Restrict file upload to just jpegs with php
|
9:50 PM |
No comments |
Restrict file upload to just jpegs with php
Please can someone help? I have the following code which uploads a file to my server and renames it to whoever the logged in user is. For example the user 'coca-cola-lover' uploads a jpeg - the script would also rename the jpeg 'coca-cola-lover.jpg'.
My problem is that I need it to limit the upload to just jpegs - and also limit the file size to 2mb.
Please help - I was trying to find a solution all night.
Thanks in advance
// Your file name you are uploading $file_name = $HTTP_POST_FILES['ufile']['name']; $username = $row_Recordset1['username']; $ext = end(explode('.', $file_name)); $renamed_file_name = $username; $new_file_name=$renamed_file_name.'.'.$ext; //set where you want to store files //in this example we keep file in folder upload //$new_file_name = new upload file name //for example upload file name cartoon.gif . $path will be upload/cartoon.gif $path= "../sites/images/users/".$new_file_name; if($ufile !=none) { if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path)) { echo "Successful
"; //$new_file_name = new file name //$HTTP_POST_FILES['ufile']['size'] = file size //$HTTP_POST_FILES['ufile']['type'] = type of file echo "File Name :".$new_file_name."
"; echo "File Size :".$HTTP_POST_FILES['ufile']['size']."
"; echo "File Type :".$HTTP_POST_FILES['ufile']['type']."
"; } else { echo "Error"; } } Answer by user187291 for Restrict file upload to just jpegs with php
getimagesize tells you what format the file is in
as per bgy's comment, you should also force the file extension to be what you want:
$new_file_name=$renamed_file_name.'.'.$ext; // wrong, uses data from the client $new_file_name=$renamed_file_name.'.jpg'; // ok, just what we want never trust and never use filenames provided by the client.
Answer by Ignacio Vazquez-Abrams for Restrict file upload to just jpegs with php
You restrict the size via the normal mechanisms, but you'll need to use the fileinfo functions to determine the filetype after uploading.
Answer by aefxx for Restrict file upload to just jpegs with php
I would recommend exif_imagetype:
For details see here: http://php.net/manual/en/function.exif-imagetype.php
Answer by Gordon for Restrict file upload to just jpegs with php
You can use any of the four to detect a mimetype of the file:
- finfo_open (by default enabled as of 5.3)
- getimagesize (requires enabled GD)
- exif_imagetype (requires enabled Exif)
- mime_content_type (deprecated as of 5.3)
You can also limit the MimeType from the FileUpload element, but since this is client-side code, it can easily be removed by malicious users (and it's also buggy across browsers):
For further information on how to handle file uploads with PHP (including limiting file size), check the manual.
There is also a lot of very similar questions on Stack Overflow already, one being:
Answer by Crozin for Restrict file upload to just jpegs with php
A few advices for the current code
- Use
$_FILES instead of $HTTP_POST_FILES. - If you need to get file extensions use
$extension = pathinfo($filename, PATHINFO_EXTENSION);. - Use
is_uploaded_file and move_uploaded_file. - Don't relay on
$_FILES['file']['type'] - it can be modified by user. - Indent your code.
If you want to limit file upload to the following requirements:
- Filesize: max 2mb.
- File type:
image/jpeg
Do something like that:
$tmpName = $_FILES['file']['tmp_name']; if (file_is_uploaded($tmpName) { $filesize = fielsize($tmpName); $mimeType = exif_imagetype('image.gif'); if ($filesize <= 2 * 1024 * 1024 && $mimeType == IMAGETYPE_JPEG) { $filename = $USERNAME . '.jpg'; if (move_uploaded_file($tmpName, $filename) == false) { // sth goes wrong } } else { die('Invalid.'); } }
Fatal error: Call to a member function getElementsByTagName() on a non-object in D:\XAMPP INSTALLASTION\xampp\htdocs\endunpratama9i\www-stackoverflow-info-proses.php on line 72
0 comments:
Post a Comment