Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    May 2005
    Posts
    116
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Smile disallow extention,,

    greetings all

    i have a file uploader in my site,, and i have a code that says

    PHP Code:
    $limitedext = array(".gif",".jpg",".png",".jpeg",".JPG"); 
    but i disabled that so it will accept any thing,,,

    but i just want to disable some extentions,,,

    can you help me please

  • #2
    New Coder
    Join Date
    Aug 2004
    Location
    UK
    Posts
    56
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    $disallowed_ext = array(

    'jpg',
    'gif',
    'mpeg',

    );

    $filetype endexplode('.'$filename) );

    if( 
    in_array($filetype$disallowed_ext) )
    {
    // Display message stating a disallowed filetype was attempted to be uploaded
    }

    else
    {
    // Execute remainder of upload script


  • #3
    Regular Coder
    Join Date
    May 2005
    Posts
    116
    Thanks
    0
    Thanked 0 Times in 0 Posts
    it doesn't seem to work.. i placed it in the right place,,,

    thank you anyways for you help

  • #4
    Regular Coder
    Join Date
    May 2005
    Posts
    563
    Thanks
    0
    Thanked 3 Times in 3 Posts
    post the rest of your code. It isn't a problem with what Sicton wrote, it must be a problem with how you implemented it.

  • #5
    Regular Coder
    Join Date
    May 2005
    Posts
    116
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok here you go,, its pretty long lol


    PHP Code:
    <html>
    <head>
    <link rel="stylesheet" type="text/css" href="../styles/default.css">
    <title>Uploader @ 7amodi Designs</title>
    </head>


    <body>
    <div align="center">
        <font size="3" color="#5CB0DE">7Designs ver.5</font><table border="0" cellpadding="0" cellspacing="0" width="600" id="table5">
            <tr>
                <td valign="top" width="600" height="517">
                <div align="center">
                    <table border="0" cellpadding="0" cellspacing="0" width="100%" id="table6">
                        <tr>
                            <td width="50">&nbsp;
                            </td>
                            <td width="500" align="center">
                            <table border="0" cellpadding="0" cellspacing="0" width="500" id="table7" height="526">
                                <tr>
                                    <td height="75">
                                    <p align="center"><font size="5">~File Uploader~</font><p align="center">
                                    <font size="5">~مركز تحميل الصور و الملفات~</font></td>
                                </tr>
                                <tr>
                                    <td>
                                    <div align="center">
    <font size="2" color="#5CB0DE">Make sure that the file does not have a</font><font size="2" color="#003399"> </font>
    <font size="2" color="#CC0000">(SPACE)</font><font size="2" color="#003399"> </font>
    <font size="2" color="#5CB0DE"> in 
    it or it will not work!</font><p><font size="2" color="#5CB0DE">Just change the 
    space to a (_) &quot;underscore&quot;</font></p>
    <p><font size="2" color="#5CB0DE">تأكو ان اسم الملف مافيه</font><font size="2" color="#003399"> </font>
    <font size="2" color="#CC0000">(مسافه)</font><font size="2" color="#003399"> </font>
    <font size="2" color="#5CB0DE"> ولا 
    ما راح يشتغل</font></p>
    <p dir="rtl"><font size="2" color="#5CB0DE">مثلاً إذا اسم الصوره
    <span lang="en-us">&quot;pic 001.jpg&quot; </span>غيروه إلا <span lang="en-us">&quot;pic</span>_<span lang="en-us">001.jpg&quot;</span></font></p>
    <p>&nbsp;
    <font size="6">
    <?php
    /*
    Author:     Mohammed Ahmed(M@@king)
    Version:    1.0
    Date:        10.Oct.2004
    ----------------------------
    Last Update:    16.Nov.2004
    ----------------------------
    E-mail:        m@maaking.com
    MSN   :         m@maaking.com
    WWW   :     http://www.maaking.com


    ---Description -----------------------------------------------------
    The Super Global Variable $_FILES is used in PHP 4.x.x.
    $_FILES['upload']['size'] ==> Get the Size of the File in Bytes.
    $_FILES['upload']['tmp_name'] ==> Returns the Temporary Name of the File.
    $_FILES['upload']['name'] ==> Returns the Actual Name of the File.
    $_FILES['upload']['type'] ==> Returns the Type of the File.

    So if I uploaded the file 'test.doc', the $_FILES['upload']['name']
    would be 'phptut.doc' and $_FILES['upload']['type'] would be 'application/msword'.
    ---------------------------------------------------------------------*/

    //**********************************************************************//
    //  $_FILES['filetoupload']  is the value of                            //
    // file field from the form. <input type="file" name="filetoupload">    //
    //**********************************************************************//

    // this is the upload dir where files will go.
    //Don't remove the /
    //Chmod it (777)
    $upload_dir "upload/";   //change to whatever you want.

                 //51200 bytes = 50KB
    $size_bytes 2500000//File Size in bytes (change this value to fit your need)

    $extlimit "no"//Do you want to limit the extensions of files uploaded (yes/no)
    $limitedext = array(".gif",".jpg",".png",".jpeg",".JPG"); //Extensions you want files uploaded limited to. also you can use:  //array(".gif",".jpg",".jpeg",".png",".txt",".nfo",".doc",".rtf",".htm",".dmg",".zip",".rar",".gz",".exe");

              //check if the directory exists or not.
              
    if (!is_dir("$upload_dir")) {
             die (
    "The directory <b>($upload_dir)</b> doesn't exist");
              }
              
    //check if the directory is writable.
              
    if (!is_writeable("$upload_dir")){
                 die (
    "The directory <b>($upload_dir)</b> is NOT writable, Please CHMOD (777)");
              }
     
    $disallowed_ext = array('.exe','.EXE','.PHP','.php'); 

    $filetype endexplode('.'$filename) );

    if( 
    in_array($filetype$disallowed_ext) )
    {
    header("Location: ext.shtml");
    }

    else
    {
    // Execute remainder of upload script
    }  

      if(
    $uploadform// if you clicked the (Upload File) button. "If you submitted the form" then upload the file.
      
    {//begin of if($uploadform).


                  //check if no file selected.
                  
    if (!is_uploaded_file($_FILES['filetoupload']['tmp_name']))
                  {
                         echo 
    "Error: Please select a file to upload!. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a> تأكدو انكم ضغطتو على زر اختيار الملف  اول";
                         exit(); 
    //exit the script and don't do anything else.
                  
    }

                  
    //Get the Size of the File
                  
    $size $_FILES['filetoupload']['size'];
                  
    //Make sure that file size is correct
                  
    if ($size $size_bytes)
                  {
                        
    $kb $size_bytes 1024;
                        echo 
    "File Too Large. File must be <b>$kb</b> KB. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a> حجم الملف كبيـــر";
                        exit();
                  }

                  
    //check file extension
                  
    $ext strrchr($_FILES['filetoupload'][name],'.');
                  if ((
    $extlimit == "yes") && (!in_array($ext,$limitedext))) {
                        echo(
    "Wrong file extension. ");
                        exit();
                  }

                  
    // $filename will hold the value of the file name submetted from the form.
                  
    $filename =  $_FILES['filetoupload']['name'];
                  
    // Check if file is Already EXISTS.
                  
    if(file_exists($upload_dir.$filename)){
                        echo 
    "Oops! The file named <b>$filename </b>already exists. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a> بلزز اختارو اسم ثاني";
                        exit();
                  }

                  
    //Move the File to the Directory of your choice
                  //move_uploaded_file('filename','destination') Moves afile to a new location.
                  
    if (move_uploaded_file($_FILES['filetoupload']['tmp_name'],$upload_dir.$filename)) {

                      
    //tell the user that the file has been uploaded and make him alink.
                      
    echo "File (<a href=$upload_dir$filename>$filename</a>) uploaded! مبرووك تمت تحميل الملف بنجاح<br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
                      exit();

                  }
                      
    // print error if there was a problem moving file.
                      
    else
                  {
                      
    //Print error msg.
                      
    echo "There was a problem moving your file. <br>»<a href=\"$_SERVER[PHP_SELF]\">back</a>";
                      exit();
                  }



      }
    //end of if($uploadform).

    #---------------------------------------------------------------------------------#
    // If the form has not been submitted, display it!
    else
      {
    //begin of else
      
          
    ?></font>
          <br>
          </p>
          <h3>&nbsp;</h3>
          <i>- Allowed Extensions:</i>

            <b>
              (every thing under the max file size)<span class="new"><font size="1">NEW</font></span></b><br>
          <i>- Max File Size</i> = <b><?echo $size_bytes 1000000?> MB  <span class="new"><font size="1">NEW 
    (before it was 1MB only)</font></span></b><br>
          <form method="post" enctype="multipart/form-data" action="<?php echo $PHP_SELF ?>">
          <br>
          <input type="file" name="filetoupload" class="field" size="81"><br>
          <input type="hidden" name="MAX_FILE_SIZE" value="<?echo $size_bytes?>">
          <br>
          <input type="submit" name="uploadform" value="             oK          " class="field">
          </form>

          <?
      
      
    }//end of else

    /*______________________________________________________________________________*/
    //   Here is the most interesting part.
    //    it views the directory contents.....i'll disscuss next version. (ver 2.0)
    ?>
                                        <div align="center">
    &nbsp;</div>
                                        <table border="0" cellpadding="0" cellspacing="0" width="400" id="table8">
                                            <tr>
                                                <td align="center">&nbsp;</td>
                                            </tr>
                                        </table>
                                    <p><a href="../index.php">HOME</a></div>
                                    </td>
                                </tr>
                            </table>
                            </td>
                            <td width="50">&nbsp;
                            </td>
                        </tr>
                    </table>
                </div>
                </td>
            </tr>
            </table>
        <p><?php include('../includes/tail.php'?></p></div>
    </body>

    </html>

  • #6
    Regular Coder
    Join Date
    Feb 2005
    Location
    West Midlands, UK
    Posts
    623
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The code appears way too early, you're trying to explode $filename to check the extension yet at the point you've inserted the code, $filename doesn't exist. $filename is created later by this:
    PHP Code:
    // $filename will hold the value of the file name submetted from the form. 
    $filename =  $_FILES['filetoupload']['name']; 
    The code to check the extension of $filename should therefore at least appear somewhere after this point.

  • #7
    Regular Coder
    Join Date
    May 2005
    Posts
    116
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ohhhh i see,,, i will check it out thanx man


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •