I currently am building a file uploader for a site im building and i have a problem with file types, I need it to be able to upload html, css, javascript, json files, but not PHP etc. My problem is i cant seem to figure out the file type names. See below for more detail.
<?php
if (($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";
if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>
Where it has image/jpeg, i have tried .html and html to no avail, as well as .js etc and i just cannot figure it out! HELP!!! :D
If you are referring to:
echo "Type: " . $_FILES["file"]["type"] . "<br />";
This is the mime type. If you want to look at the file extension, you have to parse the filename itself. EG:
$ext = substr(strrchr($_FILES["file"]["name"], '.'), 1);
To allow/disallow, it's a good idea to use switch:
switch ($_FILES["file"]["type"]) {
case 'image/jpeg':
case 'image/gif':
// Allowed
break;
default:
// Not allowed
break;
}
switch ($ext) {
case 'jpeg':
case 'gif':
case 'jpg':
// Allowed
break;
default:
// Not allowed
break;
}
Might I suggest a different approach?
Instead of relying on file type, examine the extension.
Little example of this would be:
$parts = array();
$parts = explode( ".", $_FILES['file']['name'] );
if ( !empty($parts) && is_array($parts) ) {
$extension = end( $parts );
} else {
echo "File name has no extension";
}
if ( $extension == "jpg" || $extension == "jpeg" ) {
// Do something with the jpeg
} elseif ( $extension == "html" ) {
// Do something with html
} elseif ( $extension == "js" ) {
// Do something with js
} else if ( ... /* You can add any conditional based on extension here */ ) {
// And do whatever you want here
}
This is a vary basic, crude example with multiple if / elseif statements, you can make a switch condition, make a factory class, etc... But the idea stays the same.
Cheers.
It's not safe to rely on the client file type in $_FILES
, you'd better get it from the file content.
function mime_type($file_path)
{
if (function_exists('finfo_open')) {
$finfo = new finfo(FILEINFO_MIME_TYPE, null);
$mime_type = $finfo->file($file_path);
}
if (!$mime_type && function_exists('passthru') && function_exists('escapeshellarg')) {
ob_start();
passthru(sprintf('file -b --mime %s 2>/dev/null', escapeshellarg($file_path)), $return);
if ($return > 0) {
ob_end_clean();
$mime_type = null;
}
$type = trim(ob_get_clean());
if (!preg_match('#^([a-z0-9\-]+/[a-z0-9\-\.]+)#i', $type, $match)) {
$mime_type = null;
}
$mime_type = $match[1];
}
return $mime_type;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.