Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Dec 2012
    Posts
    6
    Thanks
    0
    Thanked 0 Times in 0 Posts

    File Upload Issue

    Any help on this would be greatly appreciated. I have a form with file upload and when I try to upload an image, I get the "Invalid filetype" message. Not sure why because the image is a jpeg and is small in size. Here is my php file, any ideas:

    <?php
    $allowedExts = array("jpg", "jpeg", "gif", "png");
    $extension = end(explode(".", $_FILES["file"]["name"]));
    if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/png")
    || ($_FILES["file"]["type"] == "image/pjpeg"))
    && ($_FILES["file"]["size"] < 20000)
    && in_array($extension, $allowedExts))
    {
    if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    }
    else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br>";
    echo "Type: " . $_FILES["file"]["type"] . "<br>";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br>";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
    {
    echo $_FILES["file"]["name"] . " already exists. ";
    }
    else
    {
    move_uploaded_file($_FILES["file"]["tmp_name"],
    "upload/" . $_FILES["file"]["name"]);
    echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
    }
    }
    }
    else
    {
    echo "Invalid file";
    }
    ?>

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Dump the files array to see all the information within it:
    PHP Code:
    var_dump($_FILES); 
    And post that. Also, make sure you use the [php][/php] tags around code as it will preserve your formatting.

  • #3
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    Try adding this as well

    PHP Code:
    || ($_FILES["file"]["type"] == "image/JPG"
    I also use:

    PHP Code:
    $allowedExts = array('image/pjpeg''image/jpeg''image/JPG''image/X-PNG'
        
    'image/gif''images/PNG''image/png''image/x-png'); 
    Last edited by AndrewGSW; 12-28-2012 at 11:32 PM.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  • Users who have thanked AndrewGSW for this post:

    daddycool22 (12-29-2012)

  • #4
    New to the CF scene
    Join Date
    Dec 2012
    Posts
    3
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thanks AndrewGSW, I had that issue aswell. Works like a charm now.
    Seems I had a problem with images that had JPG or JPEG capitalized.

    Code:
    ($type=='image/jpeg' || $type=='gif') || $type=='png' || $type=='pjpeg' || $type=='image/JPG' || $type=='image/PNG' || $type=='image/X-PNG' || $type=='image/x-png' )

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    That's kinda what I was thinking of as well (case sensitivity).
    The use is questionable though; the extension itself doesn't dictate what type of file it is. Using the type is better than the extension, and even better solutions include the use of finfo extension or even manually scanning the headers (although that takes more time since you need to figure out exactly what is in each type you accept).

  • #6
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    Quote Originally Posted by Fou-Lu View Post
    That's kinda what I was thinking of as well (case sensitivity).
    The use is questionable though; the extension itself doesn't dictate what type of file it is. Using the type is better than the extension, and even better solutions include the use of finfo extension or even manually scanning the headers (although that takes more time since you need to figure out exactly what is in each type you accept).
    Actually, I do have quite a bit more code than suggested by my previous post

    PHP Code:
        do if (isset($_POST['submitted'])) {
            if (!
    $_FILES['inpFile']) {
                echo 
    "<p><b>No picture selected for upload.</b></p>";
                break;
            }

            
    $the_pics $_FILES['inpFile']['name'];
            foreach (
    $the_pics as $key => $value) {
                
    // $key == integer, $value = submitted filename
                
    $fname $value;
                
    //Check for valid upload - phpsense.com/2007/php-file-uploading/
                
    if($_FILES['inpFile']['error'][$key] != UPLOAD_ERR_OK) {
                    
    $file_error $_FILES['inpFile']['error'][$key];
                    if (
    $file_error == UPLOAD_ERR_FORM_SIZE) {
                        echo 
    "<p>$fname: <b>File is too large (max 300k)</b></p>";
                        break;
                    } else {
                        echo 
    "<p><b>$fname: Upload file error: $file_error</b></p>";
                        break;
                    } 
                }
                
    //Check for valid upload
                
    if(!is_uploaded_file($_FILES['inpFile']['tmp_name'][$key])) {
                    echo 
    "<p>$fname: <b>Invalid request.</b></p>";
                    break;
                }
                
    // Validate the type JPEG, GIF or PNG
                
    $allowed = array('image/pjpeg''image/jpeg''image/JPG''image/X-PNG'
                    
    'image/gif''images/PNG''image/png''image/x-png');
                if (!
    in_array($_FILES['inpFile']['type'][$key], $allowed)) {
                    echo 
    "<p>$fname: <b>Invalid file type.</b></p>";
                    break;
                }
                
    // validate the name
                
    $allowed_extns = array('jpg''jpeg''gif''png');
                
    $the_name $_FILES['inpFile']['name'][$key];
                
    $the_extn explode('.'strtolower($the_name));
                if (!
    in_array(end($the_extn), $allowed_extns)) {
                    echo 
    "<p>$fname: <b>Invalid file extension.</b></p>";
                    break;
                }
                
    /* function exif_imagetype() doesn't exist - check PHP version!
                if (exif_imagetype($_FILES['inpFile']['tmp_name'][$key]) != IMAGETYPE_GIF) {
                    echo "{$_FILES['inpFile']['tmp_name'][$key]} The picture is not a gif";
                }*/

                //Sanitize the filename
                
    $remove_these = array(' ','`','"','\'','\\','/');
                
    $newname str_replace($remove_these''$_FILES['inpFile']['name'][$key]);

                
    //Make the filename unique
                //$newname = time().'-'.$newname;

                //Save the uploaded the file to another location
                
    $upload_path "{$user_location}{$newname}";
                if (
    file_exists($upload_path)) {
                    echo 
    "<p>$fname: <b>You already have a picture with that name.</b></p>";
                    break;
                }
                if (
    move_uploaded_file($_FILES['inpFile']['tmp_name'][$key], $upload_path)) {
                    echo 
    "<p>$fname: <b>Your picture has been uploaded!</b></p>";
                } else {
                    echo 
    "<p>$fname: <b>There was a problem uploading your picture!</b></p>";
                    break;
                }
            }

        } while (
    FALSE);

        
    // Delete the file from it's temp location (in case there was a problem):
        
    if (isset($_POST['submitted'])) {
            
    // $the_pics = $_FILES['inpFile']['name']; (already established)
            
    foreach ($the_pics as $key => $value) {
                if (
    file_exists($_FILES['inpFile']['tmp_name'][$key]) && 
                        
    is_file($_FILES['inpFile']['tmp_name'][$key])) {
                    
    unlink($_FILES['inpFile']['tmp_name'][$key]);
                }
            }
        } 
    (This code is for multiple file-uploads.)
    Last edited by AndrewGSW; 12-29-2012 at 10:20 PM.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •