php unknown file upload error

[Nuker_Viper]

Can anyone tell me what is wrong with this file that keeps saying that this file is invalid. it seems certain jpg files are invalid while others are not. yet they all meet the guidelines establish. ERROR:Upload: americanrobinbird.jpgType: image/pjpegSize: 12.8095703125 KbStored in: /chroot/tmp/phpfryeow Invalid file Invalid file Upload.php file

<?php$query = "SELECT * FROM {$dbprefix}pages ORDER BY hn ASC";$result = mysql_query($query)	 or die(mysql_error());while($row = mysql_fetch_array($result)){extract($row);$options .= "<option value='$pn'>$hn</option>";}$query = "SELECT * FROM {$dbprefix}leftnav ORDER BY name ASC";$result = mysql_query($query)	 or die(mysql_error());while($row = mysql_fetch_array($result)){extract($row);$folderoptions .= "<option value='$link'>$name</option>";}echo "<form action='upload_file.php' method='post' enctype='multipart/form-data'> <label for='file'>Filename:</label> <input type='file' name='file' id='file' /><br /> <label for='file'>File Belonges To:</label> <select name='powner' class='form' />$options</select><br /> <label for='file'>File Folder:</label> <select name='folder' class='form' />$folderoptions</select><br /> <input type='submit' name='submit' value='Submit' /> </form>";?> 

Upload php file:

<?php include("config.php");include("themes/$theme/header.php");?><?php if ($_FILES["file"]["error"] > 0)   {   echo "Error: " . $_FILES["file"]["error"] . "<br />";   } else   {   echo "Upload: " . $_FILES["file"]["name"] . "<br />";   echo "Type: " . $_FILES["file"]["type"] . "<br />";   echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";   echo "Stored in: " . $_FILES["file"]["tmp_name"];   } ?> <?php $allowedExts = array("jpg", "jpeg", "gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/jpg")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts))   {   if ($_FILES["file"]["error"] > 0)	 {	 echo "Error: " . $_FILES["file"]["error"] . "<br />";	 }   else	 {	 echo "Upload: " . $_FILES["file"]["name"] . "<br />";	 echo "Type: " . $_FILES["file"]["type"] . "<br />";	 echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";	 echo "Stored in: " . $_FILES["file"]["tmp_name"];	 }   } else   {   echo "Invalid file";   } ?> <?php $allowedExts = array("jpg", "jpeg", "gif", "png"); $extension = end(explode(".", $_FILES["file"]["name"])); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/jpg")) && ($_FILES["file"]["size"] < 20000) && in_array($extension, $allowedExts))   {   if ($_FILES["file"]["error"] > 0)	 {	 echo "Return Code: " . $_FILES["file"]["error"] . "<br />";	 }   else	 {	 echo "Upload: " . $_FILES["file"]["name"] . "<br />";	 echo "Type: " . $_FILES["file"]["type"] . "<br />";	 echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";	 echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />";    if (file_exists("$folder/" . $_FILES["file"]["name"]))	   {	   echo $_FILES["file"]["name"] . " already exists. ";	   }	 else	   {   $name = $_FILES["file"]["name"];   $newname = "$folder/$name";    $query = "INSERT INTO {$dbprefix}pictures (plocation, powner) VALUES ('$newname', '$powner')";  $result = mysql_query($query)  or die(mysql_error());  	   move_uploaded_file($_FILES["file"]["tmp_name"],	   "$folder/" . $_FILES["file"]["name"]);	   echo "Stored in: " . "$folder/" . $_FILES["file"]["name"];       echo "<script language=\"Javascript\">alert(\"Success!\");window.location.href = 'index.php?p=Upload';</script>";	   }	 }   } else   {   echo "Invalid file";   } ?>  <?php include("themes/$theme/footer.php");?>

[Don E]

Try adding to the allowed extensions array "pjpg" or/and "pjpeg" as well as adding to the if statements: $_FILES["file"]["type"] == "image/pjpeg".Just wondering, are you using internet explorer to run the above? If so, what version?

[birbal]

try to var_dump() the $_FILES array it will let you know which file type are you getting. as the conditions are not met so that the error is showing, first step would be to analyze the variable which are being checking in condition.

[Nuker_Viper]

Try adding to the allowed extensions array "pjpg" or/and "pjpeg" as well as adding to the if statements: $_FILES["file"]["type"] == "image/pjpeg". Just wondering, are you using internet explorer to run the above? If so, what version?

IE9. also tried it in firefox. going to add the above corrections and let you know. Update: It works one of those two must of been it. i think it was the "pjpg". i added the other one already. Thanks. Edited October 16, 2012 by Nuker_Viper

[Don E]

Glad it works. Only reason why I asked if you were using IE is because with some versions, no matter if the image is a progressive jpeg or a regular jpeg, IE returns ''image/pjpeg" for $_FILES["file"]["type"].

[kanchatchai]

<form name="upload file" method="post"  enctype="multipart/form-data" action=""><br/>File: <input type="file" name="file1"><br/><input type="submit" value="Start Upload" name="submit"></form><?PHP$allowfiletype='tif,gif,png,jpg,jpeg,doc,docx,xls,xlsx,ppt,pptx,jpg,pdf,zip,rar,txt';$allowedExts=explode(",",$allowfiletype);if (isset($_POST['submit'])){$filetype = explode('.', $_FILES['file1']['name']);$filetype = end($filetype);if (in_array($filetype, $allowedExts)){echo 'Good';}else{echo 'BAD';}}?>

[thescientist]

you didn't have to guess, the information was right here

ERROR:Upload: americanrobinbird.jpgType: image/pjpegSize: 12.8095703125 KbStored in: /chroot/tmp/phpfryeow Invalid file Invalid file

Edited October 16, 2012 by thescientist

[Nuker_Viper]

you didn't have to guess, the information was right here

sometimes you need someone on the outside to see the Obvious because you look too long at it.PLUS i had added the "pjpeg" after i posted this and it was the "pjpg" that i was missing. Edited October 16, 2012 by Nuker_Viper

[thescientist]

yeah, I had the same problem too, with IE "changing" the type. Took me a little while to figure out why it didn't work only in IE, and then had to back through and debug/log everything in $_FILES

Edited October 16, 2012 by thescientist

[justsomeguy]

For reasons like that, I usually only check the extension instead of the mime type. I don't want a future browser with weird mime types to break my upload things, and if someone wants to rename a .exe as a .jpg and upload it I don't really care, they'll just get a broken link in the browser. They can rename a .php file to a .jpg and wouldn't be able to execute it on the server. Besides, you can spoof a mime type as easily as anything else.

[Don E]

JSG, So you're saying when checks are done like the following, it really isn't good practice because of being able to spoof the mime type?

if($_FILES["file"]["type"] == 'image/jpeg' || $_FILES["file"]["type"] == 'image/pjpeg' || $_FILES["file"]["type"] == 'image/gif' || $_FILES["file"]["type"] == 'image/png' ) {	....}

And instead you only check the extension as it's done like so for example?:

$allowedExts = array("jpg", "jpeg", "gif", "png");$extension = end(explode(".", $_FILES["file"]["name"]));if( in_array($extension, $allowedExts) ){	...}

Thanks.

Edited October 16, 2012 by Don E

[justsomeguy]

Not that it isn't good practice, just that it doesn't offer any additional protection and introduces problems caused by browsers sending different mime types for the same types of files. If you're only checking mime type and not extension though, that is definitely bad practice because I can upload a PHP file and tell your server it's an image. In conclusion, always check extensions, and check mime type also if you want to. If you're checking mime types though, be prepared to add to that list if browsers start doing things differently with other files.

[kanchatchai]

try otherway$size = getimagesize($_FILES['file1']['tmp_name']);echo $size['mime'];