.mp3 Filetype Upload

Question

I'm working on a PHP upload script which allows .mp3 file uploads amongst others. I've created an array which specifies permitted filetypes, including mp3s, and set a maximum upload limit of 500MB:

// define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 5120000);

// create an array of permitted MIME types
$permitted = array('application/msword', 'application/pdf', 'text/plain', 'text/rtf', 'image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/tiff', 'application/zip', 'audio/mpeg', 'audio/mpeg3', 'audio/x-mpeg-3', 'video/mpeg', 'video/mp4', 'video/quicktime', 'video/x-ms-wmv', 'application/x-rar-compressed');

So far in testing all specified filetypes have been successfully uploaded but for some reason it comes up with an error for .mp3. As you can see above I've included audio/mpeg, audio/mpeg3, and audio/x-mpeg-3 but none of them seem to make a difference.

Can someone suggest what the problem could be and also indicate which audio type is the one needed to allow .mp3 uploads?

Thanks

Update: The code I'm using to run the check on the file is as follows:

// check that file is within the permitted size
        if ($_FILES['file-upload']['size'][$number] > 0 || $_FILES['file-upload']['size'][$number] <= MAX_FILE_SIZE) {
            $sizeOK = true;
        }

        // check that file is of an permitted MIME type
        foreach ($permitted as $type) {
            if ($type == $_FILES['file-upload']['type'][$number]) {
                $typeOK = true;
                break;
            }
        }

        if ($sizeOK && $typeOK) {
            switch($_FILES['file-upload']['error'][$number]) {
                case 0:
                    // check if a file of the same name has been uploaded
                    if (!file_exists(UPLOAD_DIR.$file)) {
                        // move the file to the upload folder and rename it
                        $success = move_uploaded_file($_FILES['file-upload']['tmp_name'][$number], UPLOAD_DIR.$file);
                    }
                    else {
                        // strip the extension off the upload filename
                        $filetypes = array('/\.doc$/', '/\.pdf$/', '/\.txt$/', '/\.rtf$/', '/\.gif$/', '/\.jpg$/', '/\.jpeg$/', '/\.png$/', '/\.tiff$/', '/\.mpeg$/', '/\.mpg$/', '/\.mp4$/', '/\.mov$/', '/\.wmv$/', '/\.zip$/', '/\.rar$/', '/\.mp3$/');
                        $name = preg_replace($filetypes, '', $file);
                        // get the position of the final period in the filename
                        $period = strrpos($file, '.');
                        // use substr() to get the filename extension
                        // it starts one character after the period
                        $filenameExtension = substr($file, $period+1);
                        // get the next filename    
                        $newName = getNextFilename(UPLOAD_DIR, $name, $filenameExtension); 
                        $success = move_uploaded_file($_FILES['file-upload']['tmp_name'][$number], UPLOAD_DIR.$newName);
                    }
                    if ($success) {
                        $result[] = "$file uploaded successfully";
                    }
                    else {
                        $result[] = "Error uploading $file. Please try again.";
                    }
                    break;
                case 3:
                    $result[] = "Error uploading $file. Please try again.";
                default:
                    $result[] = "System error uploading $file. Contact webmaster.";
            }
        }
        elseif ($_FILES['file-upload']['error'][$number] == 4) {
            $result[] = 'No file selected';
        }
        else {
            $result[] = "$file cannot be uploaded. Maximum size: $max. Acceptable file types: doc, pdf, txt, rtf, gif, jpg, png, tiff, mpeg, mpg, mp3, mp4, mov, wmv, zip, rar.";
        }

I'm getting the bottom else result telling me either the file size is wrong or the extension isn't allowed.

Update 2: I've run a print_r of the _FILES array to hopefully provide a little more info. The results are:

Array ( [file-upload] => Array ( [name] => Array ( [0] => Mozart.mp3 [1] => [2] => )

        [type] => Array
            (
                [0] => audio/mpg
                [1] => 
                [2] => 
            )

        [tmp_name] => Array
            (
                [0] => /Applications/MAMP/tmp/php/phpgBtlBy
                [1] => 
                [2] => 
            )

        [error] => Array
            (
                [0] => 0
                [1] => 4
                [2] => 4
            )

        [size] => Array
            (
                [0] => 75050
                [1] => 0
                [2] => 0
            )

    )

)

Answer 1

MAX_FILE_SIZE is a value in Bytes

5120000 is not 500 MB. It's 5MB by my reckoning.

You'll also need to check that you're not exceeding the "post_max_size" and "upload_max_size" variables in your php.ini file

Secondly, an mp3 can be any of the following mimetypes

• audio/mpeg
• audio/x-mpeg
• audio/mp3
• audio/x-mp3
• audio/mpeg3
• audio/x-mpeg3
• audio/mpg
• audio/x-mpg
• audio/x-mpegaudio

http://filext.com/file-extension/MP3

Answer 2

I doubt if you still need this but am sure many will also be facing this same problem. This is what I did and it worked for me.

Php Code:

if(isset($_POST['submit'])) {

    $fileName = $_FILES['userfile']['name'];
    $tmpName = $_FILES['userfile']['tmp_name'];
    $fileSize = $_FILES['userfile']['size'];
    $fileType = $_FILES['userfile']['type'];

if ($fileType != 'audio/mpeg' && $fileType != 'audio/mpeg3' && $fileType != 'audio/mp3' && $fileType != 'audio/x-mpeg' && $fileType != 'audio/x-mp3' && $fileType != 'audio/x-mpeg3' && $fileType != 'audio/x-mpg' && $fileType != 'audio/x-mpegaudio' && $fileType != 'audio/x-mpeg-3') {
        echo('<script>alert("Error! You file is not an mp3 file. Thank You.")</script>');
    } else if ($fileSize > '10485760') {
        echo('<script>alert("File should not be more than 10mb")</script>');
    } else if ($rep == 'Say something about your post...') {
    $rep == '';
    } else {
    // get the file extension first
    $ext = substr(strrchr($fileName, "."), 1); 

    // make the random file name
    $randName = md5(rand() * time());

    // and now we have the unique file name for the upload file
    $filePath = $uploadDir . $randName . '.' . $ext;

    $result = move_uploaded_file($tmpName, $filePath);
    if (!$result) {
        echo "Error uploading file";
    exit;
    }

    if(!get_magic_quotes_gpc()) {

    $fileName = addslashes($fileName);
    $filePath = addslashes($filePath);

    }

    $sql = "INSERT INTO media SET
            path = '$filePath',
            size = '$fileSize',
            ftype = '$fileType',
            fname = '$fileName'";

if (mysql_query($sql)) {
    echo('');
    } else {
        echo('<p style="color: #ff0000;">Error adding audio: ' . mysql_error() . '</p><br />');
}

and your html code will be;

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data"">
      <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
      <input type="file" class="file_input" name="userfile" />
      <input type="submit" value="" name="submit" id="submitStatus" class="submit" />
    </form>

Answer 3

You should never assume the value in $_FILES[...]['type'] actually matches the type of the file. The client can send any arbitrary string, and it's not checked at all by PHP. See here .

You'll have to do the work yourself to actually determine what type of file was uploaded, unless you have a good reason not to care about security at all (which you probably don't). PHP provides the fileinfo package by default, which does the heavy lifting for you. See finfo_file() .

Answer 4

1. why not use in_array rather than the foreach loop for type check?
2. when you upload a valid file, have you tried checking the values of the $sizeOK & $typeOK

Answer 5

5MB的限制可能是您遇到的问题。

Answer 6

Here is some code that will give you some symbolic meaning to your errors:

class UploadException extends Exception { 
    public function __construct($code) { 
        $message = $this->codeToMessage($code); 
        parent::__construct($message, $code); 
    } 

    private function codeToMessage($code) { 
        switch ($code) { 
            case UPLOAD_ERR_INI_SIZE: 
                $message = "The uploaded file exceeds the upload_max_filesize directive in php.ini"; 
                break; 
            case UPLOAD_ERR_FORM_SIZE: 
                $message = "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"; 
                break; 
            case UPLOAD_ERR_PARTIAL: 
                $message = "The uploaded file was only partially uploaded"; 
                break; 
            case UPLOAD_ERR_NO_FILE: 
                $message = "No file was uploaded"; 
                break; 
            case UPLOAD_ERR_NO_TMP_DIR: 
                $message = "Missing a temporary folder"; 
                break; 
            case UPLOAD_ERR_CANT_WRITE: 
                $message = "Failed to write file to disk"; 
                break; 
            case UPLOAD_ERR_EXTENSION: 
                $message = "File upload stopped by extension"; 
                break; 

            default: 
                $message = "Unknown upload error"; 
                break; 
        } 
        return $message; 
    } 
} 

// Use 
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { 
    //uploading successfully done 
} else { 
    throw new UploadException($_FILES['file']['error']); 
}

If you're getting an error from your last else statement, it is difficult to tell what exactly triggered it. Try using something like the above. http://www.php.net/manual/en/features.file-upload.errors.php