[PHP] Image upload form
Hi, After a disastrous first attempt (which uploaded images but only by
chance) it was suggested I rework the entire thing. This one seems to
check the file against getimagesize and if that doesn't prove false,
check the type and make the extension then rename the file. But the
moving part is not working, and it does not kick back any error, it just
fails.
Can anyone tell me what I am doing wrong, and also if this is sufficient
to a) upload images safely and b) protect against tampering?
Thanks in advance,
JJ
?php
error_reporting(E_ALL);
$uploaddir = images/jpg/test/;
// print_r($_FILES);
$local_file = $_FILES['userfile']['tmp_name'];
if (sizeof($local_file))
{
//try to get image size; this returns false if this is not an actual
image file.
$image_test = getimagesize($local_file);
if ($image_test !== false) {
$mime_type = $_FILES['userfile']['type'];
switch($mime_type) {
case image/jpeg:
$pext = 'jpg';
break;
case image/tiff:
$pext = 'tif';
break;
default:
echo The file you are trying to upload is an image, but it is not
a tif or jpeg and therefore unacceptable.;
}
} else {
echo The file you are trying to upload is not a valid image file;
}
$main_image = md5(date(l-F-j-Y i:s)).'.'.$pext;
move_uploaded_file($main_image,$uploaddir);
}
?
form enctype=multipart/form-data action=?php echo
$_SERVER['PHP_SELF']; ? method=POST
input type=hidden name=MAX_FILE_SIZE value=30 /
!-- Name of input element determines name in $_FILES array --
Cartoon: input name=userfile type=file /
input type=submit value=Upload File /
/form
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
Okay, I started seeing some of my mistakes.
I am still having a great deal of trouble:
newfile returns: 0fdae2e9e6aa43f067a9dd780a5a36a6.jpg
image_file returns: images/jpg/test/0fdae2e9e6aa43f067a9dd780a5a36a6.jpg
images/jpg/test is set to 777 but I still get (Could not move file to
destination). What am I missing? Thanks!
?php
error_reporting(E_ALL);
$uploaddir = images/jpg/test/;
print_r($_FILES);
$local_file = $_FILES['userfile']['tmp_name'];
if (sizeof($local_file))
{
//try to get image size; this returns false if this is not an actual
image file.
$image_test = getimagesize($local_file);
if ($image_test !== false) {
$mime_type = $_FILES['userfile']['type'];
switch($mime_type) {
case image/jpeg:
$pext = 'jpg';
break;
case image/tiff:
$pext = 'tif';
break;
default:
echo The file you are trying to upload is an image, but it is not
a tif or jpeg and therefore unacceptable.;
}
} else {
echo The file you are trying to upload is not a valid image file;
}
$newfile = md5(date(l-F-j-Y i:s)).'.'.$pext;
$image_file = $uploaddir . $newfile;
// print_r($newfile);
// print_r($image_file);
if(!move_uploaded_file($newfile,$image_file)) {
echo 'Could not move file to destination';
exit;
}
else {
echo 'image file ?php echo $newfile ? uploaded.';
}
}
?
form enctype=multipart/form-data action=?php echo
$_SERVER['PHP_SELF']; ? method=POST
input type=hidden name=MAX_FILE_SIZE value=30 /
!-- Name of input element determines name in $_FILES array --
Cartoon: input name=userfile type=file /
input type=submit value=Upload File /
/form
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re[2]: [PHP] Image upload form
Hello Jack, Wednesday, June 15, 2005, 5:38:11 PM, you wrote: JJ newfile returns: 0fdae2e9e6aa43f067a9dd780a5a36a6.jpg JJ image_file returns: JJ images/jpg/test/0fdae2e9e6aa43f067a9dd780a5a36a6.jpg JJ images/jpg/test is set to 777 but I still get (Could not move file to JJ destination). What am I missing? Thanks! This directory needs to be absolute - i.e. the COMPLETE path: /usr/home/jack/images/jpg/test Or similar - whatever it needs to be on your server. Best regards, Richard Davey -- http://www.launchcode.co.uk - PHP Development Services I do not fear computers. I fear the lack of them. - Isaac Asimov -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
Richard Davey wrote:
Hello Jack,
Wednesday, June 15, 2005, 5:38:11 PM, you wrote:
JJ newfile returns: 0fdae2e9e6aa43f067a9dd780a5a36a6.jpg
JJ image_file returns:
JJ images/jpg/test/0fdae2e9e6aa43f067a9dd780a5a36a6.jpg
JJ images/jpg/test is set to 777 but I still get (Could not move file to
JJ destination). What am I missing? Thanks!
This directory needs to be absolute - i.e. the COMPLETE path:
/usr/home/jack/images/jpg/test
Thanks, Richard,
Still no soap: I changed
$uploaddir = /home/jack/public_html/amyportnoy/images/jpg/test;
and
$image_file = $uploaddir . '/' . $newfile;
Now $image_file returns the valid path of:
/home/jack/public_html/amyportnoy/images/jpg/test/09992d5379dd0a0cf376aab82241a66d.jpg
but it still does not copy the file to that location. However the error
has changed:
if (is_uploaded_file($newfile)) {
if(!move_uploaded_file($newfile,$image_file)) {
echo 'Could not move file to destination';
exit;
}
else {
echo 'image file ?php echo $newfile ? uploaded.';
}
}
else {
echo 'Problem with ' . $newfile;
}
}
And I'm getting an error message of Problem with
6a26590fb45fd86e58954ba91d5580a4.jpg
So i guess it's not uploading for some reason?
Here's the whole thing I have so far once again, with several mods:
?php
error_reporting(E_ALL);
$uploaddir = /home/jack/public_html/amyportnoy/images/jpg/test;
print_r($_FILES);
if ($_FILES['userfile']['error'] 0) {
echo 'Problem: ';
switch ($_FILES['userfile']['error']) {
case 1:
echo 'File exceeds maximum upload size limit
(upload_max_filesize).';
break;
case 2:
echo 'File exceeds maximum size limit (max_file_size).';
break;
case 3:
echo 'File was only partially uploaded.';
break;
case 4:
echo 'No file was uploaded.';
break;
}//end switch
}//end if error 0
$local_file = $_FILES['userfile']['tmp_name'];
if (sizeof($local_file))
{
//try to get image size; this returns false if this is not an actual
image file.
$image_test = getimagesize($local_file);
if ($image_test !== false) {
$mime_type = $_FILES['userfile']['type'];
switch($mime_type) {
case image/jpeg:
$pext = 'jpg';
break;
case image/tiff:
$pext = 'tif';
break;
default:
echo The file you are trying to upload is an image, but it is not
a tif or jpeg and therefore unacceptable.;
}
} else {
echo The file you are trying to upload is not a valid image file;
}
$newfile = md5(date(l-F-j-Y i:s)).'.'.$pext;
$image_file = $uploaddir . '/' . $newfile;
// print_r($newfile);
print_r($image_file);
if (is_uploaded_file($newfile)) {
if(!move_uploaded_file($newfile,$image_file)) {
echo 'Could not move file to destination';
exit;
}
else {
echo 'image file ' . $newfile . 'uploaded.';
}
}
else {
echo 'Problem with ' . $newfile;
}
}
?
form enctype=multipart/form-data action=?php echo
$_SERVER['PHP_SELF']; ? method=POST
input type=hidden name=MAX_FILE_SIZE value=30 /
!-- Name of input element determines name in $_FILES array --
Cartoon: input name=userfile type=file /
input type=submit value=Upload File /
/form
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
On Thursday 16 June 2005 00:38, Jack Jackson wrote:
//try to get image size; this returns false if this is not an actual
image file.
$image_test = getimagesize($local_file);
if ($image_test !== false) {
$mime_type = $_FILES['userfile']['type'];
$_FILES['userfile']['type'] contains the mime-type that is provided by the
browser and will vary depending on browser and hence extremely
unreliable.
In fact the returned value from getimagesize() already has mime-type info,
use that instead.
$newfile = md5(date(l-F-j-Y i:s)).'.'.$pext;
$image_file = $uploaddir . $newfile;
// print_r($newfile);
// print_r($image_file);
if(!move_uploaded_file($newfile,$image_file)) {
echo 'Could not move file to destination';
exit;
}
The file pointed to by $newfile doesn't exist. You need to move ...
$local_file = $_FILES['userfile']['tmp_name'];
... $localfile
--
Jason Wong - Gremlins Associates - www.gremlins.biz
Open Source Software Systems Integrators
* Web Design Hosting * Internet Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
New Year Resolution: Ignore top posted posts
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Image upload form
Yes, Jason,
Those did it!
Thanks so much for the help!
Jason Wong wrote:
On Thursday 16 June 2005 00:38, Jack Jackson wrote:
//try to get image size; this returns false if this is not an actual
image file.
$image_test = getimagesize($local_file);
if ($image_test !== false) {
$mime_type = $_FILES['userfile']['type'];
$_FILES['userfile']['type'] contains the mime-type that is provided by the
browser and will vary depending on browser and hence extremely
unreliable.
In fact the returned value from getimagesize() already has mime-type info,
use that instead.
$newfile = md5(date(l-F-j-Y i:s)).'.'.$pext;
$image_file = $uploaddir . $newfile;
// print_r($newfile);
// print_r($image_file);
if(!move_uploaded_file($newfile,$image_file)) {
echo 'Could not move file to destination';
exit;
}
The file pointed to by $newfile doesn't exist. You need to move ...
$local_file = $_FILES['userfile']['tmp_name'];
... $localfile
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
