An image upload situation

Discussion in 'PHP' started by npsari, Apr 22, 2007.

0
  1. #1
    I am using this upload file script: 

    <? 
// Where the file is going to be placed 

$target_path = "images/"; 

/* Add the original filename to our target path. Result is "uploads/filename.extension" */ 

$target_path = $target_path . basename( $_FILES['Image1']['name']); 
$_FILES['Image1']['tmp_name'];  

$target_path = "images/"; 

$target_path = $target_path . basename( $_FILES['Image1']['name']); 

if(move_uploaded_file($_FILES['Image1']['tmp_name'], $target_path)) { 

    echo "The file ".  basename( $_FILES['Image1']['name'])." has been uploaded"; 

} else{ 

    echo "There was an error uploading the file, please try again!"; 
} 

?>
    Code (markup):
    But everytime someone uploads the same image name, the image is over-written.

    So this is a little problem because users might upload same image names

    How can i prevent the script from overwritting old images
     
    npsari, Apr 22, 2007 IP
  2. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #2
    Try this:
    
<?php

// Where the file is going to be placed 

$target_path = "images/"; 

/* Add the original filename to our target path. Result is "uploads/filename.extension" */ 

$target_path = $target_path . basename( $_FILES['Image1']['name']); 
$_FILES['Image1']['tmp_name'];  

$target_path = "images/"; 

$filename = basename( $_FILES['Image1']['name']);

if (file_exists($target_path . $filename))
{
	$filename = time() . '_' . $filename;
}

$target_path .= $fileame;

if(move_uploaded_file($_FILES['Image1']['tmp_name'], $target_path)) { 

    echo "The file ".  $filename ." has been uploaded"; 

} else{ 

    echo "There was an error uploading the file, please try again!"; 
} 

?>
    PHP:
    Do not use this in a public directory though. Because there are no checks for file extension, size and content type. So I could upload my own PHP scripts and execute them however I'd like to.
     
    nico_swd, Apr 22, 2007 IP
  3. npsari

    npsari Peon

    Messages:
    22
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Hey, thanks, i tried it

    ohh, ok ok

    It worked nicely

    its just you forgot a little letter, thats why it didnt for sometime

    Thanks much for the help
     
    npsari, Apr 22, 2007 IP
  4. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #4
    My bad, a typo in this line:
    
$target_path .= $fileame;
    PHP:
    It should be $filename.
     
    nico_swd, Apr 22, 2007 IP
  5. npsari

    npsari Peon

    Messages:
    22
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    its ok, cus it works perfect

    I dont want to be pushy, however, can u show me the bit which refuses other file types

    Can it be done using javascript from the HTML submit form (i think this way is easier)
     
    npsari, Apr 22, 2007 IP
  6. nico_swd

    nico_swd Prominent Member

    Messages:
    4,153
    Likes Received:
    344
    Best Answers:
    18
    Trophy Points:
    375
    #6
    EIDT:
    Yes, but it's very insecure.



    Try this. May not work on all hosts though.

    
function fetch_mime_type($path)
{
	$filetype = false;
	
	// Because image_type_to_mime_type() is only available since PHP 4.3.0.
	$imagetypes = array(
		 1 => 'image/gif',
		 2 => 'image/jpeg',
		 3 => 'image/png',
		 4 => 'application/x-shockwave-flash',
		 5 => 'image/psd',
		 6 => 'image/bmp',
		 7 => 'image/tiff',
		 8 => 'image/tiff',
		 9 => 'application/octet-stream',
		10 => 'image/jp2',
		11 => 'application/octet-stream',
		12 => 'application/octet-stream',
		13 => 'application/x-shockwave-flash',
		14 => 'image/iff',
		15 => 'image/vnd.wap.wbmp',
		16 => 'image/xbm'
	);
	
	if (!function_exists('exif_imagetype') OR !$filetype = @exif_imagetype($path))
	{
		@list(, , $filetype) = @getimagesize($path);
	}

	if ($filetype AND array_key_exists($filetype, $imagetypes))
	{
		return $imagetypes[$filetype];
	}
	
	// May prevents errors when using mime_content_type() on some hosts.
	@ini_set('mime_magic.debug', 'On');
	
	if (!function_exists('mime_content_type') OR !$filetype = @mime_content_type($path))
	{
		$filetype = trim(@exec('file -bi ' . escapeshellarg($path)));
	
		if (strpos($filetype, ';') !== false)
		{
			list($filetype) = explode(';', $filetype);
		}
	}
	
	return $filetype ? trim($filetype) : 'application/octet-stream';
}


$mime = fetch_mime_type($_FILES['Image1']['tmp_name']);

if (!preg_match('/\.(gif|jpe?g|png|w?bmp|tiff?|jpc|jp2|jpx|jb2|iff|xbm)$/i', $filename) OR !preg_match('/^image\//i', $mime))
{
   exit('The file is not an image');
}
    PHP:
     
    nico_swd, Apr 22, 2007 IP
  7. npsari

    npsari Peon

    Messages:
    22
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    that code looks cool

    where do i put the Upload Field name "Image1"?

    Also, i also not sure where to put this whole code

    Shall i paste it above the script you provided me with
     
    npsari, Apr 22, 2007 IP
  8. Alley Cat

    Alley Cat Peon

    Messages:
    41
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Nico, I am wanting to submit to my images table the path to images stored on my server, will the following code transmit the information to the column where I want to store this info?
    $target_path = $target_path . basename( $_FILES['Image1']['name']);
    Code (markup):
    I would also like to know how to include it in the following.
    
$query = "INSERT INTO uploads (email, file_name, file_size, file_type, description) VALUES ($e, '{$_FILES[$filename]['name']}', '{$_FILES[$filename]['size']}', '{$_FILES[$filename]['type']}', $d)";
    Code (markup):
    Thanks in advance.
     
    Alley Cat, Jun 5, 2007 IP