Results 1 to 2 of 2

Thread: PHP Script Uploads despite error

  1. 02 Jan 2010, 04:57 AM #1
    oddball25
    oddball25 is offline Established Member
    Join Date
    Dec 2009
    Posts
    14

    PHP Script Uploads despite error

    Hey

    I have a php upload script that i am using which works ok, when the criteria has not been met, it echo's back to the user the problem, however the file still uploads to the server anyway despite saying the conditions haven't been met. Can anyone shed some light on this?

    Code:
    <?php
//define a maxim size for the uploaded images in Kb
 define ("MAX_SIZE","7000");
 
 //define a minim size for the uploaded images in Kb
 define ("MIN_SIZE","100");

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found) 
//and it will be changed to 1 if an errro occures. 
//If the error occures the file will not be uploaded.
 $errors=0;
//checks if the form has been submitted
 if(isset($_POST['Submit']))
 {
     //reads the name of the file the user submitted for uploading
     $image=$_FILES['image']['name'];
     //if it is not empty
     if ($image)
     {
     //get the original name of the file from the clients machine
         $filename = stripslashes($_FILES['image']['name']);
     //get the extension of the file in a lower case format
          $extension = getExtension($filename);
         $extension = strtolower($extension);
     //if it is not a known extension, we will suppose it is an error and will not  upload the file, 
    //otherwise we will do more tests
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "tif"))
         {
        //print error message
             echo '<h1>Unknown extension!</h1>';
             $errors=1;
         }
         else
         {
//get the size of the image in bytes
 //$_FILES['image']['tmp_name'] is the temporary filename of the file
 //in which the uploaded file was stored on the server
 $size=filesize($_FILES['image']['tmp_name']);

//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
    echo '<h1>You have exceeded the size limit!</h1>';
    $errors=1;
}

if ($size < MIN_SIZE*1024)
{
    echo '<h1>You have not met the minimum size limit!</h1>';
    $errors=1;
}

//we will give an unique name, for example the time in unix time format
$image_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="images/".$image_name;
//we verify if the image has been uploaded, and print error instead
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied)
{
    echo '<h1>Copy unsuccessfull!</h1>';
    $errors=1;
}}}}

//If no errors registred, print the success message
 if(isset($_POST['Submit']) && !$errors)
 {
     echo "<h1>File Uploaded Successfully!</h1>";
 }

 ?>
    Reply With Quote Reply With Quote
  2. 04 Jan 2010, 04:20 AM #2
    is_numeric's Avatar
    is_numeric
    is_numeric is offline Moderator
    Join Date
    Apr 2009
    Location
    The toon
    Posts
    1,225
    should this not be OR ( || ) instead of &&

    PHP Code:
    if (($extension != "jpg") || ($extension != "jpeg") || ($extension != "tif")) 
    Pass IT Certification
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules