Possible Duplicate:
How to check if an uploaded file is an image without mime type?
uploading, processing, storing and delivering user-provided files and images
i have image sharing script, i made half of it. the user can rename any php or cgi file to .jpg and upload it and it upload succfully
How to prevent uploading such fake images?
here is my way to check the file type
$userfile_type = $_FILES['file']['type'];
and when i rename php file to php.jpg it can be uploaded easly.
// return mime type ala mimetype extension
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$type = finfo_file($finfo, $tmp_name);
finfo_close($finfo);
This is the server giving you the type of the file and not the browser as in your example.
With GD you can do something like getimagesize() which returns zero if the file is not an image
EDIT: "getimagesize is not a GD library function. It's native to PHP" Thanks Vivek
Happy coding !!
Use imagemagic and check the image info
One of the best ways of doing it is using http://php.net/manual/en/ref.fileinfo.php
You can use getimagesize() to check for the image size. False is return if the function is not able to get the size. Even better if you can use GD library and use imagecreatefromstring() function to see whether it is a real image.
php.net's example :
if (exif_imagetype('image.gif') != IMAGETYPE_GIF) {
echo 'The picture is not a gif';
}
also this is directly from the php.net page I linked:
*If the function exif_imagetype() is not available; you can try the following workaround:*
if ( ! function_exists( 'exif_imagetype' ) ) {
function exif_imagetype ( $filename ) {
if ( ( list($width, $height, $type, $attr) = getimagesize( $filename ) ) !== false )
{
return $type;
}
return false;
}
}
