Hi all, I found a simple file upload script I want to incorporate in my site so users can post images with their text posts. I got it working but for security purposes I would like to simply append .jpg to the end of whatever filename they upload. So if they upload:

gimmedatpassword.cgi

The file will be renamed to:

gimmedatpassword.cgi.jpg

My thoughts behind this are to prevent files from being interpreted as anything but JPG. Can you guys figure out how to add .jpg to the filename? I guess I don't quite understand whats going on well enough in the script to be able to myself. Its fairly small:

Here is the input html form:

<form action="upload.php" method="post" enctype="multipart/form-data">
<input type="file" name="userfile"><p>
<input type="submit" value="Upload File">
</form>

Here is the php script which uploads the file:

<?php

// check the filesize
if($_FILES['userfile']['size'] > 2000000)
{
echo "The file is too big! It must be less than or equal to 20 Kilobytes";
exit;
}

if(is_uploaded_file($FILES['userfile']['tmp_name'
]))
{
move_uploaded_file($FILES['userfile']['tmp_name']
,'uploads/'.$_FILES['userfile']['name']);
echo "upload completed!";
}
else
{
echo "<b>ERROR</b>";
}

?>

any help appricated, thanks!

Thanks it worked, I love this forum! Okey I have another question, is there any way for me to replace their filename with my own? So say they upload:

blingbling.jpg

The input form will pass the php script a dynamic variable assigned by the database called $filename. So if the result of the database query equals:

yoyo

The filename would be

yoyo.jpg

Hope I am making some sense.

Heres the new input form:

<form action="upload.php?filename=$filename method="post" enctype="multipart/form-data">
<input type="file" name="userfile">
<input type="submit" value="Upload Picture">
</form>

example from the manual

<?php
rename("/tmp/tmp_file.txt", "/home/user/login/docs/my_file.txt");
?>

Ive tried using rename but havent had any luck, If the values were strings It would be no problem but they are something wierd, array elements? Im not sure, am i going in the right direction with this?

<?php

// check the filesize
if($_FILES['userfile']['size'] > 2000000)
{
echo "The file is too big! It must be less than or equal to 20 Kilobytes";
exit;
}

if(is_uploaded_file($_FILES['userfile']['tmp_name'
]))
{

// rename the file to another value
$yoyo1=yoyo;
rename("$name", "$yoyo1");

move_uploaded_file($FILES['userfile']['tmp_name']
,'uploads/'.$FILES['userfile']['name'].'.jpg');
echo "upload completed! If you are not redirected automatically <a href=postclass.php?image1test=PASS><b>click here</b></a><br>$userfile <br>$name<br>$size<br>$userfile";
}
else
{
echo "<b>ERROR</b>";
}

?>

is this what you wanted

$yoyo1=yoyo;

or did you want this

$yoyo1="yoyo";

and where is $name coming from

Well I don't think $name is a variable I was just trying to replace 'name' in this chunk of code:

,'uploads/'.$_FILES['userfile']['name'].'.jpg');
echo "upload completed! If you are not redirected automatically <a href=postclass.php?image1test=PASS><b>click here</b></a><br>$userfile <br>$name<br>$size<br>$userfile";

All im trying to accomplish is replace the file name they use with a variable

You can rename the file to whatever you want during the move_uploaded_file() - you don't have to use $_FILES['userfile']['name'].

Basically, heres what you want:

move_uploaded_file($_FILES['userfile']['tmp_name'],$filename.".jpg");

Oh and btw, I noticed that when you check the filesize, 2000000 is a bit big for 20Kb.
The correct value should be 20480.

lol 2mb = 20kb? I must have gotten excitied and hit the 0 too many times. Anyway I got the file renaming to work, thanks alot guys!!!!

WHy not set your max filesize...

$maxfilesize=2000000;
$kb=$maxfilesize/1024;

So you can always get the correct value...