I have the following code:
$filecheck = basename($_FILES['imagefile']['name']);
$ext = substr($filecheck, strrpos($filecheck, '.') + 1);
if (($ext == "jpg" || $ext == "gif" || $ext == "png") && ($_FILES["imagefile"]["type"] == "image/jpeg" || $_FILES["imagefile"]["type"] == "image/gif" || $_FILES["imagefile"]["type"] == "image/png") &&
($_FILES["imagefile"]["size"] < 2120000)){
} else {
echo "F2";
die();
}
What i need to do is check if the uploaded file is a jpg/gif/png and that its less than 2 megs in size.
If its larger than 2 megs, or not the right file type, i need to return/echo F2 (error code for api).
When i use the code above to process a 70k jpg file, it returns F2.
SUBNOTE the picture im uploading has an extension of .JPG. Could case be a factor? If so, how do i accommodate for that?
The filesize() function in PHP is an inbuilt function which is used to return the size of a specified file. The filesize() function accepts the filename as a parameter and returns the size of a file in bytes on success and False on failure.
By default, the maximum upload file size for PHP scripts is set to 128 megabytes. However, you may want to change these limits. For example, you can set a lower limit to prevent users from uploading large files to your site. To do this, change the upload_max_filesize and post_max_size directives.
exif_imagetype() reads the first bytes of an image and checks its signature. exif_imagetype() can be used to avoid calls to other exif functions with unsupported file types or in conjunction with $_SERVER['HTTP_ACCEPT'] to check whether or not the viewer is able to see a specific image in the browser.
$_FILES["file"]["name"]. "<br>"; $image=$_FILES["file"]["name"]; /* Displaying Image*/ $img="upload/". $image; echo '<img src= "upload/". $img>'; } } } else { echo "Invalid file"; } ?>
Note that you might not want to rely on file extensions to determine file type. It would be rather easy for someone to upload an executable file with a .png
extension for example. A mime-type can also easily be forged by a malicious client to pass as an image. Relying on that information is a security risk.
PHP Documentation:
The mime type of the file, if the browser provided this information. An example would be "image/gif". This mime type is however not checked on the PHP side and therefore don't take its value for granted.
Try loading the images with gd
(getimagesize()
) to make sure they are actually valid images (and not just random files pretended with the header of an image file... finfo_file
relies on those headers).
if($_FILES["imagefile"]["size"] >= 2120000) {
echo "F2";
die();
} else {
$imageData = @getimagesize($_FILES["imagefile"]["tmp_name"]);
if($imageData === FALSE || !($imageData[2] == IMAGETYPE_GIF || $imageData[2] == IMAGETYPE_JPEG || $imageData[2] == IMAGETYPE_PNG)) {
echo "F2";
die();
}
}
If you really must use the extension to verify if the file is an image, use strtolower()
to put the extension into lowercase.
$filecheck = basename($_FILES['imagefile']['name']);
$ext = strtolower(substr($filecheck, strrpos($filecheck, '.') + 1));
if (!(($ext == "jpg" || $ext == "gif" || $ext == "png") && ($_FILES["imagefile"]["type"] == "image/jpeg" || $_FILES["imagefile"]["type"] == "image/gif" || $_FILES["imagefile"]["type"] == "image/png") &&
($_FILES["imagefile"]["size"] < 2120000))){
echo "F2";
die();
}
SUBNOTE the picture im uploading has an extension of .JPG. Could case be a factor? If so, how do i accommodate for that?
Yes, that is the problem. You should be add strtolower() to this line:
$ext = substr($filecheck, strrpos($filecheck, '.') + 1);
like:
$ext = strtolower(substr($filecheck, strrpos($filecheck, '.') + 1));
That will fix your currently issue. But technically, you shouldn't worry about file extensions, you should really only need to check the MIME type
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With