|
|
Posted by Jack Jackson on 06/15/05 18:58
Hi, After a disastrous first attempt (which uploaded images but only by
chance) it was suggested I rework the entire thing. This one seems to
check the file against getimagesize and if that doesn't prove false,
check the type and make the extension then rename the file. But the
moving part is not working, and it does not kick back any error, it just
fails.
Can anyone tell me what I am doing wrong, and also if this is sufficient
to a) upload images safely and b) protect against tampering?
Thanks in advance,
JJ
<?php
error_reporting(E_ALL);
$uploaddir = "images/jpg/test/";
// print_r($_FILES);
$local_file = $_FILES['userfile']['tmp_name'];
if (sizeof($local_file))
{
//try to get image size; this returns false if this is not an actual
image file.
$image_test = getimagesize($local_file);
if ($image_test !== false) {
$mime_type = $_FILES['userfile']['type'];
switch($mime_type) {
case "image/jpeg":
$pext = 'jpg';
break;
case "image/tiff":
$pext = 'tif';
break;
default:
echo "The file you are trying to upload is an image, but it is not
a tif or jpeg and therefore unacceptable.";
}
} else {
echo "The file you are trying to upload is not a valid image file";
}
$main_image = md5(date("l-F-j-Y i:s")).'.'.$pext;
move_uploaded_file($main_image,$uploaddir);
}
?>
<form enctype="multipart/form-data" action="<?php echo
$_SERVER['PHP_SELF']; ?>" method="POST">
<input type="hidden" name="MAX_FILE_SIZE" value="300000" />
<!-- Name of input element determines name in $_FILES array -->
Cartoon: <input name="userfile" type="file" />
<input type="submit" value="Upload File" />
</form>
Navigation:
[Reply to this message]
|