[PHP] Re: verify file types when uploading to server...
Maybe you want to share with the rest of us, or at least me how you did it? :) /Micke Jas [EMAIL PROTECTED] skrev i meddelandet [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Nevermind... =) Jas [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I am wondering if any one has a good idea on how to do checking based on a files extension, what I am trying to accomplish is to be able to upload files to a webserver however I only want to have .jpg files uploaded. If anyone has a good way to do this please share. Thanks in advance, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: verify file types when uploading to server...
Oops... Hope this helps others, here is what I did:
// This is your form...
form name=img1 method=post action=done.php target=box
enctype=multipart/form-data
input type=file name=img1 size=25
brbr
input type=submit name=Submit value=save
nbsp;nbsp;
input type=reset name=reset value=reset
/form
// this is the script to upload the file
// Note: if you want to only upload certain file types... change the
eregi('.jpg$ sting to whatever your file extension should be
// Also the directory in question needs permissions set to 755 for it to
work.
?php
if ($img1_name != eregi('.jpg$', $img1_name)) {
@copy($img1, /path/to/directory/$img1_name) or die (Could not upload
file, please try again after making sure the file is less than 2mb in size
and the file name correct);
} else {
die(No file selected for upload, or the file was not the correct type.
Please only upload .jpg files.);
}
?
Michael Andersson [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Maybe you want to share with the rest of us, or at least me how you did
it?
:)
/Micke
Jas [EMAIL PROTECTED] skrev i meddelandet
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Nevermind... =)
Jas [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am wondering if any one has a good idea on how to do checking based
on
a
files extension, what I am trying to accomplish is to be able to
upload
files to a webserver however I only want to have .jpg files uploaded.
If
anyone has a good way to do this please share.
Thanks in advance,
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Not sure what you're tring to achieve, but that only checks the file's
name. You might want to use file (man 1 file) to verify that it actually
is a JPEG, since people can put malicious data into a file named xxx.jpg
and perhaps fool IE into doing bad things.
miguel
On Wed, 17 Apr 2002, jas wrote:
Oops... Hope this helps others, here is what I did:
// This is your form...
form name=img1 method=post action=done.php target=box
enctype=multipart/form-data
input type=file name=img1 size=25
brbr
input type=submit name=Submit value=save
nbsp;nbsp;
input type=reset name=reset value=reset
/form
// this is the script to upload the file
// Note: if you want to only upload certain file types... change the
eregi('.jpg$ sting to whatever your file extension should be
// Also the directory in question needs permissions set to 755 for it to
work.
?php
if ($img1_name != eregi('.jpg$', $img1_name)) {
@copy($img1, /path/to/directory/$img1_name) or die (Could not upload
file, please try again after making sure the file is less than 2mb in size
and the file name correct);
} else {
die(No file selected for upload, or the file was not the correct type.
Please only upload .jpg files.);
}
?
Michael Andersson [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Maybe you want to share with the rest of us, or at least me how you did
it?
:)
/Micke
Jas [EMAIL PROTECTED] skrev i meddelandet
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Nevermind... =)
Jas [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am wondering if any one has a good idea on how to do checking based
on
a
files extension, what I am trying to accomplish is to be able to
upload
files to a webserver however I only want to have .jpg files uploaded.
If
anyone has a good way to do this please share.
Thanks in advance,
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Could you explain that a little more?
thanks,
Jas
Miguel Cruz [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Not sure what you're tring to achieve, but that only checks the file's
name. You might want to use file (man 1 file) to verify that it actually
is a JPEG, since people can put malicious data into a file named xxx.jpg
and perhaps fool IE into doing bad things.
miguel
On Wed, 17 Apr 2002, jas wrote:
Oops... Hope this helps others, here is what I did:
// This is your form...
form name=img1 method=post action=done.php target=box
enctype=multipart/form-data
input type=file name=img1 size=25
brbr
input type=submit name=Submit value=save
nbsp;nbsp;
input type=reset name=reset value=reset
/form
// this is the script to upload the file
// Note: if you want to only upload certain file types... change the
eregi('.jpg$ sting to whatever your file extension should be
// Also the directory in question needs permissions set to 755 for it to
work.
?php
if ($img1_name != eregi('.jpg$', $img1_name)) {
@copy($img1, /path/to/directory/$img1_name) or die (Could not
upload
file, please try again after making sure the file is less than 2mb in
size
and the file name correct);
} else {
die(No file selected for upload, or the file was not the correct
type.
Please only upload .jpg files.);
}
?
Michael Andersson [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Maybe you want to share with the rest of us, or at least me how you
did
it?
:)
/Micke
Jas [EMAIL PROTECTED] skrev i meddelandet
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Nevermind... =)
Jas [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am wondering if any one has a good idea on how to do checking
based
on
a
files extension, what I am trying to accomplish is to be able to
upload
files to a webserver however I only want to have .jpg files
uploaded.
If
anyone has a good way to do this please share.
Thanks in advance,
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Unix systems have a program called 'file' that will look inside a file to
try to figure out what sort of data it contains, regardless of how it's
named. Generally it just looks at the first few bytes for a telltale
fingerprint but there are all sorts of rules for different file types.
This is similar to the mechanism IE uses to override server-sent MIME
types.
You can send the path of your uploaded file to the 'file' command and
parse the output to see what sort of data appears to be contained within.
Try it on the command line to see what sort of output it produces for
various file types.
miguel
On Thu, 18 Apr 2002, jas wrote:
Could you explain that a little more?
thanks,
Jas
Miguel Cruz [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Not sure what you're tring to achieve, but that only checks the file's
name. You might want to use file (man 1 file) to verify that it actually
is a JPEG, since people can put malicious data into a file named xxx.jpg
and perhaps fool IE into doing bad things.
miguel
On Wed, 17 Apr 2002, jas wrote:
Oops... Hope this helps others, here is what I did:
// This is your form...
form name=img1 method=post action=done.php target=box
enctype=multipart/form-data
input type=file name=img1 size=25
brbr
input type=submit name=Submit value=save
nbsp;nbsp;
input type=reset name=reset value=reset
/form
// this is the script to upload the file
// Note: if you want to only upload certain file types... change the
eregi('.jpg$ sting to whatever your file extension should be
// Also the directory in question needs permissions set to 755 for it to
work.
?php
if ($img1_name != eregi('.jpg$', $img1_name)) {
@copy($img1, /path/to/directory/$img1_name) or die (Could not
upload
file, please try again after making sure the file is less than 2mb in
size
and the file name correct);
} else {
die(No file selected for upload, or the file was not the correct
type.
Please only upload .jpg files.);
}
?
Michael Andersson [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Maybe you want to share with the rest of us, or at least me how you
did
it?
:)
/Micke
Jas [EMAIL PROTECTED] skrev i meddelandet
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Nevermind... =)
Jas [EMAIL PROTECTED] wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am wondering if any one has a good idea on how to do checking
based
on
a
files extension, what I am trying to accomplish is to be able to
upload
files to a webserver however I only want to have .jpg files
uploaded.
If
anyone has a good way to do this please share.
Thanks in advance,
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
Ok, I understand how it works at least, however I am not familiar enough with unix systems to know how to effectively use that command. Could you give me an example in code so I can mess around with it? Thanks again, Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
On Thursday 18 April 2002 15:37, Jas wrote: Ok, I understand how it works at least, however I am not familiar enough with unix systems to know how to effectively use that command. Could you give me an example in code so I can mess around with it? Probably easier to just use the getimagesize() command. -- Jason Wong - Gremlins Associates - www.gremlins.com.hk Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * /* It may be better to be a live jackal than a dead lion, but it is better still to be a live lion. And usually easier. -- Lazarus Long */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: verify file types when uploading to server...
On Thu, 18 Apr 2002, Miguel Cruz wrote:
} Not sure what you're tring to achieve, but that only checks the file's
} name. You might want to use file (man 1 file) to verify that it actually
} is a JPEG, since people can put malicious data into a file named xxx.jpg
} and perhaps fool IE into doing bad things.
Another idea:
$the_file_type = $HTTP_POST_FILES['filename']['type'];
$registered_types = array(
image/gif = .gif,
image/pjpeg= .jpg, .jpeg,
image/jpeg= .jpg, .jpeg,
application/msword= .doc,
application/vnd.ms-excel= .xls,
application/octet-stream= .exe, .fla,
application/pdf = .pdf
);
$allowed_images = array(image/gif,image/pjpeg,image/jpeg);
if (!in_array($the_file_type,$allowed_images))
{
// produce your error text here
}
This looks at the mimetype of the file, using the
$HTTP_POST_FILES['filename']['type'] varible [note that filename is the
name passed from your form - type is the actual string you need to use
to access the mimetype.
Read http://us.php.net/manual/en/features.file-upload.php for more info on
this.
HTH,
/vjl/
--
Vince LaMonica UC Irvine, School of Social Ecology
W3 Developer * 116 Social Ecology I, Irvine, CA 92697
[EMAIL PROTECTED] https://www.seweb.uci.edu/~vjl
If Bill Gates had a nickel for every time Windows crashed...
... oh wait, never mind.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
