php help restrictions to the file upload

[sen01dj]

this is working for filtaring image file

if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))


how can use this for filtaring
mp3, rm,ram,m4a,wave
i need to know

if ((($_FILES["file"]["type"] == "------/mp3")
|| ($_FILES["file"]["type"] == "-------/rm")
|| ($_FILES["file"]["type"] == "-------/ram")
|| ($_FILES["file"]["type"] == "-------/m4a")
|| ($_FILES["file"]["type"] == "-------/wave"))

i put as
if ((($_FILES["file"]["type"] == "sound/mp3")
but it not works

pls help me
Thank you

http://www.sensitivedjs.co.cc

[garrettroyce]

http://www.webmaster-toolkit.com/mime-types.shtml

Keep in mind this method is not completely secure. Just because you check the MIME type doesn't mean the file isn't infected with a virus or is corrupt. Only let trusted sources upload files.

[sen01dj]

thanks garrettroyce for reply
this is my full code

but this is not work

<?php
if ((($_FILES["file"]["type"] == "audio/mpeg3")
|| ($_FILES["file"]["type"] == "audio/x-mpeg-3")
|| ($_FILES["file"]["type"] == "video/mpeg")
|| ($_FILES["file"]["type"] == "video/x-mpeg"))
&& ($_FILES["file"]["size"] < 10485760))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>

[garrettroyce]

thanks garrettroyce for reply
this is my full code

but this is not work

Code:

<?php
if ((($_FILES["file"]["type"] == "audio/mpeg3")
|| ($_FILES["file"]["type"] == "audio/x-mpeg-3")
|| ($_FILES["file"]["type"] == "video/mpeg")
|| ($_FILES["file"]["type"] == "video/x-mpeg"))
&& ($_FILES["file"]["size"] < 10485760))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "upload/" . $_FILES["file"]["name"]);
      echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
      }
    }
  }
else
  {
  echo "Invalid file";
  }
?>

What does it do?

Did you remember to use "file" as the name of your file input?

Code:

<input type="file" name="file" />

[taha116]

Gona ask a side question... How can u make sure that it dosent have a virus when its being uploaded? is there a way besides like quarintening and scaning every time somthin is uploaded

[misson]

but this is not work

When asking about code, be explicit about the behavior you expect and the behavior you get. "It doesn't work" tells us nothing.

If you can, use something like Fileinfo to identify file type.

An associative array is more efficient and (IMO) easier to read than a series of string comparisons.

PHP Code:

$allowed = array('audio/mpeg'=>1, 'audio/mp3' => 1, 'audio/mpeg3' => 1, 'video/mpeg' => 1, ...);

...
if (isset($allowed[$_FILES["file"]["type"]])) {
    ...
} else {
    echo "Invalid file";
} 


Note the official MIME type for mp3 files is "audio/mpeg", not "audio/mpeg3". You might want to include all possible types, following Postel's law.

When posting source code, embed it in [php], [html] or [code] tags.

Gona ask a side question... How can u make sure that it dosent have a virus when its being uploaded? is there a way besides like quarintening and scaning every time somthin is uploaded

Don't threadjack.

The free x10 servers have ClamAV installed, but seemingly don't have a way of invoking it from most scripting languages (an extension such as php-clamavlib or via a system() call). It's possible that ClamAV is already set up to scan uploaded files, but this requires more research.

You could write a CGI shell script to scan a file and invoke that, but it would be tricky to do securely. Even then, the shell invoked by CGI scripts is limited and may not be able to run ClamAV. Alternatively, quarantine new files and run a batch scan as a cron job, deleting or unquarantining files as appropriate.

Does anyone else know of another way for a script to invoke ClamAV from a script?

[sen01dj]

Sorry for my bad English
and I don't have php knowledge
Thanks all for helping me
I need to Create an Upload-File Form
that need to be a interface to upload songs fills to any visitor
I got that code from www.w3schools.com

if ((($_FILES["file"]["type"] == "audio/mpeg")
this works for mp3 files

Upload: new tone.mp3
Type: audio/mpeg
Size: 52.857421875 Kb
Temp file: /tmp/phplv6c6C
Stored in: upload/new tone.mp3

now I need to allow rm,ram,wave fils uplode to my web folder

if ((($_FILES["file"]["type"] == " I need to know how to fill hear for that fills ")

and I need to know before use that fills can I check for virus by anti virus software in control planel

thank you

http://www.sensitivedjs.co.cc