0

I have a script that allows only 1 image to be uploaded which works fine.

But right now it allows any and all types to uploaded.

How do I only allow jpg, jpeg, gif, png & PDF files to be the only ones allowed to upload?

Here is part of my code.

<?php // make a note of the current working directory, relative to root. $directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']); // make a note of the directory that will recieve the uploaded files $uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/'; // make a note of the location of the upload form in case we need it $uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'multiple.upload.form.php'; // make a note of the location of the success page $uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'multiple.upload.success.php'; // name of the fieldname used for the file in the HTML form $fieldname = 'file'; //echo'<pre>';print_r($_FILES);exit; // Now let's deal with the uploaded files // possible PHP upload errors $errors = array(1 => 'php.ini max file size exceeded', 2 => 'html form max file size exceeded', 3 => 'file upload was only partial', 4 => 'no file was attached'); // check the upload form was actually submitted else print form isset($_POST['submit']) or error('the upload form is needed', $uploadForm); // check if any files were uploaded and if // so store the active $_FILES array keys $active_keys = array(); foreach($_FILES[$fieldname]['name'] as $key => $filename) { if(!empty($filename)) { $active_keys[] = $key; } } // check at least one file was uploaded if (count($active_keys) < 1) { echo "<table border=\"0\" cellspacing=\"4\" cellpadding=\"4\" style=\"border: 1px solid black; text-align: center; font-family: arial; font-size: 14px;\" width=\"600px\" align=\"center\"> <tr> <td> <font size=\"3\" color=\"red\"><strong><u>Upload Error</u></strong></font> <br> <br> <b>You must upload one file.</b> <br><br> <a href=\"javascript: history.go(-1)\">Back to upload form</a> <br> </td> </tr> </table> <div style=\"display: none;\"> "; } //count($active_keys) //or error('No files were uploaded', $uploadForm); // check for standard uploading errors foreach($active_keys as $key) { ($_FILES[$fieldname]['error'][$key] == 0) or error($_FILES[$fieldname]['tmp_name'][$key].': '.$errors[$_FILES[$fieldname]['error'][$key]], $uploadForm); } // check that the file we are working on really was an HTTP upload foreach($active_keys as $key) { @is_uploaded_file($_FILES[$fieldname]['tmp_name'][$key]) or error($_FILES[$fieldname]['tmp_name'][$key].' not an HTTP upload', $uploadForm); } // make a unique filename for the uploaded file and check it is // not taken... if it is keep trying until we find a vacant one foreach($active_keys as $key) { $now = time(); while(file_exists($uploadFilename[$key] = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name'][$key])) { $now++; } } // now let's move the file to its final and allocate it with the new filename foreach($active_keys as $key) { @move_uploaded_file($_FILES[$fieldname]['tmp_name'][$key], $uploadFilename[$key]) or error('receiving directory insuffiecient permission', $uploadForm); } // If you got this far, everything has worked and the file has been successfully saved. // We are now going to redirect the client to the success page. if($_FILES['file']['error'] === UPLOAD_ERR_INI_SIZE) { // Handle the error echo 'Your file is too large.'; die(); } // make an error handler which will be used if the upload fails function error($error, $location, $seconds = 5) { echo "<table border=\"0\" cellspacing=\"4\" cellpadding=\"4\" style=\"border: 1px solid black; text-align: center; font-family: arial; font-size: 14px;\" width=\"600px\" align=\"center\"> <tr> <td> <font size=\"3\" color=\"red\"><strong><u>Upload Error</u></strong></font> <br> <br> <!--<b>Your proof is not a supported filetype.<br> Please upload an image (jpg, gif, png, bmp file) or PDF file. <br> <br> or</b> <br> <br>--> <b>Your File Size is bigger then the maximum allowed - 2 MB.<br> Please upload a smaller file.</b> <br><br> <a href=\"javascript: history.go(-1)\">Back to upload form</a> <br> </td> </tr> </table> <div style=\"display: none;\">"; } /* { header("Refresh: $seconds; URL=\"$location\""); echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n". '"http://www.w3.org/TR/html4/strict.dtd">'."\n\n". '<html lang="en">'."\n". '<head>'."\n". '<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">'."\n\n". '<link rel="stylesheet" type="text/css" href="stylesheet.css">'."\n\n". '<title>Upload error</title>'."\n\n". '</head>'."\n\n". '<body>'."\n\n". '<div id="Upload">'."\n\n". '<h1>Upload failure</h1>'."\n\n". '<p>An error has occured: '."\n\n". '<span class="red">' . $error . '...</span>'."\n\n". ' The upload form is reloading</p>'."\n\n". ' </div>'."\n\n". '</html>'; exit; } // end error handler */ // < input id="file1" name="file[]" type="file" style="border: 1px solid white;"> //$fi= $_POST['file[]']; //$fi = "(0)"; $fi = array($_FILES['file']['name']['0'],$_FILES['file']['name']['1'],$_FILES['file']['name']['2']);

====EDIT====

I was able to get it to ONLY allow images, but now how to I allow PDF's to be uploaded also?

I added this code to my script.

foreach($active_keys as $key) { @getimagesize($_FILES[$fieldname]['tmp_name'][$key]) or error($_FILES[$fieldname]['tmp_name'][$key].' not an image', $uploadForm); }
Improve this question
4
  • Attempt to open the file with an image editing library or a PDF library. If these libraries indicate that the files are valid, then they pass validation. Commented Oct 8, 2015 at 18:44
  • I need for the script to tell if they are images or a PDF, not me... Commented Oct 8, 2015 at 18:47
  • Yes, and that's why you use libraries, not programs on your own system. Commented Oct 8, 2015 at 18:49
  • A library is a set of functions available to your PHP scripts that allow it to do certain tasks. Thus, use an image editing library to open the file in PHP, check whether it's a valid image, and if not, switch to a PDF library, open the file in PHP, check if it's valid, and if not, then reject the upload. Commented Oct 8, 2015 at 19:13

2 Answers 2

Reset to default
1

Just attached the following line in your code. its will checks upload file is image or pdf before it move to directory.

$allowedExts = array("gif", "jpeg", "jpg", "png", "pdf"); $temp = explode(".", $_FILES["file"]["name"]); $extension = end($temp); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "application/pdf") && in_array($extension, $allowedExts)) { // put the upload code here } else { // put error message here }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I was able to achieve this with the code below.

$thefilename = $_FILES["file"]["name"][0]; /* first, check for suffix (jpg, gif, png, bmp file) or PDF file */ $thefilesuffix = substr($thefilename, -3); // echo "<p>".$thefilesuffix."</p><hr />"; switch($thefilesuffix) { case "pdf": case "PDF": /* don't need to do anything special, but notice the capitalized versions */ break; case "jpg": case "gif": case "png": case "bmp": case "JPG": case "GIF": case "PNG": case "BMP": //ALLOWS ONLY IMAGES TO BE UPLOADED foreach($active_keys as $key) { @getimagesize($_FILES[$fieldname]['tmp_name'][$key]) or error($_FILES[$fieldname]['tmp_name'][$key].' not an image', $uploadForm); } //ALLOWS ONLY IMAGES TO BE UPLOADED break; default: echo "<table border=\"0\" cellspacing=\"4\" cellpadding=\"4\" style=\"border: 1px solid black; text-align: center; font-family: arial; font-size: 14px;\" width=\"600px\" align=\"center\"> <tr> <td> <font size=\"3\" color=\"red\"><strong><u>Upload Error</u></strong></font> <br> <br> <b>Your proof must be an an image (jpg, gif, png, bmp file) or PDF file.<br> Please upload a different file.</b> <br> <br> <a href=\"javascript: history.go(-1)\">Back to upload form</a> <br> </td> </tr> </table> <div style=\"display: none;\">"; exit; break; }
Improve this answer

Comments