Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Regular Coder
    Join Date
    Sep 2010
    Posts
    460
    Thanks
    214
    Thanked 1 Time in 1 Post

    Video Upload works fine until check file type

    Hi,

    I have a script to upload a video:
    Code:
    <form enctype="multipart/form-data" action="insert.php" method="post" autocomplete="off">
    <input type="hidden" name="MAX_FILE_SIZE" value="100000000" />
    <label for="file" class="two">Documentary:</label>
    <input name="docufile" type="file" />
    <br />
    <br />
    <input type="submit" value="submit"
    </form>
    Which is then processed at:
    PHP Code:

    if (($_FILES['docufile']['type'] == 'video/mpeg')
    || (
    $_FILES['docufile']['type'] == 'video/mpeg4')
    || (
    $_FILES['docufile']['type'] == 'video/avi')
    || (
    $_FILES['docufile']['type'] == 'video/mov')
    || (
    $_FILES['docufile']['type'] == 'video/AVI')
    || (
    $_FILES['docufile']['type'] == 'video/mpg')
    || (
    $_FILES['docufile']['type'] == 'video/wmv')
    || (
    $_FILES['docufile']['type'] == 'video/vid')){

    $ext substr($_FILES['docufile']['name'],strrpos($_FILES['docufile']['name'],'.')+1);
    $ran md5(time());
    $ran2 "$ran.$ext";

        
    $uploaddir 'docs/';
        
    $uploadfile $uploaddir $ran2;

        echo 
    '<pre>';
        if (
    move_uploaded_file($_FILES['docufile']['tmp_name'], $uploadfile)){
            echo 
    "File is valid and was successfully uploaded. " $ran2 " \n";
        } else {
            echo 
    "Possible file upload attack!\n";
        }

        echo 
    'Here is some more debugging info:';
        
    print_r($_FILES);

        print 
    "</pre>";

    }else{
    echo 
    "File type not compatible.";

    This works fine if I remove the if(($_FILES etc, however when they are in place I just receive the error message File type not compatible.

    I am testing this so far with a video from my camera which is .avi.

    When the script prints out the upload details, (when I remove the if) this is the result:
    Code:
                [name] => P5310116.AVI
                [type] => application/octet-stream
    So logically this would be suggesting I should be checking the name, but that doesn't make sense as I want to check that the file type is a video?

    Clearly I have missed something here ...

  • #2
    New Coder
    Join Date
    Dec 2009
    Posts
    15
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP documentation about $_FILES['userfile']['type'] says 'The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.' So, I would not count on it.

    I suggest using Fileinfo extension which is enabled by default as of PHP 5.3.0 to determine detailed info about a file including its mime type.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •