Any help on this would be greatly appreciated. I have a form with file upload and when I try to upload an image, I get the "Invalid filetype" message. Not sure why because the image is a jpeg and is small in size. Here is my php file, any ideas:
__________________
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
Validate your HTML and CSS
Last edited by AndrewGSW; 12-28-2012 at 10:32 PM..
That's kinda what I was thinking of as well (case sensitivity).
The use is questionable though; the extension itself doesn't dictate what type of file it is. Using the type is better than the extension, and even better solutions include the use of finfo extension or even manually scanning the headers (although that takes more time since you need to figure out exactly what is in each type you accept).
That's kinda what I was thinking of as well (case sensitivity).
The use is questionable though; the extension itself doesn't dictate what type of file it is. Using the type is better than the extension, and even better solutions include the use of finfo extension or even manually scanning the headers (although that takes more time since you need to figure out exactly what is in each type you accept).
Actually, I do have quite a bit more code than suggested by my previous post
PHP Code:
do if (isset($_POST['submitted'])) { if (!$_FILES['inpFile']) { echo "<p><b>No picture selected for upload.</b></p>"; break; }
$the_pics = $_FILES['inpFile']['name']; foreach ($the_pics as $key => $value) { // $key == integer, $value = submitted filename $fname = $value; //Check for valid upload - phpsense.com/2007/php-file-uploading/ if($_FILES['inpFile']['error'][$key] != UPLOAD_ERR_OK) { $file_error = $_FILES['inpFile']['error'][$key]; if ($file_error == UPLOAD_ERR_FORM_SIZE) { echo "<p>$fname: <b>File is too large (max 300k)</b></p>"; break; } else { echo "<p><b>$fname: Upload file error: $file_error</b></p>"; break; } } //Check for valid upload if(!is_uploaded_file($_FILES['inpFile']['tmp_name'][$key])) { echo "<p>$fname: <b>Invalid request.</b></p>"; break; } // Validate the type JPEG, GIF or PNG $allowed = array('image/pjpeg', 'image/jpeg', 'image/JPG', 'image/X-PNG', 'image/gif', 'images/PNG', 'image/png', 'image/x-png'); if (!in_array($_FILES['inpFile']['type'][$key], $allowed)) { echo "<p>$fname: <b>Invalid file type.</b></p>"; break; } // validate the name $allowed_extns = array('jpg', 'jpeg', 'gif', 'png'); $the_name = $_FILES['inpFile']['name'][$key]; $the_extn = explode('.', strtolower($the_name)); if (!in_array(end($the_extn), $allowed_extns)) { echo "<p>$fname: <b>Invalid file extension.</b></p>"; break; } /* function exif_imagetype() doesn't exist - check PHP version! if (exif_imagetype($_FILES['inpFile']['tmp_name'][$key]) != IMAGETYPE_GIF) { echo "{$_FILES['inpFile']['tmp_name'][$key]} The picture is not a gif"; }*/
//Make the filename unique //$newname = time().'-'.$newname;
//Save the uploaded the file to another location $upload_path = "{$user_location}{$newname}"; if (file_exists($upload_path)) { echo "<p>$fname: <b>You already have a picture with that name.</b></p>"; break; } if (move_uploaded_file($_FILES['inpFile']['tmp_name'][$key], $upload_path)) { echo "<p>$fname: <b>Your picture has been uploaded!</b></p>"; } else { echo "<p>$fname: <b>There was a problem uploading your picture!</b></p>"; break; } }
} while (FALSE);
// Delete the file from it's temp location (in case there was a problem): if (isset($_POST['submitted'])) { // $the_pics = $_FILES['inpFile']['name']; (already established) foreach ($the_pics as $key => $value) { if (file_exists($_FILES['inpFile']['tmp_name'][$key]) && is_file($_FILES['inpFile']['tmp_name'][$key])) { unlink($_FILES['inpFile']['tmp_name'][$key]); } } }
(This code is for multiple file-uploads.)
__________________
"I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
Validate your HTML and CSS
Last edited by AndrewGSW; 12-29-2012 at 09:20 PM..
Before you post, read our: 
