[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

How to check for valid extension [imagefiles], for a webuploading script that uploads mutliple files?

Hey all

Ok first off, I have searched the net and found several scripts, that im trying to combine, [credits will be given to the authors eventually, no worries] the following is the script, that gives the option to upload files. It works great, but any kind of file can be uploaded, and that is a risk i think. I have no idea to loop through the files firstly to show the result of each one, and then secondly to see if they are valid extensions [jpg/gif imagefiles]

I have the working version at my server, which is http://www.superliegebeest.nl/eva/upl/test.php


the startpage
=========================
test.php
=========================
<form name="form1" method="post" action="test.php">
  <p><font face="Verdana">Hoeveel bestanden wil je uploaden? Max = 9.</font></p>
  <p>
<input type="checkbox" name="ch" value="1" onClick="dodo(this)">1
<input type="checkbox" name="ch" value="2" onClick="dodo(this)">2
<input type="checkbox" name="ch" value="3" onClick="dodo(this)">3
<input type="checkbox" name="ch" value="4" onClick="dodo(this)">4
<input type="checkbox" name="ch" value="5" onClick="dodo(this)">5
<input type="checkbox" name="ch" value="6" onClick="dodo(this)">6
<input type="checkbox" name="ch" value="7" onClick="dodo(this)">7
<input type="checkbox" name="ch" value="8" onClick="dodo(this)">8
<input type="checkbox" name="ch" value="9" onClick="dodo(this)">9
</p>
  <p><input type="hidden" name="go" value="go">
    <input type="submit" name="Verzenden" value="Verzenden" class="button">
  </p>
</form>
<br>
<form name="form2" enctype="multipart/form-data" method="post" action="upload3.php">
<p>
<?
  $uploadNeed = $_POST['ch'];
  if ($uploadNeed <= 9){
  for($x=0;$x<$uploadNeed;$x++){
 ?>
            <input class="button" name="uploadFile<? echo $x;?>" type="file" id="uploadFile<? echo $x;?>">
            </p>
<?
  }
  }
?>

<input type="hidden" name="go2" value="go2">
<p><input name="uploadNeed" type="hidden" value="<? echo $uploadNeed;?>">
   <input type="submit" name="Verzenden2" value="Verzenden" class="button">
 </p>
</form>
==========================
end of test.php
==========================


==========================
upload3.php
==========================
<?php

/* stuff to autmatically get the url to the file*/
$url = $_SERVER["SERVER_URL"];
list ($url, $query_string)
  = explode ('?', $_SERVER ['REQUEST_URI'], 2);
$urldir = dirname ($url . 'x');
/* end stuff for url */

/* start processing files*/
$uploadNeed = $_POST['uploadNeed'];
  for($x=0;$x<$uploadNeed;$x++)
{
$file_name = $_FILES['uploadFile'. $x]['name'];
$file_name = stripslashes($file_name);
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);

if ($copy)
{
echo "$file_name | geupload!<br>Gebruik de volgende link om er naar te linken<br>http://$HTTP_HOST$urldir/$file_name<br>";
echo "<img src='http://$HTTP_HOST$urldir/$file_name' width='100px' height='100px'><br>";
echo "<textarea rows=1 cols=100 wrap='off'><img src='http://$HTTP_HOST$urldir/$file_name'></textarea><br>";
 }

else
{
 echo "$file_name | NIET geupload!<br>";

 }

}
?>
=============================
end of upload3.php
=============================


The following is such a filetype checking scriptcode, but i cannot place it anywhere, so that is works

$allowed_ext = "jpg";
$extension = pathinfo($_FILES['uploadFile'. $x]['name']);
$extension = $extension[extension];
$trueextension =   strtolower($extension);
 if ($allowed_ext == "$trueextension"){
   
if valid, it should continue with the script, but also check the next file, if not valid it should not continue with the script for this file but still continue to the next file

Can anyone help me with this?
0
fdehell
Asked:
fdehell
  • 3
  • 2
1 Solution
 
babuno5Commented:
try this it should help
==========================
upload3.php
==========================
<?php

/* stuff to autmatically get the url to the file*/
$url = $_SERVER["SERVER_URL"];
list ($url, $query_string)
  = explode ('?', $_SERVER ['REQUEST_URI'], 2);
$urldir = dirname ($url . 'x');
/* end stuff for url */

/* start processing files*/
$uploadNeed = $_POST['uploadNeed'];
  for($x=0;$x<$uploadNeed;$x++)
{
$file_name = $_FILES['uploadFile'. $x]['name'];
$file_name = stripslashes($file_name);
$allowed_ext = "jpg";
$extension = pathinfo($_FILES['uploadFile'. $x]['name']);
$extension = $extension[extension];
$trueextension =   strtolower($extension);
 if ($allowed_ext != "$trueextension"){
continue;
}
$file_name = str_replace("'","",$file_name);
$copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);

if ($copy)
{
echo "$file_name | geupload!<br>Gebruik de volgende link om er naar te linken<br>http://$HTTP_HOST$urldir/$file_name<br>";
echo "<img src='http://$HTTP_HOST$urldir/$file_name' width='100px' height='100px'><br>";
echo "<textarea rows=1 cols=100 wrap='off'><img src='http://$HTTP_HOST$urldir/$file_name'></textarea><br>";
 }

else
{
 echo "$file_name | NIET geupload!<br>";

 }

}
?>
=============================
end of upload3.php
=============================
0
 
TeRReFCommented:
I think something like this. By the way:
Your code is hard to read because of your indentation. I suggest a different approach (I know, who am I to tell you what to do :) )
I mean, it is fine if you like it like this, but if other people have to work with the same code, an other way to indent could help...

/* start processing files*/
$uploadNeed = $_POST['uploadNeed'];
  for($x=0;$x<$uploadNeed;$x++) {
    $file_name = $_FILES['uploadFile'. $x]['name'];
    $allowed_ext = "jpg";
    $extension = pathinfo($filename);
    $extension = $extension[extension];
    $trueextension =   strtolower($extension);
    if ($allowed_ext == "$trueextension"){
      $file_name = stripslashes($file_name);
      $file_name = str_replace("'","",$file_name);
      $copy = copy($_FILES['uploadFile'. $x]['tmp_name'],$file_name);
      if ($copy) {
        echo "$file_name | geupload!<br>Gebruik de volgende link om er naar te linken<br>http://$HTTP_HOST$urldir/$file_name<br>";
        echo "<img src='http://$HTTP_HOST$urldir/$file_name' width='100px' height='100px'><br>";
        echo "<textarea rows=1 cols=100 wrap='off'><img src='http://$HTTP_HOST$urldir/$file_name'></textarea><br>";
     }
  } else {
     echo "$file_name | NIET geupload!<br>";
  }

tot later :)
0
 
fdehellAuthor Commented:
Hey Terref!

Actually I have been going nuts from my way of writing the code, i dont know the proper way, please tell me since i really dont know how i can make it readable, thx voor je antwoord alvast!
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
fdehellAuthor Commented:
Hey both of you,

Babonu5 fixed it , many thx, I tested yours Terref, but yours did not upload it unfortunately, therefore the points will go to Babonu5, but appreciation to the both of you for very fast answers and the help itself thx soo much!

With respect

Fdehell
0
 
TeRReFCommented:
Well, the way I submitted my code is an example. But instead of 2 spaces, you should use a tab.
Here's another short example (the example itself doesn't make sense at all, it's about the identation :) ):
<?php

      function myFunction() {
            $myVar = array();
            for ($i = 0; $i < 5; $i++) {
                  $myVar[] = $i;      
            }
      }
     
      $myArray = myFunction();
      print_r($myArray);
      echo "<br>Einde van dit rare script";

?>
0
 
fdehellAuthor Commented:
Thank you very much Terref
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now