check picture if it's a picture or not..

Chrysanthus

I made a upload picture script but one thing seams to be missing..

How to check if the chosen picture is a piture or not...

any ides on what syntax i shall use? any way here is my script

<?php 
session_start();
if (!isset($_SESSION['validuser'])) { 
header("Location: login.php"); 
exit;   

} 
include ("../management/mysqlcondbrr.php");
mysql_query("UPDATE reg_info SET loggedin='yes', aktiveusertime=NOW() WHERE username='{$_SESSION['username']}'");
mysql_query("UPDATE reg_info SET loggedin='no' WHERE loggedin='yes' AND NOW()>DATE_ADD(aktiveusertime, INTERVAL 10 MINUTE)");

$uploadaction=$_POST['uploadaction'];
$uploadpicture=$_FILES['imgfile'];

$insert =  $_POST['insert']; 
$username = $_SESSION['username'];
$usernameID = $_SESSION['regid'];
$password1 = $_POST['password1'];
$picturesize = $_FILES['imgfile']['size'];

## ifall submit inte har körts
if ($uploadaction == "uploadaction"){

$mysqlcon = "select * from reg_info where username = '$username' and password = MD5(\"$password1\")";
$result = mysql_query($mysqlcon) or die("Query failed"); 

## laddar upp kontroller för checkninge
$password1_control = 1;
$password2_control = 1;
$password3_control = 1;
$password4_control = 1;

$new_upload_picture11_control = 1;
$new_upload_picture12_control = 1;
$new_upload_picture13_control = 1;
$new_upload_picture14_control = 1;

## laddar upp bilden till dir
$picture_uploaddir = "../images/users/userpic$usernameID.jpg";  


## Tom password check
if($password1 == ""){
$password_error = "Ooops! - You forgot to enter your password.";
$password1_control = 0;
}
## Password minder en 4 tecken!
elseif(strlen($password1) < 4){
$password_error = "Ooops! - Your password should be at least 4 letters long.";
$password2_control = 0;
}
## Password storre en 4 tecken!
elseif(strlen($password1) > 20){
$password_error = "Ooops! - Your password can't be larger than 20 letters.";
$password3_control = 0;
}
## Fel password!
elseif (mysql_num_rows($result) == '0'){
$password_error = "Ooops! - Wrong password, try again!";
$password4_control = 0;
}
else {

## Ej selecterat en fil!
if (!file_exists($_FILES['imgfile']['tmp_name'])) {
$upload_error = "Ooops! - You forgot add a picture.";
$new_upload_picture11_control = 0;
}
## storlek på filen ej störe en 100kb
elseif ($picturesize > 102400) {
$upload_error = "Ooops! - Your picture was to big limit is 100kb.";
$new_upload_picture12_control = 0;
}
## Ifall dir inte funkar
elseif (!move_uploaded_file($_FILES['imgfile']['tmp_name'], $picture_uploaddir)){ 
$upload_error = "Error! - Error moving the uploaded picture.";
$new_upload_picture13_control = 0;
}
## Ifall upladningen gick fel
elseif (!is_uploaded_file($_FILES['imgfile']['tmp_name'])) {
$upload_ok = "Succes! - Picture uploaded.";
$new_upload_picture14_control = 0;
}
}
}
?> 

<form action="<?=$PHP_SELF?>" method="post" name="uploadpicture" enctype="multipart/form-data">
<input type="hidden" name="uploadaction" value="uploadaction">
<table border="0" cellpadding="0" cellspacing="0" align="left">
<tr>

<td align="left" class="bold" height="25">Username:</td><td width="15"></td><td class="bold"><?php echo $row['username']; ?></td>
</tr>
<tr>
<td width=100% colspan="3"><hr noshade></td>
</tr>
<tr>
<td align="left" class="bold" height="25">Upload picture:</td><td width="15"></td><td>

<input class="inputSidebar" type="File" name="imgfile" value="<?php
						if($new_upload_picture11_control != 0){ echo $_FILES['imgfile'];}
						elseif($new_upload_picture12_control !=0){ echo $_FILES['imgfile'];}
						elseif($new_upload_picture13_control !=0){ echo $_FILES['imgfile']['tmp_name'];}
						elseif($new_upload_picture14_control !=0){ echo $_FILES['imgfile']['tmp_name'];}
						else{ echo ''; }  ?>">&nbsp;<?php echo $upload_error ?></td>
</tr>
<tr>
<td width=100% colspan="3"><hr noshade></td>
</tr>
<tr>

<td align=left class="bold" height=25>Current Password:</td><td width="15"></td><td>

<input class="inputSidebar" type="password" name="password1" value="<?php
						if($password1_control != 0){ echo $_POST['password1'];}
						elseif($password2_control !=0){ echo $_POST['password1'];}
						elseif($password3_control !=0){ echo $_POST['password1'];}
						elseif($password4_control !=0){ echo $_POST['password1'];}

					else{ echo ''; }  ?>">&nbsp;<?php echo $password_error?></td>
</tr>
<tr>
<td align=left width=30 height=40></td><td width="15"></td><td>
<input class="button" type="submit" name="submit" value="Submit Changes">&nbsp;<?php echo $upload_ok ?></td>
<input type="hidden" name="insert" value="insert">
</tr>

</form>

Merve

Use [man]mime_content_type[/man] to get the mimetype and use [man]substr[/man] to get the first five letters of the mimetype. If the first five letters are 'image', then the file is an image.

Chrysanthus

I did some thing in this way but it dosen't work

but are i in the right way!

elseif (!mime_content_type('php.gif','php.jpg') || ($_FILES['imgfile']['tmp_name'])) {
$upload_error = "Ooops! - It has to be a picture format.";
$new_upload_picture11_control = 0;
}

Merve

You sure you only want to accept gif and jpg? What about png?

And mime_content_type does not accept variable-length argument lists.

Chrysanthus

gif and jpg to start with ...

And mime_content_type does not accept variable-length argument lists.

sow how should i do in then!

AstroTeg

If you really want to get fancy, you can look at and compare the binary data of the file. Those image formats almost always have a header (if I remember correctly). Its not overly important what's in the header. But the header will describe if the file is a PNG, JPG, or GIF. All you'd need to do is compare the first couple bytes of the file with what you would consider an acceptible image format. Although for this to work, you'll want to browse a good number of images you're interested in being able to handle to make sure your validation code is setup to handle them properly. I'll also admit this is all theory. In practice, this may not work, but something to think about...

Merve

Originally posted by AstroTeg
If you really want to get fancy, you can look at and compare the binary data of the file. Those image formats almost always have a header (if I remember correctly). Its not overly important what's in the header. But the header will describe if the file is a PNG, JPG, or GIF. All you'd need to do is compare the first couple bytes of the file with what you would consider an acceptible image format. Although for this to work, you'll want to browse a good number of images you're interested in being able to handle to make sure your validation code is setup to handle them properly. I'll also admit this is all theory. In practice, this may not work, but something to think about...

mime_content_type looks at the binary data of a file to determine its mimetype.

Chrysanthus, any image file will have image as the first five letters of its mimetype. It you only wish to accept jpg and gif, just look at the last 3 letters of the mimetype using substr.

Chrysanthus

okey thansk for the info

Sow some thing like this ?? okay the syntax is wrong but the ide? is right ?

elseif (substr($_FILES['imgfile'], -4) ==".jpg" && ".gif") {
$upload_error = "Ooops! - It has to be a picture format.";
$new_upload_picture12_control = 0;
}

Merve

elseif (substr(mime_content_type($_FILES
['imgfile']), -3) != "jpg" && "gif") {
$upload_error = "Ooops! - It has to be a picture format.";
$new_upload_picture12_control = 0;
}

Chrysanthus

i get this error always

mime_content_type() expects parameter 1 to be string, array given in

???

destop

Why not create an array of image types you want and then checking the $_FILES['fileName']['type'] against the array

eg:

$aImageTypes = array('jpeg' => 'image/jpeg', 'gif' => 'image/gif');
if (!in_array($_FILES['fileName']['type'], $aImageTypes)) {
// error stuff
} else {
//other stuff
}

Merve

Use a typecast then to make sure that the argument is a string.

Chrysanthus

this works fine for me...

the only problem is that gif are okey butt not jpg arggg....

what shall int be there ..

<?
elseif (substr($_FILES['imgfile']['name'], -3) != "gif" && "jpg") { 
$upload_error = "Ooops! - It has to be a picture format."; 
$new_upload_picture12_control = 0;

Chrysanthus

but i still want this to work...

i get this error when i run it!

Fatal error: mime_magic could not be initialized, magic file (null) is not avaliable in

elseif (substr(mime_content_type($_FILES ['imgfile']['name']), -3) != "jpg" && "gif") { 
$upload_error = "Ooops! - Wrong picture format, jpg or gif!"; 
$new_upload_picture12_control = 0;

what do that mean?