Form field to Upload a specific file, does not upload

[mboehler3]

I have a form that has four fields, and the last field is an upload-file field. I want the user to upload a video file, which must be in one of four formats. The uploaded video will be placed in a folder on my server. Once the form submits, an email is sent to me and the form fields are stored in a database.I am getting emails and seeing the information in my database, but I cannot get the upload onto my server. Also, file types that I want to accept are being told that it's not acceptable. For instance, I tried to upload a .mov file and got the message: The file is not a video format we accept.I have been talking to some colleagues of mine but I cannot get this fixed. Can someone take a look at this code and offer any advice? Here is my code:

<?php //ftp acess$host = "ftp.hostname.com";$usr = "username";$password = "pass";//This is the directory where images will be saved$local_file = $_FILES['video']['tmp_name'];$ftp_path = "/upload/".$_FILES['video']['name'];$type = $_FILES['video']['type'];$size = $_FILES['video']['size'];if($size < 151000000) {if(($type == 'video/mpeg') || ($type =='video/mov') || ($type =='video/mp4') || ($type =='video/mpg') || ($type =='video/avi')) {//connect to the FTP server$conn = ftp_ssl_connect($host, 21) or die("Can't connect to the host!");ftp_login($conn, $usr, $password) or die("Cannot login");  $upload = ftp_put($conn, $ftp_path, $local_file, FTP_ASCII);// check upload status:} else {echo "The file is not a video format we accept";}} else {echo "The size of the file is to large";}// close the FTP streamftp_close($conn);//This gets all the other information from the form$name=$_POST['name'];$email=$_POST['email'];$phone=$_POST['phone'];$vid=addslashes(basename($_FILES['video']['name']));// Connects to your Databasemysql_connect("localhost", "username", "pass") or die("Error connect: ".mysql_error()) ;mysql_select_db("database_name") or die("Can't connect to Database".mysql_error()) ;//Writes the information to the database$query = "INSERT INTO video (videoid, Name, Email, Phone, Video) VALUES ('','$name', '$email', '$phone', '$vid')";if(!mysql_query($query)){  echo "Error uploading information";}else {  $headers = 'From: '.$email. "\r\n" . 'Reply-To: '.$email. "\r\n". 'X-Mailer: PHO/' . phpversion();  $message = "Name: ".$name . "\r\n";  $message .= "Email : ".$email . "\r\n";  $message .= "Phone number: ".$phone. "\r\n";;  $message .= "Video file: ". $vid;  mail("myemail@gmail.com", "Video uploaded", $message,$headers);header('Location: http://mysite.com/submit/thank-you.php') ;}?>

Thank you in advance for any help you can provide.

[justsomeguy]

It would be better to get the file's extension and compare that with a list of extensions instead of using the mime type supplied by the browser. You can get the extension like this: $ext = strtolower(@array_pop(explode('.', $local_file))); You should also enable all error messages, there would be an error in that script if either of those 2 if statements are false. If you're not seeing that error message then error messages aren't enabled. You're also adding the record to the database regardless of whether or not the file was uploaded.

[Guest So Called]

Also, file types that I want to accept are being told that it's not acceptable. For instance, I tried to upload a .mov file and got the message: The file is not a video format we accept.

<?php $type = $_FILES['video']['type']; echo "type = $type"; // <------ add echo statement to see what value the statement below is testing if(($type == 'video/mpeg') || ($type =='video/mov') || ($type =='video/mp4') || ($type =='video/mpg') || ($type =='video/avi')) { ////// } else { echo "The file is not a video format we accept"; }

Why not start out with finding the caue of your type failing?

[mboehler3]

Adding the echo statement gave me this: type = video/quicktimeThe file is not a video format we accept

[justsomeguy]

That's why it fails, because you're not checking for "video/quicktime". That's why I suggested using the extension instead of trying to build a list of all possible mime types that any browser might submit for the formats you want to allow. There are other security issues if you're only checking mime type and not extension (they could upload a PHP script and tell the server it is a "video/avi" file and you would save it on your server for them to execute).

[Guest So Called]

Adding the echo statement gave me this: type = video/quicktimeThe file is not a video format we accept

I pretty much expected something like that. So you'll either have to add that mime type or do something different.

[Guest So Called]

That's why it fails, because you're not checking for "video/quicktime". That's why I suggested using the extension instead of trying to build a list of all possible mime types that any browser might submit for the formats you want to allow. There are other security issues if you're only checking mime type and not extension (they could upload a PHP script and tell the server it is a "video/avi" file and you would save it on your server for them to execute).

Good point! It seems to me that the OP might be well advised to check both mime type and file extension, and maybe even check against each other to verify the type matches the extension. Anyway I presume now the OP understands what the problem is.

[mboehler3]

Awesome, now the video is accepted and I am directed to the Thank You page. The last remaining problem is that the video does not upload to my server. It's supposed to be in my /uploads/ folder, but it doesn't go there. Is there any way to determine why this is not working, using a similar echo method?

[mboehler3]

Sorry guys, I found it, it's in a different directory. Thanks for your help.

[justsomeguy]

Again, step 1 is to enable error messages. ini_set('display_errors', 1);error_reporting(E_ALL);