1

Basically the code below is only allowing pictures through I have added .mov and .mp4 to the allow list however it still outputs that the file is not an image when uploaded; just wondered where I'm going wrong with this.

The post and the form:

<html>
<body>
    <form action="test.php?post=true" method="post" enctype="multipart/form-data">
        Select image to upload:
        <input type="file" name="fileToUpload" id="fileToUpload">
        <input type="submit" value="Upload" name="submit">
    </form>
</body>
</html>

<? 
$post = $_GET['post'];

if ($post == 'true') {
    $target_dir = "uploads/";
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = pathinfo($target_file, PATHINFO_EXTENSION);
    if (isset($_POST["submit"])) {
        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
        if ($check !== false) {
            echo "File is an image - " . $check["mime"] . ".";
            $uploadOk = 1;
        }
        else {
            echo "File is not an image.";
            $uploadOk = 0;
        }
    }

    // Check if file already exists

    if (file_exists($target_file)) {
        echo "Sorry, file already exists.";
        $uploadOk = 0;
    }

    // Check file size

    if ($_FILES["fileToUpload"]["size"] > 50000000) {
        echo "Sorry, your file is too large.";
        $uploadOk = 0;
    }

    // Allow certain file formats

    if ($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" && $imageFileType != "mp4" && $imageFileType != "mov") {
        echo "Sorry, only JPG, JPEG, PNG, MP4, MOV & GIF files are allowed.";
        $uploadOk = 0;
    }

    // Check if $uploadOk is set to 0 by an error

    if ($uploadOk == 0) {
        echo "Sorry, your file was not uploaded.";

        // if everything is ok, try to upload file

    }
    else {
        if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
            echo "The file " . basename($_FILES["fileToUpload"]["name"]) . " has been uploaded.";
        }
        else {
            echo "Sorry, there was an error uploading your file.";
        }
    }
}
?>
Ivar
  • 6,138
  • 12
  • 49
  • 61
Johnny
  • 319
  • 1
  • 14
  • Please format your code so we can ready it more easily. It's really hard to tell what belongs to what if/else. – Ivar Jan 22 '16 at 13:58
  • there's comments above most of the if statements – Johnny Jan 22 '16 at 14:00
  • Use MIME type checking for more security. – Naqash Malik Jan 22 '16 at 14:00
  • That doesn't matter. This code is unclear. Besides that it makes it harder to answer your question, it also doesn't really help people who have the same problem in the future. We are glad to help you but it would be nice if you could show some effort by at least showing good readable code. – Ivar Jan 22 '16 at 14:08
  • 1
    why shouldn't it? `getimagesize` doesn't work on videos. so if you upload an .mp4, it's going to PROPERLY report that it's not an image... And in spite of all the checking you're doing, the one thing you AREN'T checking for is whether the upload was successful. All of that processing is utterly useless if the upload failed outright... THere's a `['error']` parameter in $_FILES for a reason. – Marc B Jan 22 '16 at 14:37

1 Answers1

2

getimagesize

function will determine the size of any given image file and return the dimensions along with the file type and a height/width text string to be used inside a normal HTML IMG tag and the correspondent HTTP content type.

As it completly mention in document it will only work for image file.You are try to upload video file .mov and .mp4 that's the reason you get that error

For getting dimension of video file check How to get video duration, dimension and size in PHP?

Community
  • 1
  • 1
Saty
  • 22,443
  • 7
  • 33
  • 51