Uploading stuff

y4m4

I have this,

<?php

$uploadDir = 'uploads/';
$uploadFile = $uploadDir . $_FILES['userfile']['name']['picture'];
print "<pre>";
if ($_FILES['userfile']['type'] != 'application/x-kdelnk')
if ($_FILES['userfile']['type'] != 'application/x-php3-preprocessed')
if ($_FILES['userfile']['type'] != 'application/x-php3')
if ($_FILES['userfile']['type'] != 'application/x-shellscript')
if ($_FILES['userfile']['type'] != 'application/x-rx')
if ($_FILES['userfile']['type'] != 'application/x-sh')
if ($_FILES['userfile']['type'] != 'application/core')
if ($_FILES['userfile']['type'] != 'application/x-executable')
if ($_FILES['userfile']['type'] != 'application/x-php')
if ($_FILES['userfile']['type'] != 'text/php')
if ($_FILES['userfile']['type'] != 'application/x-httpd-php')
if ($_FILES['userfile']['type'] != 'application/php')
if ($_FILES['userfile']['type'] != 'magnus-internal/shellcgi')
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadFile))
{
    print "File is valid, and was successfully uploaded. ";
    print "Here's some more debugging info:\n";
    print_r($_FILES);
}

else
{
    print "Possible file upload attack!  Here's some debugging info:\n";
    print_r($_FILES);
}
print "</pre>";
?>
<html>
<head>
<meta http-equiv="refresh" content="5;url=upload.php">
</head>
<body><p>
Redirecting to <a href="upload.php">Upload</a>
</body>
</html>

I've been messing around with "or" and functions and I just can't get it to work right. I would like to get all those "if"s into one line and then have it upload the file. It isn't working out the way I want it to. Right now it works as far as limiting the files uploaded and it does upload but it messes up the name. Lets say I upload a file called text.txt it will get renamed "t" nothing more.

Thanks for the help.

poison

try this one

$disallowed=array('application/x-kdelnk', 'application/x-php3-preprocessed', 'application/x-php3', 'application/x-shellscript', 'application/x-rx', 'application/x-sh', 'application/core', 'application/x-executable', 'application/x-php', 'text/php', 'application/x-httpd-php', 'application/php', 'magnus-internal/shellcgi');
if (!in_array($_FILES['userfile']['type'], $disallowed)) {
	doWhatEverYouWant (); // =P
} else {
	luserTriedSillyStuffAlert();
}

sure, the file gets renamed
what would happen if somebody uploads a file with a filename already existing (your code doesn't seem to care about it ^⁾ ?

the original name is stored in $_FILES['userfile']['name'] and you can rename the file if you wish to...
regards =D