Jim Lucas wrote:
Peter Ford wrote:
Frank Arensmeier wrote:
17 jun 2008 kl. 22.14 skrev Jim Lucas:
Jason Pruim wrote:
Hi everyone,
I am attempting to adopt some code to work more reliably then how
it is now...
What I am doing is coding a upload form where people could be
uploading .zip files in excess of 200 MB... Yes I know that is
large, but it's for a print shop and they get HUGE files to print
from.
The code I'm having issues with is this:
$filename = $_FILES['userfile']['name']; // Get the name of the
file (including file extension).
$ext = substr($filename, strpos($filename,'.'),
strlen($filename)-1); // Get the extension from the filename.
All I want to do is grab the file extension and verify that it is a
.zip or a .pdf etc. file. This is working for small files (under a
few megs) but for some reason it fails when I get bigger. I have
increased the allowed memory size to 50 MB's I'm testing with a 44
MB file right now.
When it fails, it says the file type is not allowed even though it
is listed in the file type array.
Hopefully I have given you enough to go on to at least ask me some
questions :)
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx
Looking at what I think you are trying to do, how about this?
<?php
if ( isset( $_FILES ) ) {
foreach ( $_FILES AS $file )
$filename = $file['name'];
list($ext) = array_reverse(explode('.', $filename));
$allowed_ext = array('zip', 'pdf');
if ( in_array($ext, $allowed_ext) ) {
// Correct extension; do what ever
} else {
// Incorrect extension; do nothing
}
}
}
?>
I am somewhat surprised that all code suggestions are rather
complicated in my opinion. What is wrong with 'pathinfo'?
if ( !isset( $_FILES['userfile']['name'] ) ) {
echo "No file has been uploaded";
} else {
$allowed_extensions = array( "zip", "pdf", "ai", "html" );
$file_info = pathinfo( $_FILES['userfile']['name'] );
if ( in_array( strtolower( $file_info['extension'] ),
$allowed_extensions ) ) {
echo "File has a valid extension";
} else {
// do something else
}
}
// frank
Two points here:
Firstyl, as someone has already indicated, the file will be uploaded
before the PHP script runs, so the end user will have to wait for his
junk to get through the internet before (s)he is told it is junk. Is
that what you want?
Secondly, using the file extension to determine file type is a very
poor idea and open to abuse. If you have the file (which you do, 'cos
it's been uploaded before your script runs) then you should do a bit
more checking before accepting it. The Unix/Linux "file" command can
help here. Not perfect, but still...
You could also Virus-scan the file before accepting it. All depends on
whether your customer is prepared to wait while you clear his upload.
Cheers
Pete
I think that you have the wrong person here. That was a different
thread/person talking about preventing DoS'ing attacks. Not Jason.
D'oh! I'm sure I responded to the other thread.
I'm a bit young for 'Senior moments' yet...
--
Peter Ford phone: 01580 893333
Developer fax: 01580 893399
Justcroft International Ltd., Staplehurst, Kent
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
