MyBB Community Forums

MyBB Community Forums > Community > General Discussion > PHP Upload Form
Full Version: PHP Upload Form
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Lyndon D.

2009-10-01, 01:14 AM
I'm creating a PHP Upload form and I am trying to put restrictions on it.

I know that for images you do

image/jpeg for example

But what would I do for office documents? (word, excell, powerpoint, etc) (doc, docx)
I also want to allow PDF Documents.
Here is the code I am using:

<?php
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/pjpeg"))
&& ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />";
echo "Type: " . $_FILES["file"]["type"] . "<br />";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";

if (file_exists("upload/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"upload/" . $_FILES["file"]["name"]);
echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
}
}
}
else
{
echo "Invalid file";
}
?>

Lyndon D.

2009-10-02, 03:54 PM
bump Big Grin

Yumi

2009-10-03, 05:38 AM
Look at MyBB's attachment types for the MIME types for Office documents. You can also look at file extension or attempt to read the file signature.
However, do note that this type of checking (MIME type and file extension) is very easy to bypass.

In general, uploads are very easy to mess up in terms of getting security right, and it's one thing I wouldn't suggest to novice scripters.

exdiogene

2009-10-03, 02:49 PM
May i suggest you to modify your code to include all the valid MIME types in array and just check if the uploaded file is valid there, like this :

<?php
$ValidTypes = Array("image/gif","image/jpeg","image/pjpeg","application/msword","application/excel","application/x-excel","application/mspowerpoint");

if (in_array($_FILES["file"]["type"],$ValidTypes) && ($_FILES["file"]["size"] < 20000))
{
if ($_FILES["file"]["error"] > 0)
{
...

You can find list of MIME types quite easily with search engines, here are two :
http://www.w3schools.com/media/media_mimeref.asp
http://www.webmaster-toolkit.com/mime-types.shtml

Lyndon D.

2009-10-03, 04:23 PM
do those file types work for both 2003 and 2007 Office? As our school runs 2007 on our newer server but our older computers still run 2003.

exdiogene

2009-10-03, 04:34 PM
File types are not version related, they are more application related. Wink

Lyndon D.

2009-10-03, 04:35 PM
Ok I will begin testing Big Grin
MyBB Community Forums > Community > General Discussion > PHP Upload Form