uploading files

Anon

The following script allows users to upload files to my website, the file names get stored in a mysql database so they can be easily displayed. Right now any file the user uploads will get uploaded and placed in the database. Is it possible to make this script only allow files that end in .scx or .scm to be uploaded? Thanx for you help!

if ($upload == "yes") {

if ($userfile_name != "") {
	if (file_exists($userfile_name)) {
		echo "Sorry, that file has already been uploaded";
	}
	if (!file_exists($userfile_name)) {
		copy("$userfile", "/web/sites/291/vageeka/www.stardefenders.f2s.com/uploaded/$userfile_name") or die("Couldn't copy the file!");  


		$dbhost ="db.stardefenders.f2s.com";
		$dbuname="vageeka";
		$dbpass ="yajr135";
		$dbname ="vageeka";
		mysql_pconnect($dbhost, $dbuname, $dbpass) or die("Unable to connect to database");
		@mysql_select_db("$dbname") or die ("Unable to select database");

		$result = MYSQL_QUERY("INSERT INTO Maps VALUES('$userfile_name','public','$userfile_category','$userfile_tileset','$userfile_players','$userfile_submitter','$userfile_mapsize','$userfile_size','$userfile_description','0','0','0','NULL')") or die(mysql_error());

		mysql_close();
		echo "succesful file transfer<br><br>\n";
		echo "You uploaded <b>$userfile_name</b> from <b>$userfile</b>, it was <b>$userfile_size</b> things big!<br><br>\n";
	}
}
if ($userfile_name == "") {

	echo "Sorry, you did not select a file, please go back and do so now.\n";
}

}

tarwin

Why not try and do something simple like :

==========================

$userfile_name_ext = substr ($userfile_name, -4); // should return the last 4 characters of the file name

if ($userfile_name_ext == ".scx" OR $userfile_name_ext == ".scm"){
// do something with the file like copying it to the place its meant to be ... remember that if you don't do anything after this page has finished doing stuff the file will be deleted!
something!!!
}else{
// print an error "WRONG FILE TYPE" or
}

==========================

Hope this helps!

Anon

Assuming you have an html form somewhere that allows the user to select the file to upload, you can set the 'ACCEPT' variable of the form to the extensions you will allow. I believe this shows only files with those extensions when they browse. I haven't used it myself so I'm not sure of the syntax, but you should be able to find it out there. A bit easier I think than trying to handle it with php.