Jump to content

function image_type_to_extension

kurt.santo

By kurt.santo
in PHP

Recommended Posts

kurt.santo Invested Member

kurt.santo

Posted
Posted

Having had two inputs on thread "Test for image type" showing me that I should not rely on browser giving me info about the file type I checked for finfo_file (I also checked for comment of Schraalhans Keukenmeester) and also for image_type_to_extension. My problem is a quite basic one, but I really do not know how to do it. Having for instance the following function:

if(!function_exists('image_type_to_extension')){    function image_type_to_extension($imagetype,$include_dot=true)    {        if(empty($imagetype)) return false;        $dot = $include_dot ? $dot.'' : '';        switch($imagetype)        {            case IMAGETYPE_GIF     : return $dot.'gif';            case IMAGETYPE_JPEG    : return $dot.'jpg';                        default                : return false;        }    }}

how do I apply the check to my form field validation and also how do I use it name my file? Currently using an $allowed array with suitable files types my validation is as:

	if (!isset($_FILES['img1']['name']) OR empty($_FILES['img1']['name'])) {				$errors['img1'] = '\'Image 1\' is a required field';		$img1 = FALSE;		} else {		if (!in_array($_FILES['img1']['type'], $allowed)){		$errors['img1'] = '\'Image 1\' accepts only jpg and gif';		$img1 = FALSE;		} else {			$type = $_FILES['img1']['type'];			$ext = substr ($type, 6);			$img1 = $user_id . '-1.' . $ext;		}		}

I know the lineif (!in_array($_FILES['img1']['type'], $allowed)){somehow needs to be replaced with a function call or similar, but I really do not know how to... Kurt

Link to comment
Share on other sites
Wander Member

Wander

Posted
Posted

ure $allowed is an array with allowed extensions right?cause then u could try:$ext = explode('.',$_FILES['img1']['name']);$ext = $ext[count($ext)-1];if (!in_array($ext, $allowed)){//etc...using a function to convert the type to extention of an uploaded file wouldnt make sense, cause php makes the type in the $_FILES array with the extension, so u can just use this (not sure if what i just said makes sense, but dunno how else to say it, if u upload a png-picture, and rename it to .jpg, it will give image/jpeg as type, not image/png)

Link to comment
Share on other sites
kurt.santo Invested Member

kurt.santo

Posted
  • Author
Posted
ure $allowed is an array with allowed extensions right?cause then u could try:$ext = explode('.',$_FILES['img1']['name']);$ext = $ext[count($ext)-1];if (!in_array($ext, $allowed)){//etc...using a function to convert the type to extention of an uploaded file wouldnt make sense, cause php makes the type in the $_FILES array with the extension, so u can just use this (not sure if what i just said makes sense, but dunno how else to say it, if u upload a png-picture, and rename it to .jpg, it will give image/jpeg as type, not image/png)
Wanda,Thanks. To use explode works well to produce the file name. Still, having amended my $allowed array to read:$allowed = array ('gif', 'jpeg', 'jpg');and replacingif (in_array($_FILES['img1']['type'], $allowed)) {withglobal $ext; // as $ext is in if clauseif (!in_array($ext, $allowed)) {it does not let me upload/move a file of correct extension complaining that it is not gif or jpg (my own error message). When I do a dump of $ext it shows NULL. As it takes the right extension for name I do not get why it cannot use it for db insertion/moving. Do you know why that is?Kurt
Link to comment
Share on other sites
kurt.santo Invested Member

kurt.santo

Posted
  • Author
Posted

Wanda,Take it all back. Saw finally my mistake and the following code is working well:

	$errors = array();	// check for img1	if (!isset($_FILES['img1']['name']) OR empty($_FILES['img1']['name'])) {				$errors['img1'] = '\'Image 1\' is a required field';		$img1 = FALSE;		} else {		$ext = explode('.',$_FILES['img1']['name']);		$ext = $ext[count($ext)-1];		if (!in_array($ext, $allowed)) {		$errors['img1'] = '\'Image 1\' accepts only jpg and gif';		$img1 = FALSE;		} else {		$img1 = $user_id . '-1.' . $ext;		}		}	if (isset($_FILES['img1'])) { 	// validate the input		global $ext;		if (in_array($ext, $allowed)) {			// move the file over etc

That is all great. But just to double-check: How does PHP get the info for the $_FILES array. Am a bit confused as I have been told not to rely on info from browser, but I just do not know sometimes where info is coming from...Kurt

Link to comment
Share on other sites
jeffman w3schools Guru

jeffman

Posted
Posted

From what I understand, PHP gets the mime type for the $_FILES array from the file extension itself. Nothing more, and easy for any 5-year-old to fake. That's why I recommended the other function: it seems to examine the actual file data. Most files announce their mime type in the first few dozen data characters so that apps can quickly recognize them. The only caveat is that this leaves open a means of inserting a trojan horse. If that worries you, you can take the next step beyond.

Link to comment
Share on other sites
kurt.santo Invested Member

kurt.santo

Posted
  • Author
Posted
From what I understand, PHP gets the mime type for the $_FILES array from the file extension itself. Nothing more, and easy for any 5-year-old to fake. That's why I recommended the other function: it seems to examine the actual file data. Most files announce their mime type in the first few dozen data characters so that apps can quickly recognize them. The only caveat is that this leaves open a means of inserting a trojan horse. If that worries you, you can take the next step beyond.
It is an upload file in an area where you have to log in with username and password. Would hope folks do not try dodgy stuff, but then hey... What do I know. Check it a bit more in detail. Thanks for the info.Kurt
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...