My PHP Uploader Modification!

Discussion in 'PHP' started by Jake-Johnson, Apr 29, 2009.

0
  1. #1
    Here's the PHP script I'm currently using:

    
<?php
function createRandom($length) {
$chars = "234567890abcdefghijkmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$i = 0;
$random = "";
while ($i <= $length) {
$random .= $chars{mt_rand(0,strlen($chars))};
$i++;
}
return $random;
}
$random = createRandom(8);
$target_path = "uploads/" . $random;
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']); 
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
echo "<a href='" . "/uploads/" . $random . basename( $_FILES['uploadedfile']['name']). 
"'>Click Here To View Your File</a>";
} else{
echo "There was an error uploading the file, please try again!<br /><a href='/problem/'>Why is this happening?</a>";
}
?>
    PHP:
    I would like to make it only capible of uploading spesific types of files.. Right now it uploads everything. I'd like it to upload:

    png, swf, fla, piv, stk, gif, and jpg/jpeg.

    Thank-you whoever can help!
    Jake-Johnson
     
    Jake-Johnson, Apr 29, 2009 IP
  2. javaongsan

    javaongsan Well-Known Member

    Messages:
    1,054
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    128
    #2
    probably something like this
    
$filename= basename( $_FILES['uploadedfile']['name']);
$ext= explode(".", $filename);
if ($ext[1]="thefileextensionyouwant"){
......
    Code (markup):
     
    javaongsan, Apr 29, 2009 IP
  3. Jake-Johnson

    Jake-Johnson Peon

    Messages:
    839
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #3
    I'm not sure how to correctly use that.. Can you use it in my script to show me?
     
    Jake-Johnson, Apr 29, 2009 IP
  4. javaongsan

    javaongsan Well-Known Member

    Messages:
    1,054
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    128
    #4 
    
<?php
function createRandom($length) {
	$chars = "234567890abcdefghijkmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
	$i = 0;
	$random = "";
	while ($i <= $length) {
		$random .= $chars{mt_rand(0,strlen($chars))};
		$i++;
	}
	return $random;
}
$random = createRandom(8);
$target_path = "uploads/" . $random;
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
$filename= basename( $_FILES['uploadedfile']['name']);
$ext= explode(".", $filename);
if ($ext[1]="thefileextensionyouwant"){
	if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
		echo "<a href='" . "/uploads/" . $random . basename( $_FILES['uploadedfile']['name']).
		"'>Click Here To View Your File</a>";
	} else{
		echo "There was an error uploading the file, please try again!<br /><a href='/problem/'>Why is this happening?</a>";
	}
}
?>
    Code (markup):
     
    javaongsan, Apr 29, 2009 IP
  5. Jake-Johnson

    Jake-Johnson Peon

    Messages:
    839
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Sorry.. That doesn't work. I put jpg in the place and it could upload everything else too.
     
    Jake-Johnson, Apr 29, 2009 IP
  6. SHOwnsYou

    SHOwnsYou Peon

    Messages:
    209
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #6
    The easy (and less secure) way to do it:

    $types = array('image/jpeg', 'image/gif', 'whatever/else');
if (in_array($_FILES['inputname']['type'], $types)) {
// Your file handing script here
} else {
// Error, filetype not supported
}
    Code (markup):
    The above code was taken from: sitepoint.

    The page goes into detail on how to make it more secure, however. As it stands, the file blah.jpg.exe would still get uploaded... This is fixable, however.
     
    SHOwnsYou, Apr 29, 2009 IP