copy() ?

[Mike41692]

I would like to know if its possible to restrict the file types that people are allowed to copy using copy() and if it can somebody please tell me how

[Jack McKalling]

Isn't copy only accessible by your own php script? If you are talking about the users of your website, don't be affraid they can copy files, they can't. Only you or the script you wrote yourself :)When you do use it in your script, then of course you can check what filetype the file it is before you copy it, but that wasn't the problem, was it?

[Mike41692]

I own a image hosting website and i would like for my members to be able to upload files from a offsite url not from there hard drive i found this code on the internet and i would like to know if i can restrict the file types

if ($_GET[xfer]) {if ($_POST[from] == "") {print "You forgot to enter a url.";} else {copy("$_POST[from]", "$_POST[to]");$size = round((filesize($_POST[to])/76800000), 3);print "transfer complete.<br><a><a href=\"$_POST[from]\">$_POST[from]</a><br><a><a href=\"$_POST[to]\">$_POST[name]$_POST[to]</a><br/><br/>";}} else {print "<form action=\"$PHP_SELF?xfer=true&type=url\" method=post>From URL: <input name=\"from\"><br>New file name: <input name=to> <br/><br/><input type=submit value=\"Upload\"><br/><br/>";}

[dcole.ath.cx]

well to block file types, you just look at the last 4 charactors or look at the charactors after the .the last 4 charactors can be got by using: $extension = substr($filename, strlen($filename) - 4);other wise you can explode $filename, then use end(); or what ever php function jumps to the last set in an array and look at the last set...sry I can't go into more detail, g2g...

[ThePsion5]

Since the length of file extensions might possibly vary, depending on the filetype and OS, I would go with using explode instead of substring. Seems more reliable that way.

[justsomeguy]

Yeah, you will want to check for the file type yourself and only allow the ones you want. Also, there are other problems with that code. Things like this:$_GET[xfer] should be like this:$_GET['xfer']the string should be quoted. It will still work the other way, but you are incurring unnecessary overhead because PHP is first looking for a constant named xfer instead of using the literal string 'xfer'. I've made the changes for you here, see what the difference is:

if ($_GET['xfer']) {  if ($_POST['from'] == "")   {	print "You forgot to enter a url.";  }   else   {	copy($_POST['from'], $_POST['to']);	$size = round((filesize($_POST['to'])/76800000), 3);	print "transfer complete.<br>	<a><a href=\"{$_POST['from']}\">{$_POST['from']}</a><br>	<a><a href=\"{$_POST['to']}\">{$_POST['name']}{$_POST['to']}</a><br/><br/>";  }} else {  print "<form action=\"{$PHP_SELF}?xfer=true&type=url\" method=post>  From URL: <input name=\"from\"><br>  New file name: <input name=to>   <br/><br/>  <input type=submit value=\"Upload\"><br/><br/>";}

If you want to check the extension, you can probably use something like this:

$allow = array();$allow[] = "jpg";$allow[] = "jpeg";$allow[] = "gif";$allow[] = "png";$path_chunks = explode("/", $_POST['from']); // get the path pieces$filename = $path_chunks[count($path_chunks) - 1]; // the file name is the last piece$dotpos = strrpos($filename, "."); // get the position of the last dot (if there are more than one)$extension = substr($filename, $dotpos + 1);if (array_search(strtolower($extension), $allow) !== false){  //the extension is ok}else{  //not allowed}

[Mike41692]

Thank you justsomeguy it worked