4 Replies - 9867 Views - Last Post: 07 January 2010 - 01:51 PM Rate Topic: -----

#1 Daily.matters   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 42
  • Joined: 20-November 09

Restricting file types and size in upload form

Posted 06 January 2010 - 08:32 AM

Hi everyone, i'm writing a simple image gallery script using php. I started working, just to make it work, and now i want to add some features, one of them being, restrict the types of image and the sizes, the thing is, wherever i put my code to restrict the program stops working.

Here's my code:

<?php
		// FALTA VERIFICAR O TIPO E O TAMANHO DAS FOTOGRAFIAS
		// SEE RESTRICTIONS ON UPLOAD IN W3SCHOOLS		
		if(isset($_POST['submit'])){
		
/* 			if((($_FILES["file"]["type"] == "image/gif")
			|| ($_FILES["file"]["type"] == "image/jpeg")
			|| ($_FILES["file"]["type"] == "image/pjpeg")
			&& ($_FILES["file"]["size"]) < 200000000)){
			
			if($_FILES["file"]["error"]>0){
			echo "Return Coded: " . $_FILES["file"]["error"] . "<br />";
			}
		} */
		
		  if (isset ($_FILES['new_image'])){
			  $imagename = $_FILES['new_image']['name'];
			  $source = $_FILES['new_image']['tmp_name'];
			  $target = "images/".$imagename;
			  move_uploaded_file($source, $target);
 
			  $imagepath = $imagename;
			  $save = "images/" . $imagepath; 				
			  $file = "images/" . $imagepath; 				
 
			  list($width, $height) = getimagesize($file); 
 
			  $modwidth = 800;								
 
			  $diff = $width / $modwidth;
 
			  $modheight = $height / $diff; 
			  $tn = imagecreatetruecolor($modwidth, $modheight); 
			  $image = imagecreatefromjpeg($file); 
			  imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height); 
 
			  imagejpeg($tn, $save, 100); 
			   
			  $save = "images/thumbs/" . $imagepath; 	
			  $file = "images/" . $imagepath; 				
 
			  list($width, $height) = getimagesize($file); 
 
			  $modwidth = 80; 								
 
			  $diff = $width / $modwidth;
 
			  $modheight = $height / $diff; 
			  $tn = imagecreatetruecolor($modwidth, $modheight); 
			  $image = imagecreatefromjpeg($file); 
			  imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height); 
 
			  imagejpeg($tn, $save, 100); 
			echo "Thumbnail: <img src='images/thumbs/".$imagepath."'>";					   
		  }
	}

?>


The commented code on top is one of my last tries to do it.
Does anyone have a suggestion to where to do this verification ?

Thx in advance, ClŠudio

Is This A Good Question/Topic? 0
  • +

Replies To: Restricting file types and size in upload form

#2 Moshambi   User is offline

  • D.I.C Regular
  • member icon

Reputation: 8
  • View blog
  • Posts: 280
  • Joined: 20-November 07

Re: Restricting file types and size in upload form

Posted 06 January 2010 - 09:00 AM

I think (but am not sure) that you need to add your code that processes everything when it's correct inside of the if statement that you check it. I looked at this W3Schools Tutorial

If you look at the way it is structured by them then I believe it will make sense to you.
Was This Post Helpful? 0
  • +
  • -

#3 RPGonzo   User is offline

  • // Note to self: hmphh .... I forgot
  • member icon

Reputation: 151
  • View blog
  • Posts: 954
  • Joined: 16-March 09

Re: Restricting file types and size in upload form

Posted 06 January 2010 - 03:43 PM

something like

		// FALTA VERIFICAR O TIPO E O TAMANHO DAS FOTOGRAFIAS
		// SEE RESTRICTIONS ON UPLOAD IN W3SCHOOLS   
	
// approved file types
$approved_types = array("image/png","image/jpg","image/jpeg");
// approved file extensions
$approved_exts = array("png","jpg","jpeg");
// aproved file size in megabytes ( if you want it in another size limitation adjust the size correction below )
// a zero in the size and the script will not limit the size
$approved_size = 1;

// math to get the size correct shouldn't need to adjust
// if you want bytes comment out the math correction lines
$approved_size = $approved_size * 1048576;
// if you want kilobytes use the following line
//$approved_size = $approved_size * 1024;

	if(isset($_POST['submit'])) {

		  if (isset ($_FILES['new_image'])){
			
			  // if you want to use the built in file type method 
			  if (!in_array($_FILES['new_image']['type'], $approved_types)) {
				die("Wrong type of file submitted press use your back button and try again.");
			  }
			  
			  // if you want to use file extensions
			  $pcs = explode(".",$_FILES['new_image']['name']);
			  $extension = $pcs['1'];
			  
			  if (!in_array($extension, $approved_exts)) {
				die("Wrong type of file submitted press use your back button and try again.");
			  }
			  
			  // file size
			  if ($_FILES['new_image']['size'] > $approved_size && $approved_size != 0) {
				die("File size is to large please use your back button to select a different image.");
			  }



would work ... i tested this and the filtering method works granted i didn't test your upload method

I'm not positive on all the file types that could be but there is a list somewhere that is escaping me at the moment, the file extension method works good granted someone doesn't change the extension to a accepted file extension to try and get something malicious in there.

This post has been edited by RPGonzo: 06 January 2010 - 03:54 PM

Was This Post Helpful? 0
  • +
  • -

#4 RayanZahab   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 16
  • Joined: 26-December 09

Re: Restricting file types and size in upload form

Posted 07 January 2010 - 01:44 PM

I guess i have a better faster solution
In your php.ini file you can define the max size of the uploaded file and the types allowed
its a variable called : $upload_max_filesize
usually line 583
under it directly you might fine the file types :)
Was This Post Helpful? 0
  • +
  • -

#5 RPGonzo   User is offline

  • // Note to self: hmphh .... I forgot
  • member icon

Reputation: 151
  • View blog
  • Posts: 954
  • Joined: 16-March 09

Re: Restricting file types and size in upload form

Posted 07 January 2010 - 01:51 PM

bad thing about that method is you would have to modify your ini file anytime you have a script that is uploading files and has a different limitation of filtering
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1