Nadim Attari wrote:
http://www.php-help.net/sources-php/image.upload.function.353.html

Thanks, Nadim,
I'm sure that is a great script. I am really trying to learn how it's working, so I'm trying to stay away from pre-rolled stuff as much as I can and beg for the mercy of the list in building these simple scripts. Believe it or not I'm actually improving pretty fast (despite scriptorial evidence to the contrary on this list)!

Thanks again,
JJ



Regards,
Nadim Attari
Alienworkers.com



Hi, After a disastrous first attempt (which uploaded images but only by
chance) it was suggested I rework the entire thing. This one seems to
check the file against getimagesize and if that doesn't prove false,
check the type and make the extension then rename the file. But the
moving part is not working, and it does not kick back any error, it just
fails.

Can anyone tell me what I am doing wrong, and also if this is sufficient
to a) upload images safely and b) protect against tampering?

Thanks in advance,
JJ


<?php

error_reporting(E_ALL);

      $uploaddir = "images/jpg/test/";

//      print_r($_FILES);

      $local_file = $_FILES['userfile']['tmp_name'];

if (sizeof($local_file))
  {

//try to get image size; this returns false if this is not an actual
image file.
      $image_test = getimagesize($local_file);

if ($image_test !== false) {
  $mime_type = $_FILES['userfile']['type'];
  switch($mime_type) {
      case "image/jpeg":
  $pext = 'jpg';
  break;
      case "image/tiff":
  $pext = 'tif';
  break;
      default:
  echo "The file you are trying to upload is an image, but it is not
a tif or jpeg and therefore unacceptable.";
  }
} else {
   echo "The file you are trying to upload is not a valid image file";
}

 $main_image = md5(date("l-F-j-Y i:s")).'.'.$pext;


  move_uploaded_file($main_image,$uploaddir);

  }

  ?>

  <form enctype="multipart/form-data" action="<?php echo
$_SERVER['PHP_SELF']; ?>" method="POST">
    <input type="hidden" name="MAX_FILE_SIZE" value="300000" />
    <!-- Name of input element determines name in $_FILES array -->
    Cartoon: <input name="userfile" type="file" />
    <input type="submit" value="Upload File" />
</form>



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to