Re: [PHP] Re: Image upload form

[Jack Jackson]

Nadim Attari wrote:

http://www.php-help.net/sources-php/image.upload.function.353.html


Thanks, Nadim,
I'm sure that is a great script. I am really trying to learn how it's 
working, so I'm trying to stay away from pre-rolled stuff as much as I 
can and beg for the mercy of the list in building these simple scripts. 
Believe it or not I'm actually improving pretty fast (despite 
scriptorial evidence to the contrary on this list)!


Thanks again,
JJ




Regards,
Nadim Attari
Alienworkers.com




Hi, After a disastrous first attempt (which uploaded images but only by
chance) it was suggested I rework the entire thing. This one seems to
check the file against getimagesize and if that doesn't prove false,
check the type and make the extension then rename the file. But the
moving part is not working, and it does not kick back any error, it just
fails.

Can anyone tell me what I am doing wrong, and also if this is sufficient
to a) upload images safely and b) protect against tampering?

Thanks in advance,
JJ


?php

error_reporting(E_ALL);

  $uploaddir = images/jpg/test/;

//  print_r($_FILES);

  $local_file = $_FILES['userfile']['tmp_name'];

if (sizeof($local_file))
  {

//try to get image size; this returns false if this is not an actual
image file.
  $image_test = getimagesize($local_file);

if ($image_test !== false) {
  $mime_type = $_FILES['userfile']['type'];
  switch($mime_type) {
  case image/jpeg:
  $pext = 'jpg';
  break;
  case image/tiff:
  $pext = 'tif';
  break;
  default:
  echo The file you are trying to upload is an image, but it is not
a tif or jpeg and therefore unacceptable.;
  }
} else {
   echo The file you are trying to upload is not a valid image file;
}

 $main_image = md5(date(l-F-j-Y i:s)).'.'.$pext;


  move_uploaded_file($main_image,$uploaddir);

  }

  ?

  form enctype=multipart/form-data action=?php echo
$_SERVER['PHP_SELF']; ? method=POST
input type=hidden name=MAX_FILE_SIZE value=30 /
!-- Name of input element determines name in $_FILES array --
Cartoon: input name=userfile type=file /
input type=submit value=Upload File /
/form





--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Image upload form

[Nadim Attari]

http://www.php-help.net/sources-php/image.upload.function.353.html

Regards,
Nadim Attari
Alienworkers.com


 Hi, After a disastrous first attempt (which uploaded images but only by
 chance) it was suggested I rework the entire thing. This one seems to
 check the file against getimagesize and if that doesn't prove false,
 check the type and make the extension then rename the file. But the
 moving part is not working, and it does not kick back any error, it just
 fails.

 Can anyone tell me what I am doing wrong, and also if this is sufficient
 to a) upload images safely and b) protect against tampering?

 Thanks in advance,
 JJ


 ?php

 error_reporting(E_ALL);

$uploaddir = images/jpg/test/;

 //  print_r($_FILES);

$local_file = $_FILES['userfile']['tmp_name'];

 if (sizeof($local_file))
{

 //try to get image size; this returns false if this is not an actual
 image file.
$image_test = getimagesize($local_file);

 if ($image_test !== false) {
$mime_type = $_FILES['userfile']['type'];
switch($mime_type) {
case image/jpeg:
$pext = 'jpg';
break;
case image/tiff:
$pext = 'tif';
break;
default:
echo The file you are trying to upload is an image, but it is not
 a tif or jpeg and therefore unacceptable.;
}
 } else {
 echo The file you are trying to upload is not a valid image file;
 }

   $main_image = md5(date(l-F-j-Y i:s)).'.'.$pext;


move_uploaded_file($main_image,$uploaddir);

}

?

form enctype=multipart/form-data action=?php echo
 $_SERVER['PHP_SELF']; ? method=POST
  input type=hidden name=MAX_FILE_SIZE value=30 /
  !-- Name of input element determines name in $_FILES array --
  Cartoon: input name=userfile type=file /
  input type=submit value=Upload File /
 /form

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php