php help restrictions to the file upload

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by sen01dj, Jul 8, 2009.

  1. sen01dj

    sen01dj New Member

    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    0
    this is working for filtaring image file

    if ((($_FILES["file"]["type"] == "image/gif")
    || ($_FILES["file"]["type"] == "image/jpeg")
    || ($_FILES["file"]["type"] == "image/pjpeg"))


    how can use this for filtaring
    mp3, rm,ram,m4a,wave
    i need to know

    if ((($_FILES["file"]["type"] == "------/mp3")
    || ($_FILES["file"]["type"] == "-------/rm")
    || ($_FILES["file"]["type"] == "-------/ram")
    || ($_FILES["file"]["type"] == "-------/m4a")
    || ($_FILES["file"]["type"] == "-------/wave"))

    i put as
    if ((($_FILES["file"]["type"] == "sound/mp3")
    but it not works

    pls help me
    Thank you

    http://www.sensitivedjs.co.cc
     
  2. garrettroyce

    garrettroyce Community Support Community Support

    Messages:
    5,462
    Likes Received:
    227
    Trophy Points:
    63
    http://www.webmaster-toolkit.com/mime-types.shtml

    Keep in mind this method is not completely secure. Just because you check the MIME type doesn't mean the file isn't infected with a virus or is corrupt. Only let trusted sources upload files.
     
  3. sen01dj

    sen01dj New Member

    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    0
    thanks garrettroyce for reply
    this is my full code

    but this is not work

    <?php
    if ((($_FILES["file"]["type"] == "audio/mpeg3")
    || ($_FILES["file"]["type"] == "audio/x-mpeg-3")
    || ($_FILES["file"]["type"] == "video/mpeg")
    || ($_FILES["file"]["type"] == "video/x-mpeg"))
    && ($_FILES["file"]["size"] < 10485760))
    {
    if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
    else
    {
    echo "Upload: " . $_FILES["file"]["name"] . "<br />";
    echo "Type: " . $_FILES["file"]["type"] . "<br />";
    echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["file"]["name"]))
    {
    echo $_FILES["file"]["name"] . " already exists. ";
    }
    else
    {
    move_uploaded_file($_FILES["file"]["tmp_name"],
    "upload/" . $_FILES["file"]["name"]);
    echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
    }
    }
    }
    else
    {
    echo "Invalid file";
    }
    ?>
     
  4. garrettroyce

    garrettroyce Community Support Community Support

    Messages:
    5,462
    Likes Received:
    227
    Trophy Points:
    63
    What does it do?

    Did you remember to use "file" as the name of your file input?

    Code:
    <input type="file" [B]name="file"[/B] />
     
    Last edited: Jul 8, 2009
  5. taha116

    taha116 Member

    Messages:
    505
    Likes Received:
    0
    Trophy Points:
    16
    Gona ask a side question... How can u make sure that it dosent have a virus when its being uploaded? is there a way besides like quarintening and scaning every time somthin is uploaded
     
  6. misson

    misson Community Paragon Community Support

    Messages:
    2,572
    Likes Received:
    72
    Trophy Points:
    48
    When asking about code, be explicit about the behavior you expect and the behavior you get. "It doesn't work" tells us nothing.

    If you can, use something like Fileinfo to identify file type.

    An associative array is more efficient and (IMO) easier to read than a series of string comparisons.
    PHP:
    $allowed = array('audio/mpeg'=>1'audio/mp3' => 1'audio/mpeg3' => 1'video/mpeg' => 1, ...);

    ...
    if (isset(
    $allowed[$_FILES["file"]["type"]])) {
        ...
    } else {
        echo 
    "Invalid file";
    }
    Note the official MIME type for mp3 files is "audio/mpeg", not "audio/mpeg3". You might want to include all possible types, following Postel's law.

    When posting source code, embed it in
    PHP:
    , [html] or [codetags.

    [
    quote="taha116, post: 556032"]Gona ask a side question... How can u make sure that it dosent have a virus when its being uploadedis there a way besides like quarintening and scaning every time somthin is uploaded[/quote]
    Don't threadjack.

    The free x10 servers have ClamAV installed, but seemingly don'
    t have a way of invoking it from most scripting languages (an extension such as [URL="http://www.phpclamavlib.org/"]php-clamavlib[/URL] or via a [FONT="Courier New"]system()[/FONTcall). It's possible that ClamAV is already set up to scan uploaded files, but this requires more research.

    You could write a CGI shell script to scan a file and invoke that, but it would be tricky to do securely. Even then, the shell invoked by CGI scripts is limited and may not be able to run ClamAV. Alternatively, quarantine new files and run a batch scan as a cron job, deleting or unquarantining files as appropriate.

    Does anyone else know of another way for a script to invoke ClamAV from a script?
     
  7. sen01dj

    sen01dj New Member

    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    0
    Sorry for my bad English
    and I don't have php knowledge
    Thanks all for helping me
    I need to Create an Upload-File Form
    that need to be a interface to upload songs fills to any visitor
    I got that code from www.w3schools.com

    if ((($_FILES["file"]["type"] == "audio/mpeg")
    this works for mp3 files

    Upload: new tone.mp3
    Type: audio/mpeg
    Size: 52.857421875 Kb
    Temp file: /tmp/phplv6c6C
    Stored in: upload/new tone.mp3

    now I need to allow rm,ram,wave fils uplode to my web folder

    if ((($_FILES["file"]["type"] == " I need to know how to fill hear for that fills ")

    and I need to know before use that fills can I check for virus by anti virus software in control planel

    thank you

    http://www.sensitivedjs.co.cc
     

Share This Page