Nuker_Viper Posted October 14, 2012 Share Posted October 14, 2012 Can anyone tell me what is wrong with this file that keeps saying that this file is invalid. it seems certain jpg files are invalid while others are not. yet they all meet the guidelines establish. ERROR:Upload: americanrobinbird.jpgType: image/pjpegSize: 12.8095703125 KbStored in: /chroot/tmp/phpfryeow Invalid file Invalid file Upload.php file <?php$query = "SELECT * FROM {$dbprefix}pages ORDER BY hn ASC";$result = mysql_query($query) or die(mysql_error());while($row = mysql_fetch_array($result)){extract($row);$options .= "<option value='$pn'>$hn</option>";}$query = "SELECT * FROM {$dbprefix}leftnav ORDER BY name ASC";$result = mysql_query($query) or die(mysql_error());while($row = mysql_fetch_array($result)){extract($row);$folderoptions .= "<option value='$link'>$name</option>";}echo "<form action='upload_file.php' method='post' enctype='multipart/form-data'> <label for='file'>Filename:</label> <input type='file' name='file' id='file' /><br /> <label for='file'>File Belonges To:</label> <select name='powner' class='form' />$options</select><br /> <label for='file'>File Folder:</label> <select name='folder' class='form' />$folderoptions</select><br /> <input type='submit' name='submit' value='Submit' /> </form>";?> Upload php file: <?php include("config.php");include("themes/$theme/header.php");?><?php if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } ?> <?php $allowedExts = array("jpg", "jpeg", "gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/jpg")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0) { echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Stored in: " . $_FILES["file"]["tmp_name"]; } } else { echo "Invalid file"; } ?> <?php $allowedExts = array("jpg", "jpeg", "gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/jpg")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("$folder/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { $name = $_FILES["file"]["name"]; $newname = "$folder/$name"; $query = "INSERT INTO {$dbprefix}pictures (plocation, powner) VALUES ('$newname', '$powner')"; $result = mysql_query($query) or die(mysql_error()); move_uploaded_file($_FILES["file"]["tmp_name"], "$folder/" . $_FILES["file"]["name"]); echo "Stored in: " . "$folder/" . $_FILES["file"]["name"]; echo "<script language=\"Javascript\">alert(\"Success!\");window.location.href = 'index.php?p=Upload';</script>"; } } } else { echo "Invalid file"; } ?> <?php include("themes/$theme/footer.php");?> Link to comment Share on other sites More sharing options...
Don E Posted October 14, 2012 Share Posted October 14, 2012 Try adding to the allowed extensions array "pjpg" or/and "pjpeg" as well as adding to the if statements: $_FILES["file"]["type"] == "image/pjpeg".Just wondering, are you using internet explorer to run the above? If so, what version? Link to comment Share on other sites More sharing options...
birbal Posted October 14, 2012 Share Posted October 14, 2012 try to var_dump() the $_FILES array it will let you know which file type are you getting. as the conditions are not met so that the error is showing, first step would be to analyze the variable which are being checking in condition. Link to comment Share on other sites More sharing options...
Nuker_Viper Posted October 16, 2012 Author Share Posted October 16, 2012 (edited) Try adding to the allowed extensions array "pjpg" or/and "pjpeg" as well as adding to the if statements: $_FILES["file"]["type"] == "image/pjpeg". Just wondering, are you using internet explorer to run the above? If so, what version? IE9. also tried it in firefox. going to add the above corrections and let you know. Update: It works one of those two must of been it. i think it was the "pjpg". i added the other one already. Thanks. Edited October 16, 2012 by Nuker_Viper Link to comment Share on other sites More sharing options...
Don E Posted October 16, 2012 Share Posted October 16, 2012 Glad it works. Only reason why I asked if you were using IE is because with some versions, no matter if the image is a progressive jpeg or a regular jpeg, IE returns ''image/pjpeg" for $_FILES["file"]["type"]. Link to comment Share on other sites More sharing options...
kanchatchai Posted October 16, 2012 Share Posted October 16, 2012 <form name="upload file" method="post" enctype="multipart/form-data" action=""><br/>File: <input type="file" name="file1"><br/><input type="submit" value="Start Upload" name="submit"></form><?PHP$allowfiletype='tif,gif,png,jpg,jpeg,doc,docx,xls,xlsx,ppt,pptx,jpg,pdf,zip,rar,txt';$allowedExts=explode(",",$allowfiletype);if (isset($_POST['submit'])){$filetype = explode('.', $_FILES['file1']['name']);$filetype = end($filetype);if (in_array($filetype, $allowedExts)){echo 'Good';}else{echo 'BAD';}}?> Link to comment Share on other sites More sharing options...
thescientist Posted October 16, 2012 Share Posted October 16, 2012 (edited) you didn't have to guess, the information was right here ERROR:Upload: americanrobinbird.jpgType: image/pjpegSize: 12.8095703125 KbStored in: /chroot/tmp/phpfryeow Invalid file Invalid file Edited October 16, 2012 by thescientist Link to comment Share on other sites More sharing options...
Nuker_Viper Posted October 16, 2012 Author Share Posted October 16, 2012 (edited) you didn't have to guess, the information was right here sometimes you need someone on the outside to see the Obvious because you look too long at it.PLUS i had added the "pjpeg" after i posted this and it was the "pjpg" that i was missing. Edited October 16, 2012 by Nuker_Viper Link to comment Share on other sites More sharing options...
thescientist Posted October 16, 2012 Share Posted October 16, 2012 (edited) yeah, I had the same problem too, with IE "changing" the type. Took me a little while to figure out why it didn't work only in IE, and then had to back through and debug/log everything in $_FILES Edited October 16, 2012 by thescientist Link to comment Share on other sites More sharing options...
justsomeguy Posted October 16, 2012 Share Posted October 16, 2012 For reasons like that, I usually only check the extension instead of the mime type. I don't want a future browser with weird mime types to break my upload things, and if someone wants to rename a .exe as a .jpg and upload it I don't really care, they'll just get a broken link in the browser. They can rename a .php file to a .jpg and wouldn't be able to execute it on the server. Besides, you can spoof a mime type as easily as anything else. Link to comment Share on other sites More sharing options...
Don E Posted October 16, 2012 Share Posted October 16, 2012 (edited) JSG, So you're saying when checks are done like the following, it really isn't good practice because of being able to spoof the mime type? if($_FILES["file"]["type"] == 'image/jpeg' || $_FILES["file"]["type"] == 'image/pjpeg' || $_FILES["file"]["type"] == 'image/gif' || $_FILES["file"]["type"] == 'image/png' ) { ....} And instead you only check the extension as it's done like so for example?: $allowedExts = array("jpg", "jpeg", "gif", "png");$extension = end(explode(".", $_FILES["file"]["name"]));if( in_array($extension, $allowedExts) ){ ...} Thanks. Edited October 16, 2012 by Don E Link to comment Share on other sites More sharing options...
justsomeguy Posted October 16, 2012 Share Posted October 16, 2012 Not that it isn't good practice, just that it doesn't offer any additional protection and introduces problems caused by browsers sending different mime types for the same types of files. If you're only checking mime type and not extension though, that is definitely bad practice because I can upload a PHP file and tell your server it's an image. In conclusion, always check extensions, and check mime type also if you want to. If you're checking mime types though, be prepared to add to that list if browsers start doing things differently with other files. 1 Link to comment Share on other sites More sharing options...
kanchatchai Posted October 17, 2012 Share Posted October 17, 2012 try otherway$size = getimagesize($_FILES['file1']['tmp_name']);echo $size['mime']; Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now