Image upload form

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, After a disastrous first attempt (which uploaded images but only by chance) it was suggested I rework the entire thing. This one seems to check the file against getimagesize and if that doesn't prove false, check the type and make the extension then rename the file. But the moving part is not working, and it does not kick back any error, it just fails.

Can anyone tell me what I am doing wrong, and also if this is sufficient to a) upload images safely and b) protect against tampering?

Thanks in advance,
JJ


<?php

error_reporting(E_ALL);

      $uploaddir = "images/jpg/test/";

//      print_r($_FILES);

      $local_file = $_FILES['userfile']['tmp_name'];

if (sizeof($local_file))
  {

//try to get image size; this returns false if this is not an actual image file.
      $image_test = getimagesize($local_file);

	if ($image_test !== false) {
	   $mime_type = $_FILES['userfile']['type'];
	   switch($mime_type) {
	       case "image/jpeg":
		   $pext = 'jpg';
		   break;
	       case "image/tiff":
		   $pext = 'tif';
		   break;
	       default:
echo "The file you are trying to upload is an image, but it is not a tif or jpeg and therefore unacceptable.";
	   }
} else {
   echo "The file you are trying to upload is not a valid image file";
}

 $main_image = md5(date("l-F-j-Y i:s")).'.'.$pext;

	
	   move_uploaded_file($main_image,$uploaddir);
	
  }

  ?>

<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
    <!-- Name of input element determines name in $_FILES array -->
    Cartoon: <input name="userfile" type="file" />
    <input type="submit" value="Upload File" />
</form>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux