Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.
Not a member yet? Click here to register.
Forgot Password?
  1. Home
  2. Discussion Forum
  3. PHPFusion 8 Support
  4. Modifications and Requests - 8
  5. File upload script problem

File upload script problem

Asked Modified Viewed 2,782 times
Back to Forum Index Previous Topic Next Topic
Print
N
niiii
N
niiii 10
  • Newbie, joined since
  • Contributed 2 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions
asked
Newbie

Hi everyone, I found this script to upload files, everything works but it accepts text/php files, I don't know what's wrong because its defined in the script.

Code Download source
<?php 
 $target = "subdom/dema/"; 
 $target = $target . basename( $_FILES['uploaded']['name']) ; 
 $ok=1; 
 
 //This is our size condition 
 if ($uploaded_size > 350000) 
 { 
 echo "Too large.<br>"; 
 $ok=0; 
 } 
 
 //This is our limit file type condition 
 if ($uploaded_type =="text/php") 
 { 
 echo "No php files!<br>"; 
 $ok=0; 
 } 
 
 //Here we check that $ok was not set to 0 by an error 
 if ($ok==0) 
 { 
 Echo "added!"; 
 } 
 
 //If everything is ok we try to upload it 
 else 
 { 
 if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) 
 { 
 echo "Demo ". basename( $_FILES['uploadedfile']['name']). " added"; 
 } 
 else 
 { 
 echo "error."; 
 } 
 } 
 ?>


Is there any way to set that it will accept only .dem files?
0 replies

1 post

S
skpacman
S
My PHP-Fusion site: https://skpacman.live
  • Member, joined since
  • Contributed 150 posts on the community forums.
  • Started 25 threads in the forums
answered
Member

Code Download source
if (isset($_FILES)){
   //Define target file location
   $target = "subdom/dema/"; 
   $target = $target . basename( $_FILES['uploaded']['name']) ; 

   //Break apart the file and fill in things to check
   $allowedExts = array("dem");
   $temp = explode(".", $_FILES['uploaded']['name']);
   $extension = end($temp);
   $tmp_filename = str_replace("/tmp/php", "", $_FILES['uploaded']['tmp_name']);
   
   //Check if the file matches extension and MIME
   if ($_FILES['uploaded']['type'] == "application/octet-stream"
   && in_array($extension, $allowedExts)) {
      $ok = true;
   } else {
      echo "Wrong file type.<br />";
      $ok = false;
   }
   
   //Make sure the file isn't too big
   if ($_FILES['uploaded']['size'] > 350000){
      $ok = true;
   } else {
      echo "File too large.<br />";
      $ok = false;
   }
   
   //Move the file somewhere useful
   if($ok){
      move_uploaded_file($_FILES['uploaded']['tmp_name'],$target);
   } else {
      echo "Check the files for the errors above.<br />";
   }
}   


I've had success with stuff like this.

$allowedExts is an array containing extensions you'll allow. If you want to add more to the list, add them there.

You'll also have to add their mime type to the section marked "//Check if the file matches extension and MIME". You can remove that from the checking, but I don't suggest that. Just checking the extension is insecure. I wasn't sure what a .DEM file is, so I put "application/octet-stream" since that's what came up when I did a search for the extension.

Verifying and moving files is tricky business.
0 replies

Category Forum

Modifications and Requests - 8

Labels

None yet

Statistics

  • Views 0 views
  • Posts 1 post
  • Votes 0 votes
  • Topic users 2 members

2 participants

S
S
My PHP-Fusion site: https://skpacman.live
  • Member, joined since
  • Contributed 150 posts on the community forums.
  • Started 25 threads in the forums
N
N
niiii 10
  • Newbie, joined since
  • Contributed 2 posts on the community forums.
  • Started 2 threads in the forums
  • Started this discussions

Notifications

Track thread

You are not receiving notifications from this thread.

Related Questions

Not yet