[PHP] Re: verify file types when uploading to server...
Maybe you want to share with the rest of us, or at least me how you did it? :) /Micke Jas [EMAIL PROTECTED] skrev i meddelandet [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nevermind... =) Jas [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: verify file types when uploading to server...
Oops... Hope this helps others, here is what I did: // This is your form... form name=img1 method=post action=done.php target=box enctype=multipart/form-data input type=file name=img1 size=25 brbr input type=submit name=Submit value=save nbsp;nbsp; input type=reset name=reset value=reset /form // this is the script to upload the file // Note: if you want to only upload certain file types... change the eregi('.jpg$ sting to whatever your file extension should be // Also the directory in question needs permissions set to 755 for it to work. ?php if ($img1_name != eregi('.jpg$', $img1_name)) { @copy($img1, /path/to/directory/$img1_name) or die (Could not upload file, please try again after making sure the file is less than 2mb in size and the file name correct); } else { die(No file selected for upload, or the file was not the correct type. Please only upload .jpg files.); } ? Michael Andersson [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Maybe you want to share with the rest of us, or at least me how you did it? :) /Micke Jas [EMAIL PROTECTED] skrev i meddelandet [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nevermind... =) Jas [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Not sure what you're tring to achieve, but that only checks the file's name. You might want to use file (man 1 file) to verify that it actually is a JPEG, since people can put malicious data into a file named xxx.jpg and perhaps fool IE into doing bad things. miguel On Wed, 17 Apr 2002, jas wrote: Oops... Hope this helps others, here is what I did: // This is your form... form name=img1 method=post action=done.php target=box enctype=multipart/form-data input type=file name=img1 size=25 brbr input type=submit name=Submit value=save nbsp;nbsp; input type=reset name=reset value=reset /form // this is the script to upload the file // Note: if you want to only upload certain file types... change the eregi('.jpg$ sting to whatever your file extension should be // Also the directory in question needs permissions set to 755 for it to work. ?php if ($img1_name != eregi('.jpg$', $img1_name)) { @copy($img1, /path/to/directory/$img1_name) or die (Could not upload file, please try again after making sure the file is less than 2mb in size and the file name correct); } else { die(No file selected for upload, or the file was not the correct type. Please only upload .jpg files.); } ? Michael Andersson [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Maybe you want to share with the rest of us, or at least me how you did it? :) /Micke Jas [EMAIL PROTECTED] skrev i meddelandet [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nevermind... =) Jas [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Could you explain that a little more? thanks, Jas Miguel Cruz [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Not sure what you're tring to achieve, but that only checks the file's name. You might want to use file (man 1 file) to verify that it actually is a JPEG, since people can put malicious data into a file named xxx.jpg and perhaps fool IE into doing bad things. miguel On Wed, 17 Apr 2002, jas wrote: Oops... Hope this helps others, here is what I did: // This is your form... form name=img1 method=post action=done.php target=box enctype=multipart/form-data input type=file name=img1 size=25 brbr input type=submit name=Submit value=save nbsp;nbsp; input type=reset name=reset value=reset /form // this is the script to upload the file // Note: if you want to only upload certain file types... change the eregi('.jpg$ sting to whatever your file extension should be // Also the directory in question needs permissions set to 755 for it to work. ?php if ($img1_name != eregi('.jpg$', $img1_name)) { @copy($img1, /path/to/directory/$img1_name) or die (Could not upload file, please try again after making sure the file is less than 2mb in size and the file name correct); } else { die(No file selected for upload, or the file was not the correct type. Please only upload .jpg files.); } ? Michael Andersson [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Maybe you want to share with the rest of us, or at least me how you did it? :) /Micke Jas [EMAIL PROTECTED] skrev i meddelandet [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nevermind... =) Jas [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Unix systems have a program called 'file' that will look inside a file to try to figure out what sort of data it contains, regardless of how it's named. Generally it just looks at the first few bytes for a telltale fingerprint but there are all sorts of rules for different file types. This is similar to the mechanism IE uses to override server-sent MIME types. You can send the path of your uploaded file to the 'file' command and parse the output to see what sort of data appears to be contained within. Try it on the command line to see what sort of output it produces for various file types. miguel On Thu, 18 Apr 2002, jas wrote: Could you explain that a little more? thanks, Jas Miguel Cruz [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Not sure what you're tring to achieve, but that only checks the file's name. You might want to use file (man 1 file) to verify that it actually is a JPEG, since people can put malicious data into a file named xxx.jpg and perhaps fool IE into doing bad things. miguel On Wed, 17 Apr 2002, jas wrote: Oops... Hope this helps others, here is what I did: // This is your form... form name=img1 method=post action=done.php target=box enctype=multipart/form-data input type=file name=img1 size=25 brbr input type=submit name=Submit value=save nbsp;nbsp; input type=reset name=reset value=reset /form // this is the script to upload the file // Note: if you want to only upload certain file types... change the eregi('.jpg$ sting to whatever your file extension should be // Also the directory in question needs permissions set to 755 for it to work. ?php if ($img1_name != eregi('.jpg$', $img1_name)) { @copy($img1, /path/to/directory/$img1_name) or die (Could not upload file, please try again after making sure the file is less than 2mb in size and the file name correct); } else { die(No file selected for upload, or the file was not the correct type. Please only upload .jpg files.); } ? Michael Andersson [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Maybe you want to share with the rest of us, or at least me how you did it? :) /Micke Jas [EMAIL PROTECTED] skrev i meddelandet [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nevermind... =) Jas [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Ok, I understand how it works at least, however I am not familiar enough with unix systems to know how to effectively use that command. Could you give me an example in code so I can mess around with it? Thanks again, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
On Thursday 18 April 2002 15:37, Jas wrote: Ok, I understand how it works at least, however I am not familiar enough with unix systems to know how to effectively use that command. Could you give me an example in code so I can mess around with it? Probably easier to just use the getimagesize() command. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* It may be better to be a live jackal than a dead lion, but it is better still to be a live lion. And usually easier. -- Lazarus Long */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
On Thu, 18 Apr 2002, Miguel Cruz wrote: } Not sure what you're tring to achieve, but that only checks the file's } name. You might want to use file (man 1 file) to verify that it actually } is a JPEG, since people can put malicious data into a file named xxx.jpg } and perhaps fool IE into doing bad things. Another idea: $the_file_type = $HTTP_POST_FILES['filename']['type']; $registered_types = array( image/gif = .gif, image/pjpeg= .jpg, .jpeg, image/jpeg= .jpg, .jpeg, application/msword= .doc, application/vnd.ms-excel= .xls, application/octet-stream= .exe, .fla, application/pdf = .pdf ); $allowed_images = array(image/gif,image/pjpeg,image/jpeg); if (!in_array($the_file_type,$allowed_images)) { // produce your error text here } This looks at the mimetype of the file, using the $HTTP_POST_FILES['filename']['type'] varible [note that filename is the name passed from your form - type is the actual string you need to use to access the mimetype. Read http://us.php.net/manual/en/features.file-upload.php for more info on this. HTH, /vjl/ -- Vince LaMonica UC Irvine, School of Social Ecology W3 Developer * 116 Social Ecology I, Irvine, CA 92697 [EMAIL PROTECTED] https://www.seweb.uci.edu/~vjl If Bill Gates had a nickel for every time Windows crashed... ... oh wait, never mind. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php