide.

PappaJohn
07-20-2007, 12:20 AM
Instead of trying to block a list of file types, only allow those you want.

So instead of checking if a file type is whatever, check if it is not one of the types you wish to allow.

CFMaBiSmAd
07-20-2007, 12:28 AM
Also, if you put the allowed types into an array, you can use the in_array() function http://php.net/in_array to test for an accepted type instead of using a long list of conditional logic to test each possible value.

dancrew32
07-20-2007, 12:40 AM
This is probably terribly wrong, but does this make sense?

(edited:3:58pm)

//This is our limit file type condition

$videofiles = array("video/avi", "video/mov", "video/mpg", "video/mpeg", "video/mpeg2");
if (!($uploaded_type==(in_array($videofiles)))){
echo "You may only upload .AVI, .MOV, .MPG, .MPEG, or .MPEG2 files.<br>";
$ok=0;
}

I'm pretty new to php, so sorry for bothering you guys..

Mwnciau
07-20-2007, 01:54 AM
//This is our limit file type condition

$videofiles = array("video/avi", "video/mov", "video/mpg", "video/mpeg", "video/mpeg2");
if (!in_array($uploaded_type, $videofiles)){
echo "You may only upload .AVI, .MOV, .MPG, .MPEG, or .MPEG2 files.<br>";
$ok=0;
}

dancrew32
07-20-2007, 01:58 AM
That is successful at blocking other MIME types, but it seems to be blocking everything now.

Everytime I upload a proper video file it's echoing You may only upload .AVI, .MOV, .MPG, .MPEG, or .MPEG2 files.

Here is my current code:


<?php
$target = "upload/";
$target = $target . basename( $_FILES['uploaded']['name']) ;
$videofiles = array("video/x-msvideo", "video/quicktime", "video/mpeg", "video/mpeg2");
$ok=1;

//This is our size condition. limited to a gig
if ($uploaded_size > 1000000000)
{
echo "Your file is too large. Make it less than 1 GB.<br>";
$ok=0;
}

//This is our limit file type condition

if (!in_array($uploaded_type, $videofiles)){
echo "You may only upload .AVI, .MOV, .MPG, .MPEG, or .MPEG2 files.<br>";
$ok=0;
}

//Here we check that $ok was not set to 0 by an error
if ($ok==0)
{
Echo "Sorry your file was not uploaded";
}

//If everything is ok we try to upload it
else
{
if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))
{
echo "The file ".
basename( $_FILES['uploadedfile']['name']). " has been uploaded";
}
else
{
echo "Sorry, there was a problem uploading your file.";
}
}
?>



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum