URGENT! Tutorial system, avatars.....

drcrazy4

Ok this is URGENT. I am releasing a tutorial site in a few days and I have this big tutorial submission bug that is haunting me.

The point is that the user can leave the avatar upload field blank if they want but when they choose an avatar it says 'That filetype is not allowed'. I am really desperate for help. Here is the code:

<?
require("config.php");

$png = '';

if($_POST['submit'])
{
if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== FALSE)
{
   $png = 'image/x-png';
}
else
{
   $png = 'image/png';
}
	$name = htmlspecialchars(strip_tags(addslashes($_POST['name'])));
	$description = htmlspecialchars(strip_tags(addslashes($_POST['description'])));
	$url = htmlspecialchars(strip_tags(addslashes($_POST['url'])));
	$author = htmlspecialchars(strip_tags(addslashes($_POST['author'])));
	$category = $_POST['category'];
	$ip = $_SERVER['remote_host'];
	$date = date("d.m.Y");

$avatar = $_FILES['avatar']['name'];

if($name == "" || $description == "" || $url == "" || $author == "")
{
	echo '<table width="100%"  border="0" cellpadding="3" cellspacing="1" class="tablebg">
		  <tr>
			<td class="bar1">Error</td>
		  </tr>
		  <tr>
			<td class="row1">A required field was left blank. Click <a href="javascript:history.go(-1)">here</a> to go back and try again.</td>
		  </tr>
		</table>';
}
elseif($avatar != "" && $name != "" && $description != "" && $url != "" && $author != "")
{
	$uploads = dirname(__FILE__)."/avatars/";
	$filetype = $_FILES['avatar']['filetype'];
	if ($filetype != 'image/gif' || $filetype != 'image/jpg' || $filetype != $png) 
	{
	echo '<table width="100%"  border="0" cellpadding="3" cellspacing="1" class="tablebg">
		  <tr>
			<td class="bar1">Error</td>
		  </tr>
		  <tr>
			<td class="row1">That filetype is not allowed. Click <a href="javascript:history.go(-1)">here</a> to go back and try again</td>
		  </tr>
		</table>'; 
	}
	elseif($filetype == 'image/gif' || $filetype == 'image/jpg' || $filetype == $png)
	{
		$filename = rand(1000,99000).$_FILES['avatar']['name'];
		copy($_FILES['avatar']['tmp_name'],$uploads.$filename) or die(); 

		$insert = mysql_query("INSERT INTO tutorials (name, url, description, author, file, category, ip) VALUES ('$name','$url','$description','$author','$filename','$category','$ip')") or die(mysql_error()); 
		echo '<table width="100%"  border="0" cellpadding="3" cellspacing="1" class="tablebg">
			  <tr>
				<td class="bar1">Success</td>
			  </tr>
			  <tr>
				<td class="row1">Tutorial successfully added. It will soon be approved my an Administrator if it is suitable.</td>
			  </tr>
			</table>';
	}
}
elseif($avatar == "" && $name != "" && $description != "" && $url != "" && $author != "")
{
	$filename = "noav.gif";
	$insert = mysql_query("INSERT INTO tutorials (name, url, description, author, file, category, ip) VALUES ('$name','$url','$description','$author','$filename','$category','$ip')") or die(mysql_error()); 
	echo '<table width="100%"  border="0" cellpadding="3" cellspacing="1" class="tablebg">
		  <tr>
			<td class="bar1">Success</td>
		  </tr>
		  <tr>
			<td class="row1">Tutorial successfully added. It will soon be approved my an Administrator if it is suitable.</td>
		  </tr>
		</table>';
}
}
else
{
	?>
	<table width="100%"  border="0" cellpadding="3" cellspacing="1" class="tablebg"><form method="POST" enctype="multipart/form-data" action="index.php?act=addtut">
		  <tr>
			<td class="bar1">Submit Tutorial</td>
		  </tr>
		  <tr>
			<td class="row1">You can submit your tutorials here. Avatars must be sized 40x40 pixels.Your tutorial will be approved by an admin if suitable. Mis-use of this system will result in IP banning and any tutorials posted on the IP will be deleted. All fields with stars next to them are required.<p>Tutorial Name*: <input type="text" name="name"><br>Description*: <input type="text" name="description"><br>Category*: <select name="category">
	<?
	$getcats = mysql_query("SELECT * FROM categories ORDER BY name ASC"); 
				while ($cat = mysql_fetch_array($getcats)) { 
		echo '<option value="'.$cat[name].'">'.$cat[name].'</option>'; 
	} 
	?></select><br>Link*: <input type="text" name="url"><br>Author*: <input type="text" name="author"><br>Avatar: <input type="file" name="avatar"><br><span class="row2">* = Required Field</a><br><input type="submit" name="submit" value="Submit"></td>
		  </tr></form>
		</table>
	<?
}
?>

cheerio

$filetype = $_FILES['avatar']['filetype'];

Use this:

$filetype = $_FILES['avatar']['type'];

Weedpacket

If these are image files, use [man]getimagesize[/man] to get the image type, because it's not fooled by clients who mess up or lie about the MIME types of the files they're sending.