...

View Full Version : disallow extention,,



muhaidib
06-24-2005, 07:15 PM
greetings all :)

i have a file uploader in my site,, and i have a code that says


$limitedext = array(".gif",".jpg",".png",".jpeg",".JPG");
but i disabled that so it will accept any thing,,,

but i just want to disable some extentions,,,

can you help me please :cool:

Sicton
06-24-2005, 09:02 PM
$disallowed_ext = array(

'jpg',
'gif',
'mpeg',

);

$filetype = end( explode('.', $filename) );

if( in_array($filetype, $disallowed_ext) )
{
// Display message stating a disallowed filetype was attempted to be uploaded
}

else
{
// Execute remainder of upload script
}

muhaidib
06-26-2005, 09:03 AM
it doesn't seem to work.. i placed it in the right place,,,

thank you anyways for you help :thumbsup:

SeeIT Solutions
06-26-2005, 11:03 AM
post the rest of your code. It isn't a problem with what Sicton wrote, it must be a problem with how you implemented it.

muhaidib
06-26-2005, 06:38 PM
ok here you go,, its pretty long lol




<html>
<head>
<link rel="stylesheet" type="text/css" href="../styles/default.css">
<title>Uploader @ 7amodi Designs</title>
</head>


<body>
<div align="center">
<font size="3" color="#5CB0DE">7Designs ver.5</font><table border="0" cellpadding="0" cellspacing="0" width="600" id="table5">
<tr>
<td valign="top" width="600" height="517">
<div align="center">
<table border="0" cellpadding="0" cellspacing="0" width="100%" id="table6">
<tr>
<td width="50">&nbsp;
</td>
<td width="500" align="center">
<table border="0" cellpadding="0" cellspacing="0" width="500" id="table7" height="526">
<tr>
<td height="75">
<p align="center"><font size="5">~File Uploader~</font><p align="center">
<font size="5">~مركز تحميل الصور و الملفات~</font></td>
</tr>
<tr>
<td>
<div align="center">
<font size="2" color="#5CB0DE">Make sure that the file does not have a</font><font size="2" color="#003399"> </font>
<font size="2" color="#CC0000">(SPACE)</font><font size="2" color="#003399"> </font>
<font size="2" color="#5CB0DE"> in
it or it will not work!</font><p><font size="2" color="#5CB0DE">Just change the
space to a (_) &quot;underscore&quot;</font></p>
<p><font size="2" color="#5CB0DE">تأكو ان اسم الملف مافيه</font><font size="2" color="#003399"> </font>
<font size="2" color="#CC0000">(مسافه)</font><font size="2" color="#003399"> </font>
<font size="2" color="#5CB0DE"> ولا
ما راح يشتغل</font></p>
<p dir="rtl"><font size="2" color="#5CB0DE">مثلاً إذا اسم الصوره
<span lang="en-us">&quot;pic 001.jpg&quot; </span>غيروه إلا <span lang="en-us">&quot;pic</span>_<span lang="en-us">001.jpg&quot;</span></font></p>
<p>&nbsp;
<font size="6">
<?php
/*
Author: Mohammed Ahmed(M@@king)
Version: 1.0
Date: 10.Oct.2004
----------------------------
Last Update: 16.Nov.2004
----------------------------
E-mail: m@maaking.com
MSN : m@maaking.com
WWW : http://www.maaking.com


---Description -----------------------------------------------------
The Super Global Variable $_FILES is used in PHP 4.x.x.
$_FILES['upload']['size'] ==> Get the Size of the File in Bytes.
$_FILES['upload']['tmp_name'] ==> Returns the Temporary Name of the File.
$_FILES['upload']['name'] ==> Returns the Actual Name of the File.
$_FILES['upload']['type'] ==> Returns the Type of the File.

So if I uploaded the file 'test.doc', the $_FILES['upload']['name']
would be 'phptut.doc' and $_FILES['upload']['type'] would be 'application/msword'.
---------------------------------------------------------------------*/

//**********************************************************************//
// $_FILES['filetoupload'] is the value of //
// file field from the form. <input type="file" name="filetoupload"> //
//**********************************************************************//

// this is the upload dir where files will go.
//Don't remove the /
//Chmod it (777)
$upload_dir = "upload/"; //change to whatever you want.

//51200 bytes = 50KB
$size_bytes = 2500000; //File Size in bytes (change this value to fit your need)

$extlimit = "no"; //Do you want to limit the extensions of files uploaded (yes/no)
$limitedext = array(".gif",".jpg",".png",".jpeg",".JPG"); //Extensions you want files uploaded limited to. also you can use: //array(".gif",".jpg",".jpeg",".png",".txt",".nfo",".doc",".rtf",".htm",".dmg",".zip",".rar",".gz",".exe");

//check if the directory exists or not.
if (!is_dir("$upload_dir")) {
die ("The directory <b>($upload_dir)</b> doesn't exist");
}
//check if the directory is writable.
if (!is_writeable("$upload_dir")){
die ("The directory <b>($upload_dir)</b> is NOT writable, Please CHMOD (777)");
}
$disallowed_ext = array('.exe','.EXE','.PHP','.php');

$filetype = end( explode('.', $filename) );

if( in_array($filetype, $disallowed_ext) )
{
header("Location: ext.shtml");
}

else
{
// Execute remainder of upload script
}

if($uploadform) // if you clicked the (Upload File) button. "If you submitted the form" then upload the file.
{//begin of if($uploadform).


//check if no file selected.
if (!is_uploaded_file($_FILES['filetoupload']['tmp_name']))
{
echo "Error: Please select a file to upload!. <br><a href=\"$_SERVER[PHP_SELF]\">back</a> تأكدو انكم ضغطتو على زر اختيار الملف اول";
exit(); //exit the script and don't do anything else.
}

//Get the Size of the File
$size = $_FILES['filetoupload']['size'];
//Make sure that file size is correct
if ($size > $size_bytes)
{
$kb = $size_bytes / 1024;
echo "File Too Large. File must be <b>$kb</b> KB. <br><a href=\"$_SERVER[PHP_SELF]\">back</a> حجم الملف كبيـــر";
exit();
}

//check file extension
$ext = strrchr($_FILES['filetoupload'][name],'.');
if (($extlimit == "yes") && (!in_array($ext,$limitedext))) {
echo("Wrong file extension. ");
exit();
}

// $filename will hold the value of the file name submetted from the form.
$filename = $_FILES['filetoupload']['name'];
// Check if file is Already EXISTS.
if(file_exists($upload_dir.$filename)){
echo "Oops! The file named <b>$filename </b>already exists. <br><a href=\"$_SERVER[PHP_SELF]\">back</a> بلزز اختارو اسم ثاني";
exit();
}

//Move the File to the Directory of your choice
//move_uploaded_file('filename','destination') Moves afile to a new location.
if (move_uploaded_file($_FILES['filetoupload']['tmp_name'],$upload_dir.$filename)) {

//tell the user that the file has been uploaded and make him alink.
echo "File (<a href=$upload_dir$filename>$filename</a>) uploaded! مبرووك تمت تحميل الملف بنجاح<br><a href=\"$_SERVER[PHP_SELF]\">back</a>";
exit();

}
// print error if there was a problem moving file.
else
{
//Print error msg.
echo "There was a problem moving your file. <br><a href=\"$_SERVER[PHP_SELF]\">back</a>";
exit();
}



}//end of if($uploadform).

#---------------------------------------------------------------------------------#
// If the form has not been submitted, display it!
else
{//begin of else

?></font>
<br>
</p>
<h3>&nbsp;</h3>
<i>- Allowed Extensions:</i>

<b>
(every thing under the max file size)<span class="new"><font size="1">NEW</font></span></b><br>
<i>- Max File Size</i> = <b><?echo $size_bytes / 1000000; ?> MB <span class="new"><font size="1">NEW
(before it was 1MB only)</font></span></b><br>
<form method="post" enctype="multipart/form-data" action="<?php echo $PHP_SELF ?>">
<br>
<input type="file" name="filetoupload" class="field" size="81"><br>
<input type="hidden" name="MAX_FILE_SIZE" value="<?echo $size_bytes; ?>">
<br>
<input type="submit" name="uploadform" value=" oK " class="field">
</form>

<?

}//end of else

/*______________________________________________________________________________*/
// Here is the most interesting part.
// it views the directory contents.....i'll disscuss next version. (ver 2.0)
?>
<div align="center">
&nbsp;</div>
<table border="0" cellpadding="0" cellspacing="0" width="400" id="table8">
<tr>
<td align="center">&nbsp;</td>
</tr>
</table>
<p><a href="../index.php">HOME</a></div>
</td>
</tr>
</table>
</td>
<td width="50">&nbsp;
</td>
</tr>
</table>
</div>
</td>
</tr>
</table>
<p><?php include('../includes/tail.php') ?></p></div>
</body>

</html>

delinear
06-26-2005, 09:26 PM
The code appears way too early, you're trying to explode $filename to check the extension yet at the point you've inserted the code, $filename doesn't exist. $filename is created later by this:

// $filename will hold the value of the file name submetted from the form.
$filename = $_FILES['filetoupload']['name'];
The code to check the extension of $filename should therefore at least appear somewhere after this point.

muhaidib
06-27-2005, 04:39 PM
ohhhh i see,,, i will check it out :) thanx man



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum