CRITIQUE ME: File upload

Anon

Can someone please critique this file upload. What I am interested in getting this php script to be more flexible because for some reason, it is not allowing some jpegs to be uploaded - it's very particular.

Thanks for your help.

<?PHP
session_start();
include("dblib.inc");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<head>
<title>Uploading your potrait</title>
<Link href="arial.css" rel=stylesheet title=arial type=text/css>

<body>
<img src="pics/logo.gif">
 
<H3>Portrait Picture</h3>
<?PHP
//defines location
$filedir = "c:/phpweb/userpics";
$picdir = "/userpics";

//check for jpeg image type
if($fupload_type =="image/pjpeg")
{
//copies picture to new directory and renames to username
if(copy($fupload,"$filedir/$CUserName.jpg"))
{
print ("Hey Goodlooking! Your picture has been uploaded correctly ");
print "<table border=1>
<TR>
<TD height=\"300\" width=\"300\" align=\"center\">";
print ("<img src=\"$picdir/$CUserName.jpg\" height=\"210\" width=\"150\">");
print"</td>
</tr></table>";
print " <a href=\"memberprofile.php?$PHPSESSID\">Home</a>";
print " <a href=\"fupload.php\">Upload again</a> ";
//adds 'yes' to database so user can search only profiles with pictures.
$query="UPDATE clients SET CPicture='yes' WHERE CUserName='$CUserName'";
//FAILED PROCESS
if(!mysql_query($query))
{
print "A process has failed during the update. Please report this incident to the Web Master <a href=\"mailto:mjyuen@hotmail.com\">mjyuen@hotmail.com</a> ";
print " <a href=\"memberprofile.php?$PHPSESSID\">Home</a>";
return false;
}
return true;
}
die ("Error in uploading. Please try again");

else
{
//PRINTS IF PICTURE IS ANYTHING BUT JPEG FORMAT
print "In order to show off your qualities to the fullest extent. LDSAlberta.com currently only acceptes pictures in JPEG format which have the highest color quality and in turn show you off the best!";
print " <a href=\"memberprofile.php?$PHPSESSID\">Home</a>";
print " <a href=\"fupload.php\">Upload again</a> ";
}
unlink($fupload);
mysql_close();
?>
</body>

[deleted]

Are the failing images perhaps too big? do they have a bad filename?

Anon

It's weird, first I thought it was just some versions of Netscape because it would change the format of the jpeg image to a mozilla jpeg image when uploading. According to some research on the web, others have the same problem and it's a Netscape browser issue.

The picture is big but within the parameters of the max upload size. The file name from what I was told they used looked ok to me too (they used MOMMY).

So by looking at the script I provided, it looks ok at first glance?

[deleted]

Why are you checking for type image/pjpeg? shouldn't you also be allowing image/jpeg to be uploaded?