when i try to upload a file called africa.txt, the following code rejects it with the error:
Error:
The file that you uploaded was of a type that is not allowed, you are only allowed to upload files of the type:
.bmp (image/bmp)
.gif (image/gif)
.jpg, .jpeg (image/pjpeg)
.jpg, .jpeg (image/jpeg)
.png (image/png)
.html, .txt, .htm (text/plain)
.doc (application/msword)
.xls (application/vnd.ms-excel)
.ppt (application/vnd.ms-powerpoint)
.pdf (application/pdf)
but if i upload other files, like setup.txt, or index.html, it accepts it. what's going on?
$my_max_file_size = "102400"; # in bytes
$the_path = ".";
$registered_types = array(
"text/plain" => ".html, .txt, .htm",
"image/bmp" => ".bmp, .ico",
"image/gif" => ".gif",
"image/pjpeg" => ".jpg, .jpeg",
"image/jpeg" => ".jpg, .jpeg",
"image/png" => ".png",
"image/bmp" => ".bmp",
"application/msword" => ".doc",
"application/vnd.ms-excel" => ".xls",
"application/vnd.ms-powerpoint" => ".ppt",
"application/pdf" => ".pdf",
); # these are only a few examples, you can find many more!
$allowed_types = array("image/bmp","image/gif","image/pjpeg","image/jpeg","image/png","text/plain","application/msword", "application/vnd.ms-excel", "application/vnd.ms-powerpoint", "application/pdf");
function form($error=false) {
global $PHP_SELF,$my_max_file_size;
if ($error) print $error . "<br><br>";
print "\n<form ENCTYPE=\"multipart/form-data\" action=\"" . $PHP_SELF . "\" method=\"post\">";
print "\n<INPUT TYPE=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"" . $my_max_file_size . "\">";
print "\n<INPUT TYPE=\"hidden\" name=\"task\" value=\"upload\">";
print "\n<BR>NOTE: Max file size is " . ($my_max_file_size / 1024) . "KB";
print "\n<br><INPUT NAME=\"the_file\" TYPE=\"file\" SIZE=\"35\"><br>";
print "\n<input type=\"submit\" Value=\"Upload\"><br><br><hr>";
} # END form
--
if (!ereg("4",phpversion())) {
function in_array($needle,$haystack) { # we have this function in PHP4, so for you PHP3 people
for ($i=0; $i < count($haystack); $i++) {
if ($haystack[$i] == $needle) {
return true;
}
}
}
}
--
function validate_upload($the_file) {
global $my_max_file_size, $image_max_width, $image_max_height,$allowed_types,$the_file_type,$registered_types;
$start_error = "\n<b>Error:</b>\n<ul>";
if ($the_file == "none") { # do we even have a file?
$error .= "\n<li>You did not upload anything!</li>";
} else { # check if we are allowed to upload this file_type
if (!in_array($the_file_type,$allowed_types)) {
$error .= "\n<li>The file that you uploaded was of a type that is not allowed, you are only
allowed to upload files of the type:\n<ul>";
while ($type = current($allowed_types)) {
$error .= "\n<li>" . $registered_types[$type] . " (" . $type . ")</li>";
next($allowed_types);
}
$error .= "\n</ul>";
}
if (ereg("image",$the_file_type) && (in_array($the_file_type,$allowed_types))) {
$size = GetImageSize($the_file);
list($foo,$width,$bar,$height) = explode("\"",$size[3]);
}
if ($error) {
$error = $start_error . $error . "\n</ul>";
return $error;
} else {
return false;
}
}
} # END validate_upload
--
function list_files() {
global $the_path;
$handle = dir($the_path);
print "\n<b>Uploaded files:</b><br>";
while ($file = $handle->read()) {
if (($file != ".") && ($file != "..")) {
print "\n" . $file . "<br>";
}
}
print "<hr>";
}
--
function upload($the_file) {
global $the_path,$the_file_name;
$error = validate_upload($the_file);
if ($error) {
form($error);
} else { # cool, we can continue
if (!@copy($the_file, $the_path . "/" . $the_file_name)) {
form("\n<b>Something barfed, check the path to and the permissions for the upload directory</b>");
} else {
## list_files();
if ($title)
form();
