Upload Validation

[mattyvx]

Hi all,

 

I've been struggling to develop a robust image upload validation script. I have an area on my site where users can upload a profile picture into a directory so, to keep it clean and safe here is what I want:

 

1) Script must work in IE and Firefox

2) Script must only allow image files to be uploaded

3) Images shouldn't be unreasonable in size say 4mb max.

 

Currently i'm using this

 

if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 40000))
  {
  if ($_FILES["file"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
    }
  else
    {
    if (file_exists("profiles/images/$filegif"))
      {
unlink("profiles/images/$filegif");
      }  
    if (file_exists("profiles/images/$filejpeg"))
      {
unlink("profiles/images/$filejpeg");
      }
      move_uploaded_file($_FILES["file"]["tmp_name"],
      "profiles/images/" .$name);
     }

//.... send me email to let me view picture ....//

  }
  else
  {
  echo "Invalid file - Only Gif or Jpeg files may be uploaded.";
  
///... send me error message to let me know user having problems .../// 

  }
}

 

Some users upload fine (is this browser compatability?), mostly I get alot or error messages though and have to upload manually.

 

Thanks in advance!

[requinix]

You can't rely on the "type" in $_FILES. You should be determining it yourself, either by looking at the extension or by using a function like (the poorly named) getimagesize.

 

As for more specific help, it depends what those error messages say.