Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

php upload file

Posted on 2005-05-07
6
Medium Priority
?
1,615 Views
Last Modified: 2012-05-05
I have this script that uploads files:

<?php

// Where the file is going to be placed
$target_path = "uploads/";

// Add the original filename to our target path. Result is "uploads/filename.extension"
$target_path = $target_directory . basename( $_FILES['uploadedfile']['name']);
 

$_FILES['uploadedfile']['tmp_name']; // This is how we will get the temporary file...

$target_path = "uploads/";

$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
} else{
     echo "There was an error uploading the file, please try again!";
}

?>

But I want it to check to see if the file extension is .exe and if it is then echo "You can't upload an exe file". If not then go ahead with the upload.

Thanks,
Clay
0
Comment
Question by:pugandjody
5 Comments
 
LVL 7

Accepted Solution

by:
Promethyl earned 500 total points
ID: 13951770
$target_path = $target_path . basename( $_FILES['uploadedfile']['name']);

if (stristr($_FILES['uploadedfile']['name']),'.exe') die("You cannot upload exe files. I'm reporting you to the FCC!");

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
     echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";
} else{
     echo "There was an error uploading the file, please try again!";
}
0
 
LVL 12

Expert Comment

by:str_kani
ID: 13958131
Writing the following with keepting the +s of javascript and client side validation...
You can use a function like the follwing one to validate whether the user uploads a valid file or not.
If you valdate using server side script, it will validate ONLY after the entire file is uploaded, if you validate this in client side, then the following will prompt the user to select a valid file (non-exe) to upload , this will happen well before the browser starts uploading this on to the server....


function validate_extention()
{
      with(document.formname)
      {
            imagefilelength=imgvalue.length;
            indexofdot=imgvalue.indexOf(".");
            extension=imgvalue.substring(indexofdot+1,imagefilelength);
            ext=extension.toLowerCase();
            if(ext=="jpeg")
            {
              alert("You cannot upload .exe file");
              return false;
            }
            else
            {
                  //valid file extention, do the rest
            }
      }
}

Hope this helps you.
0
 
LVL 7

Expert Comment

by:Promethyl
ID: 13959889
What's with this logic? If the ext is a jpeg then warn/alert it's an exe? Besides, this is PHP support. =)


         if(ext=="jpeg")
          {
            alert("You cannot upload .exe file");
            return false;
          }
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 14005061
Wouldn't it be wiser to have a whitelist instead of a blacklist approach?

Also str_kani, having javascript checks isn't security!. It is quite easy to shut down javascript while uploading your executables!

-r-
0
 
LVL 14

Expert Comment

by:huji
ID: 16214003
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: Promethyl

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Huji
EE Cleanup Volunteer
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question