Jump to content

Confirming image file type


farse

Recommended Posts

I test for file type and size of an uploaded file with the following:if (!(($_FILES["artwork"]["type"] == "image/jpeg") || ($_FILES["artwork"]["type"] == "image/pjpeg")) && ($_FILES["artwork"]["size"] < 2000000 ))The PHP Manual says that the file type is passed by the browser and not checked by PHP so the type cannot be taken for granted. This is confirmed by the fact that I uploaded both a GIF and a TIF file with jpg extensions and they passed this test.Later in the script, I process the images with the imagecreatefromstring($string) function.The PHP manual says this function will return "false" if the image type is unsupported, the data is not in a recognized format, or the image is corrupt and cannot be loaded. (The supported formats are JPEG, GIF, PNG, WBMP and GD2.) It offers the following example as a way to deal with that error:$im = imagecreatefromstring($string) if ($im !== false) {    header('Content-Type: image/png');    imagepng($im);    imagedestroy($im); }else {    echo 'An error occurred.'; }Consequently, I set up the following trap:$tempimage = imagecreatefromstring($image) if ($tmpimage == false) { $_SESSION['artworkmessage'] = 5; header ("Location: index.php"); exit; }The GIF image was processed because it is a format supported by the imagecreatefromstring function and it created no problems downstream. (The extension has no role or even existence at this point.)However, the TIF image resulted in a error warning that threw me out of the application before the test for "false" could be applied.I tried try/catch in every permutation I could think of but the problem seems to be that the system error is terminating the script before the imagecreatefromstring function completes.Although the likelihood is small that an image upload would be mis-labeled, it has already happened once. I want to exit from the script or at least present a specific message in response to this event.Is there a way to test the image during or before the file_get_contents step that precedes the imagecreatefromstring function?Alternatively, is there a way to replace the error message that is generated before the imagecreatefromstring function starts or completes?

Link to comment
Share on other sites

I haven't tried these out yet, but they look exactly like what I needed. I tried using fread to get the first 16 characters of the file and had mixed luck. I'll be working on this today and let you know how it turns out.Thanks.

Link to comment
Share on other sites

This promises to be exactly what I need but I'm getting: Parse error: syntax error, unexpected T_STRING in [the following line:]if (exif_imagetype('images/cocochanel.jpg') != IMAGETYPE_JPEG)orif (exif_imagetype('images/cocochanel.jpg') != 2)which seems to me to be identical to the example given in the manual.Actually, I'm trying to apply the function to an uploaded temporary file but get the same error with the following:if (exif_imagetype($_FILES['tmp_name']) != IMAGETYPE_JPEG)Clearly, there is something I don't understand.

Link to comment
Share on other sites

Check the previous few lines, you might have missed a semicolon or quote somewhere before that line.
If I comment out the block, the script behaves as it should. To add to the mystery, if I upload a GIF file to the following script:$testtext = exif_imagetype($artwork['tmp_name']);echo "$testtext is correct.";if ($testtext != 2){ do something}The following is printed to the screen:1 is correct.Notice: Undefined variable: testtext  in [if ($testtext != 2)]So the exif_imagetype function is providing the correct result, but seems to resist being used as an expression in the IF construct. Yet, the PHP Manual provides the IF construct as an example of its usage.Other IF constructs in the script function as expected.
Link to comment
Share on other sites

Here's the code from the top to the part that gives the error; the rest is more tests and some image operations. Again, keep in mind that this code works fine for jpegs when the final block is not there or commented out. Also, I've tried a lot of different configurations to get around this problem and finally decided it's not a function of construction.<?phpsession_start();include('mylibrary/connect.php');connect();if ($_SESSION['artworknumber'] + $_SESSION['numworks'] == 6){ $_SESSION['artworkmessage'] = 7; header ('Location: index.php'); exit;} $title = $_POST['title'];$media = $_POST['media'];$width = $_POST['width'];$height = $_POST['height'];$depth = $_POST['depth'];$price = $_POST['price'];$artwork = $_FILES['artwork'];if (get_magic_quotes_gpc()){ $title = stripslashes($title); $media = stripslashes($media); $width = stripslashes($width); $height = stripslashes($height); $depth = stripslashes($depth); $price = stripslashes($price); }$title = mysql_real_escape_string($title);$media = mysql_real_escape_string($media);$width = mysql_real_escape_string($width);$height = mysql_real_escape_string($height);$depth = mysql_real_escape_string($depth);$price = mysql_real_escape_string($price);$_SESSION['title'] = $title;$_SESSION['media'] = $media;$_SESSION['width'] = $width;$_SESSION['height'] = $height;$_SESSION['depth'] = $depth;$_SESSION['price'] = $price;if (!($title AND $media AND $width AND $height AND $price)){ $_SESSION['artworkmessage'] = 4; header ('Location: index.php'); exit;}if (!(($artwork['type'] == 'image/jpeg') || ($artwork['type'] == 'image/pjpeg')) && ($artwork['size'] < 2000000 )){ $_SESSION['artworkmessage'] = 5; header ('Location: index.php'); exit;}$testtext = exif_imagetype($artwork['tmp_name']);if ($testtext != 2){ $_SESSION['artworkmessage'] = 3; header ('Location: index.php'); exit;}?>

Link to comment
Share on other sites

PHP isn't going to "see" a function as a string, that's not how it works. You can test a page with only this on it to confirm that:

<?phpif (exif_imagetype('images/cocochanel.jpg') == IMAGETYPE_JPEG){  echo 'true';}else{  echo 'false';}?>

If there was a parse error on that page, the usual reason for something like that is a missing semicolon, paren, or quote on a previous line which causes the code to have a different structure than what you think it does. PHP was probably referring to the string image name in the function call as being unexpected because of something like that.Here's a test you can run to verify that the variable is not undefined:

<?php$testtext = exif_imagetype('http://www.google.com/intl/en_ALL/images/srpr/logo1w.png');var_dump($testtext);?>

I'm not working on a server that has the exif functions defined, so I can't test that.

Link to comment
Share on other sites

PHP isn't going to "see" a function as a string, that's not how it works. You can test a page with only this on it to confirm that:
<?phpif (exif_imagetype('images/cocochanel.jpg') == IMAGETYPE_JPEG){  echo 'true';}else{  echo 'false';}?>

If there was a parse error on that page, the usual reason for something like that is a missing semicolon, paren, or quote on a previous line which causes the code to have a different structure than what you think it does. PHP was probably referring to the string image name in the function call as being unexpected because of something like that.Here's a test you can run to verify that the variable is not undefined:

<?php$testtext = exif_imagetype('http://www.google.com/intl/en_ALL/images/srpr/logo1w.png');var_dump($testtext);?>

I'm not working on a server that has the exif functions defined, so I can't test that.

Your two tests worked as expected; var_dump result int(2) for a jpeg. That one didn't surprise me because I could echo $testtext.The first test did surprise me because it seems to be just what I am writing. I'll play around with structure some more and move the IF block up in the code to see what happens.
Link to comment
Share on other sites

OK, your tests convinced me that the functions worked so I kept fiddling until I got it to work but, unfortunately, I don't know what was wrong or what fixed it.But I'm happy and appreciate your help. Thanks.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...