Jump to content

function image_type_to_extension


Recommended Posts

Having had two inputs on thread "Test for image type" showing me that I should not rely on browser giving me info about the file type I checked for finfo_file (I also checked for comment of Schraalhans Keukenmeester) and also for image_type_to_extension. My problem is a quite basic one, but I really do not know how to do it. Having for instance the following function:

if(!function_exists('image_type_to_extension')){    function image_type_to_extension($imagetype,$include_dot=true)    {        if(empty($imagetype)) return false;        $dot = $include_dot ? $dot.'' : '';        switch($imagetype)        {            case IMAGETYPE_GIF     : return $dot.'gif';            case IMAGETYPE_JPEG    : return $dot.'jpg';                        default                : return false;        }    }}

how do I apply the check to my form field validation and also how do I use it name my file? Currently using an $allowed array with suitable files types my validation is as:

	if (!isset($_FILES['img1']['name']) OR empty($_FILES['img1']['name'])) {				$errors['img1'] = '\'Image 1\' is a required field';		$img1 = FALSE;		} else {		if (!in_array($_FILES['img1']['type'], $allowed)){		$errors['img1'] = '\'Image 1\' accepts only jpg and gif';		$img1 = FALSE;		} else {			$type = $_FILES['img1']['type'];			$ext = substr ($type, 6);			$img1 = $user_id . '-1.' . $ext;		}		}

I know the lineif (!in_array($_FILES['img1']['type'], $allowed)){somehow needs to be replaced with a function call or similar, but I really do not know how to... Kurt

Link to post
Share on other sites

ure $allowed is an array with allowed extensions right?cause then u could try:$ext = explode('.',$_FILES['img1']['name']);$ext = $ext[count($ext)-1];if (!in_array($ext, $allowed)){//etc...using a function to convert the type to extention of an uploaded file wouldnt make sense, cause php makes the type in the $_FILES array with the extension, so u can just use this (not sure if what i just said makes sense, but dunno how else to say it, if u upload a png-picture, and rename it to .jpg, it will give image/jpeg as type, not image/png)

Link to post
Share on other sites
ure $allowed is an array with allowed extensions right?cause then u could try:$ext = explode('.',$_FILES['img1']['name']);$ext = $ext[count($ext)-1];if (!in_array($ext, $allowed)){//etc...using a function to convert the type to extention of an uploaded file wouldnt make sense, cause php makes the type in the $_FILES array with the extension, so u can just use this (not sure if what i just said makes sense, but dunno how else to say it, if u upload a png-picture, and rename it to .jpg, it will give image/jpeg as type, not image/png)
Wanda,Thanks. To use explode works well to produce the file name. Still, having amended my $allowed array to read:$allowed = array ('gif', 'jpeg', 'jpg');and replacingif (in_array($_FILES['img1']['type'], $allowed)) {withglobal $ext; // as $ext is in if clauseif (!in_array($ext, $allowed)) {it does not let me upload/move a file of correct extension complaining that it is not gif or jpg (my own error message). When I do a dump of $ext it shows NULL. As it takes the right extension for name I do not get why it cannot use it for db insertion/moving. Do you know why that is?Kurt
Link to post
Share on other sites

Wanda,Take it all back. Saw finally my mistake and the following code is working well:

	$errors = array();	// check for img1	if (!isset($_FILES['img1']['name']) OR empty($_FILES['img1']['name'])) {				$errors['img1'] = '\'Image 1\' is a required field';		$img1 = FALSE;		} else {		$ext = explode('.',$_FILES['img1']['name']);		$ext = $ext[count($ext)-1];		if (!in_array($ext, $allowed)) {		$errors['img1'] = '\'Image 1\' accepts only jpg and gif';		$img1 = FALSE;		} else {		$img1 = $user_id . '-1.' . $ext;		}		}	if (isset($_FILES['img1'])) { 	// validate the input		global $ext;		if (in_array($ext, $allowed)) {			// move the file over etc 

That is all great. But just to double-check: How does PHP get the info for the $_FILES array. Am a bit confused as I have been told not to rely on info from browser, but I just do not know sometimes where info is coming from...Kurt

Link to post
Share on other sites

From what I understand, PHP gets the mime type for the $_FILES array from the file extension itself. Nothing more, and easy for any 5-year-old to fake. That's why I recommended the other function: it seems to examine the actual file data. Most files announce their mime type in the first few dozen data characters so that apps can quickly recognize them. The only caveat is that this leaves open a means of inserting a trojan horse. If that worries you, you can take the next step beyond.

Link to post
Share on other sites
From what I understand, PHP gets the mime type for the $_FILES array from the file extension itself. Nothing more, and easy for any 5-year-old to fake. That's why I recommended the other function: it seems to examine the actual file data. Most files announce their mime type in the first few dozen data characters so that apps can quickly recognize them. The only caveat is that this leaves open a means of inserting a trojan horse. If that worries you, you can take the next step beyond.
It is an upload file in an area where you have to log in with username and password. Would hope folks do not try dodgy stuff, but then hey... What do I know. Check it a bit more in detail. Thanks for the info.Kurt
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...