Mike41692 Posted August 10, 2006 Share Posted August 10, 2006 I would like to know if its possible to restrict the file types that people are allowed to copy using copy() and if it can somebody please tell me how Link to comment Share on other sites More sharing options...
Jack McKalling Posted August 10, 2006 Share Posted August 10, 2006 Isn't copy only accessible by your own php script? If you are talking about the users of your website, don't be affraid they can copy files, they can't. Only you or the script you wrote yourself :)When you do use it in your script, then of course you can check what filetype the file it is before you copy it, but that wasn't the problem, was it? Link to comment Share on other sites More sharing options...
Mike41692 Posted August 10, 2006 Author Share Posted August 10, 2006 I own a image hosting website and i would like for my members to be able to upload files from a offsite url not from there hard drive i found this code on the internet and i would like to know if i can restrict the file types if ($_GET[xfer]) {if ($_POST[from] == "") {print "You forgot to enter a url.";} else {copy("$_POST[from]", "$_POST[to]");$size = round((filesize($_POST[to])/76800000), 3);print "transfer complete.<br><a><a href=\"$_POST[from]\">$_POST[from]</a><br><a><a href=\"$_POST[to]\">$_POST[name]$_POST[to]</a><br/><br/>";}} else {print "<form action=\"$PHP_SELF?xfer=true&type=url\" method=post>From URL: <input name=\"from\"><br>New file name: <input name=to> <br/><br/><input type=submit value=\"Upload\"><br/><br/>";} Link to comment Share on other sites More sharing options...
dcole.ath.cx Posted August 10, 2006 Share Posted August 10, 2006 well to block file types, you just look at the last 4 charactors or look at the charactors after the .the last 4 charactors can be got by using: $extension = substr($filename, strlen($filename) - 4);other wise you can explode $filename, then use end(); or what ever php function jumps to the last set in an array and look at the last set...sry I can't go into more detail, g2g... Link to comment Share on other sites More sharing options...
ThePsion5 Posted August 10, 2006 Share Posted August 10, 2006 Since the length of file extensions might possibly vary, depending on the filetype and OS, I would go with using explode instead of substring. Seems more reliable that way. Link to comment Share on other sites More sharing options...
justsomeguy Posted August 10, 2006 Share Posted August 10, 2006 Yeah, you will want to check for the file type yourself and only allow the ones you want. Also, there are other problems with that code. Things like this:$_GET[xfer] should be like this:$_GET['xfer']the string should be quoted. It will still work the other way, but you are incurring unnecessary overhead because PHP is first looking for a constant named xfer instead of using the literal string 'xfer'. I've made the changes for you here, see what the difference is: if ($_GET['xfer']) { if ($_POST['from'] == "") { print "You forgot to enter a url."; } else { copy($_POST['from'], $_POST['to']); $size = round((filesize($_POST['to'])/76800000), 3); print "transfer complete.<br> <a><a href=\"{$_POST['from']}\">{$_POST['from']}</a><br> <a><a href=\"{$_POST['to']}\">{$_POST['name']}{$_POST['to']}</a><br/><br/>"; }} else { print "<form action=\"{$PHP_SELF}?xfer=true&type=url\" method=post> From URL: <input name=\"from\"><br> New file name: <input name=to> <br/><br/> <input type=submit value=\"Upload\"><br/><br/>";} If you want to check the extension, you can probably use something like this: $allow = array();$allow[] = "jpg";$allow[] = "jpeg";$allow[] = "gif";$allow[] = "png";$path_chunks = explode("/", $_POST['from']); // get the path pieces$filename = $path_chunks[count($path_chunks) - 1]; // the file name is the last piece$dotpos = strrpos($filename, "."); // get the position of the last dot (if there are more than one)$extension = substr($filename, $dotpos + 1);if (array_search(strtolower($extension), $allow) !== false){ //the extension is ok}else{ //not allowed} Link to comment Share on other sites More sharing options...
Mike41692 Posted August 10, 2006 Author Share Posted August 10, 2006 Thank you justsomeguy it worked Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now