Hi there!

Two issues...

1. Trying to add a file extension check to a file upload script. Would like to allow three/four different extensions, but return an error message if it was the wrong extension.

I have the below to check a file was actually selected, is there a way I could either add to that, or create some new code to ensure only certain files can be uploaded.


if ($userfile == "none") {
require("header.php");
echo "You neglected to specify a file to upload. <br />Please use the back button to fill in reqired info.<br /><br />\n";
require("footer.php");
exit;


2. It would be cool to check if a file already exsists, and if it does, return an error message saying so and hence cancel the upload. Any ideas how?

Cheers loads!

See file_exists() (http://www.php.net/file_exists) and preg_match() (http://www.php.net/preg_match).


if(file_exists($_FILES["x"]["tmp_name"])){
exit("File already exists. Aborting...");
}
if(!preg_match("/\\.(jpg|gif|css|html?)$/", $_FILES["x"]["tmp_name"])){
exit("Invalid file extension. Upload aborted.");
}

I don't know much about regular expressions, but doesn't that preg_match allows .extention.exention?

Yes, it allows multiple extensions, however, if you'll notice the dollar-sign at the end, it should only allow for those particular extensions in the parentheses at the very end of the filename. ;) E.g...

C:\path\to\files\somefile.jpg would work.
C:\path\to\files\some.file.jpg would work.
C:\path\to\files\some.file would not work.
C:\path\to\files\some.jpg.file would not work.

This string, originally posted by Jona

preg_match("/\.(jpg|gif|css|html?)$/


is displayed by the forum software inside "php" tags like this:

preg_match("/\.(jpg|gif|css|html?)$/


You know, when I first read Jona's post I thought he had forgotten to "escape" the period before the file extensions by entering "\." instead of just ".". When I went to reply to his message, I noticed that the actual text that was quoted included the slash, but it wasn't displayed. Somehow the use of the "[php]" tag requires you to escape the escape like this "\\"!

Thanks for reminding me, Yuna, I've edited my post. This is a widely-known bug in vBulletin... At least, it is here. I simply forgot about it when posting.

This is a widely-known bug in vBulletin... At least, it is here.
Alright....:P
widely-known bug
Well, I don't know it, so who cares? lol
Jona, know widely to you :P

Originally posted by Jona
Yes, it allows multiple extensions, however, if you'll notice the dollar-sign at the end, it should only allow for those particular extensions in the parentheses at the very end of the filename. ;) E.g...

C:\path\to\files\somefile.jpg would work.
C:\path\to\files\some.file.jpg would work.
C:\path\to\files\some.file would not work.
C:\path\to\files\some.jpg.file would not work.

Okido :).

Originally posted by zachzach
Alright....:P

Well, I don't know it, so who cares? lol
Jona, know widely to you :P

There are a lot others who know about it. Ryan and Adam Brill, Cijori, Paul Jr, and Jick to name a few.

I was just joking! Yeesh :D

Originally posted by zachzach
I was just joking! Yeesh :D

My apologies if my response seemed irritably hasty.

Wow. Now you sound like Mr. Spok(Star Trek, of course[I might have spelled it wrong])
"That is very illogical"
:p

(sorry for my offtopic posts :D)

I'd ask who Mr. Spok is, but then we'd be getting even further off-topic; let's avoid that.

I'm either seriously tired, seriously dumb, or both today. :rolleyes: :confused:

Whats meant to go where the 'x' and the 'tmp_name' is and wheres the _files come from?

I modified this bit though:

preg_match("/\.(jpg|gif|css|html?)$/i"

adding an 'i' to make it case insensitive.

It's from the $_FILES global array. Read more on file uploading (http://us4.php.net/features.file-upload). The "X" is the name of the input of type "FILE," and the "tmp_name" is the temporary name of the file before it is copied/moved/renamed on the server, depending on how you handle the request.

Ok, so now I got


if(file_exists($_FILES["userfile"]["tmp_name"])){

require("header.php");
echo "A file is already on the server with that name.\n";
require("footer.php");
exit;


But now whenever I try to upload any file it tells me its already on the server, when I know it isn't.

Is this checking to see if the file already exsists in the tmp directory or somewhere else?

I'm trying to get it to check if the file alreay exsists where it gets copied to (/home/baswsc/public_html/uploads/) from the tmp directory later on down in the script.

So I tried

if(file_exists(/home/baswsc/public_html/uploads/$userfile_name)){

which returned an error so i tried:


$location = '/home/baswsc/public_html/uploads/';
if(file_exists($location/$userfile_name)){

&

$location = '/home/baswsc/public_html/uploads/$userfile_name';

if(file_exists($location)){

which when the script run, both reckoned the file didn't already exsist where I was telling it to look. And as the file is there, Im guessing I'm not telling it to look right.

The input field is named 'userfile' and the files get uploaded to a directory /uploads with the script itself being above that directory in the main folder.

Don't worry, I think I found my problem.

I was using ' instead of " and it wasn't getting me the $userfile_name.



:rolleyes:

lol, yup, im jus dumb.

The first thing you tried did not work because the file path must be enclosed in quotes — if it is not, PHP treats it like a constant. The second method did not work because the forward slash was not enclosed in quotes — the forward slash is the division operator in PHP. The third method did not work because PHP variables enclosed within single quotes are not parsed — echo '$foo'; will just echo out the string $foo.

$tmp_name = $_FILES['userfile']['tmp_name'];
if(file_exists('/home/baswsc/public_html/uploads/' . $tmp_name)){
require('header.php');
echo "A file is already on the server with that name.\n";
require('footer.php');
exit;
}

Something around that.


***EDIT***
Heh, beat me to it. ;)

Cheers loads everyone. :)

Glad to be of assistance.