Jump to content

copy() ?


Mike41692
 Share

Recommended Posts

Isn't copy only accessible by your own php script? If you are talking about the users of your website, don't be affraid they can copy files, they can't. Only you or the script you wrote yourself :)When you do use it in your script, then of course you can check what filetype the file it is before you copy it, but that wasn't the problem, was it? :)

Link to comment
Share on other sites

I own a image hosting website and i would like for my members to be able to upload files from a offsite url not from there hard drive i found this code on the internet and i would like to know if i can restrict the file types

if ($_GET[xfer]) {if ($_POST[from] == "") {print "You forgot to enter a url.";} else {copy("$_POST[from]", "$_POST[to]");$size = round((filesize($_POST[to])/76800000), 3);print "transfer complete.<br><a><a href=\"$_POST[from]\">$_POST[from]</a><br><a><a href=\"$_POST[to]\">$_POST[name]$_POST[to]</a><br/><br/>";}} else {print "<form action=\"$PHP_SELF?xfer=true&type=url\" method=post>From URL: <input name=\"from\"><br>New file name: <input name=to> <br/><br/><input type=submit value=\"Upload\"><br/><br/>";}

Link to comment
Share on other sites

well to block file types, you just look at the last 4 charactors or look at the charactors after the .the last 4 charactors can be got by using: $extension = substr($filename, strlen($filename) - 4);other wise you can explode $filename, then use end(); or what ever php function jumps to the last set in an array and look at the last set...sry I can't go into more detail, g2g...

Link to comment
Share on other sites

Yeah, you will want to check for the file type yourself and only allow the ones you want. Also, there are other problems with that code. Things like this:$_GET[xfer] should be like this:$_GET['xfer']the string should be quoted. It will still work the other way, but you are incurring unnecessary overhead because PHP is first looking for a constant named xfer instead of using the literal string 'xfer'. I've made the changes for you here, see what the difference is:

if ($_GET['xfer']) {  if ($_POST['from'] == "")   {	print "You forgot to enter a url.";  }   else   {	copy($_POST['from'], $_POST['to']);	$size = round((filesize($_POST['to'])/76800000), 3);	print "transfer complete.<br>	<a><a href=\"{$_POST['from']}\">{$_POST['from']}</a><br>	<a><a href=\"{$_POST['to']}\">{$_POST['name']}{$_POST['to']}</a><br/><br/>";  }} else {  print "<form action=\"{$PHP_SELF}?xfer=true&type=url\" method=post>  From URL: <input name=\"from\"><br>  New file name: <input name=to>   <br/><br/>  <input type=submit value=\"Upload\"><br/><br/>";}

If you want to check the extension, you can probably use something like this:

$allow = array();$allow[] = "jpg";$allow[] = "jpeg";$allow[] = "gif";$allow[] = "png";$path_chunks = explode("/", $_POST['from']); // get the path pieces$filename = $path_chunks[count($path_chunks) - 1]; // the file name is the last piece$dotpos = strrpos($filename, "."); // get the position of the last dot (if there are more than one)$extension = substr($filename, $dotpos + 1);if (array_search(strtolower($extension), $allow) !== false){  //the extension is ok}else{  //not allowed}

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...