I'm having problem with this function.
I created this function to upload a file to a specific directory, the function is supposed to take into account only uploading allowed files but for some reason it is not preventing files that are not in the allowed files array from being uploaded.
Here is the code for the function. The top variables are all the global variables that config the uploader tool.
$extlimit = "yes";
$limitedext = array(".zip");
$sizelimit = "no";
$sizebytes = "200000";
function uploadfile($file, $path)
{
$filetmpname = $_FILES[$file]['tmp_name'];
$filename = $_FILES[$file]['name'];
$testfilename = $filename;
$justname = str_replace(".zip","",$filename);
$count = 1;
if ($testfilename != "")
{
if (($sizelimit == "yes") && ($file_size > $sizebytes))
{
failure("Failed");
print " File size exeeded.";
return false;
}
$ext = strrchr($filename,'.');
if (($extlimit == "yes") && (!in_array($ext,$limitedext)))
{
failure("Failed");
print " Unsupported file extension.";
return false;
}
while (file_exists("$path/$testfilename"))
{
$testfilename = $justname . "_" . $count . ".zip" ;
$count = (int)$count + 1;
}
if (!move_uploaded_file($filetmpname, "$path/$testfilename"))
{
failure("Failed");
print " Unable to copy the file $filename to $path/$filename ";
return false;
}
else
{
success("Successful");
print " File uploaded successfully";
return $testfilename;
}
}
else
{
failure("Failed");
print " No file selected";
return false;
}
}
I appreciate anyones help.
