|
|
Posted by "Nadim Attari" on 06/16/05 08:47
http://www.php-help.net/sources-php/image.upload.function.353.html
Regards,
Nadim Attari
Alienworkers.com
> Hi, After a disastrous first attempt (which uploaded images but only by
> chance) it was suggested I rework the entire thing. This one seems to
> check the file against getimagesize and if that doesn't prove false,
> check the type and make the extension then rename the file. But the
> moving part is not working, and it does not kick back any error, it just
> fails.
>
> Can anyone tell me what I am doing wrong, and also if this is sufficient
> to a) upload images safely and b) protect against tampering?
>
> Thanks in advance,
> JJ
>
>
> <?php
>
> error_reporting(E_ALL);
>
> $uploaddir = "images/jpg/test/";
>
> // print_r($_FILES);
>
> $local_file = $_FILES['userfile']['tmp_name'];
>
> if (sizeof($local_file))
> {
>
> //try to get image size; this returns false if this is not an actual
> image file.
> $image_test = getimagesize($local_file);
>
> if ($image_test !== false) {
> $mime_type = $_FILES['userfile']['type'];
> switch($mime_type) {
> case "image/jpeg":
> $pext = 'jpg';
> break;
> case "image/tiff":
> $pext = 'tif';
> break;
> default:
> echo "The file you are trying to upload is an image, but it is not
> a tif or jpeg and therefore unacceptable.";
> }
> } else {
> echo "The file you are trying to upload is not a valid image file";
> }
>
> $main_image = md5(date("l-F-j-Y i:s")).'.'.$pext;
>
>
> move_uploaded_file($main_image,$uploaddir);
>
> }
>
> ?>
>
> <form enctype="multipart/form-data" action="<?php echo
> $_SERVER['PHP_SELF']; ?>" method="POST">
> <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
> <!-- Name of input element determines name in $_FILES array -->
> Cartoon: <input name="userfile" type="file" />
> <input type="submit" value="Upload File" />
> </form>
Navigation:
[Reply to this message]
|