Frank Arensmeier wrote:
17 jun 2008 kl. 22.14 skrev Jim Lucas:
Jason Pruim wrote:
Hi everyone,
I am attempting to adopt some code to work more reliably then how it
is now...
What I am doing is coding a upload form where people could be
uploading .zip files in excess of 200 MB... Yes I know that is large,
but it's for a print shop and they get HUGE files to print from.
The code I'm having issues with is this:
$filename = $_FILES['userfile']['name']; // Get the name of the
file (including file extension).
$ext = substr($filename, strpos($filename,'.'),
strlen($filename)-1); // Get the extension from the filename.
All I want to do is grab the file extension and verify that it is a
.zip or a .pdf etc. file. This is working for small files (under a
few megs) but for some reason it fails when I get bigger. I have
increased the allowed memory size to 50 MB's I'm testing with a 44 MB
file right now.
When it fails, it says the file type is not allowed even though it is
listed in the file type array.
Hopefully I have given you enough to go on to at least ask me some
questions :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx
Looking at what I think you are trying to do, how about this?
<?php
if ( isset( $_FILES ) ) {
foreach ( $_FILES AS $file )
$filename = $file['name'];
list($ext) = array_reverse(explode('.', $filename));
$allowed_ext = array('zip', 'pdf');
if ( in_array($ext, $allowed_ext) ) {
// Correct extension; do what ever
} else {
// Incorrect extension; do nothing
}
}
}
?>
I am somewhat surprised that all code suggestions are rather complicated
in my opinion. What is wrong with 'pathinfo'?
if ( !isset( $_FILES['userfile']['name'] ) ) {
echo "No file has been uploaded";
} else {
$allowed_extensions = array( "zip", "pdf", "ai", "html" );
$file_info = pathinfo( $_FILES['userfile']['name'] );
if ( in_array( strtolower( $file_info['extension'] ),
$allowed_extensions ) ) {
echo "File has a valid extension";
} else {
// do something else
}
}
// frank
Two points here:
Firstyl, as someone has already indicated, the file will be uploaded before the
PHP script runs, so the end user will have to wait for his junk to get through
the internet before (s)he is told it is junk. Is that what you want?
Secondly, using the file extension to determine file type is a very poor idea
and open to abuse. If you have the file (which you do, 'cos it's been uploaded
before your script runs) then you should do a bit more checking before accepting
it. The Unix/Linux "file" command can help here. Not perfect, but still...
You could also Virus-scan the file before accepting it. All depends on whether
your customer is prepared to wait while you clear his upload.
Cheers
Pete
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
