0

Possible Duplicate:
How to restrict <input type=“file”> so that it can only select .pdf files?

My upload form is

<form action="chainresult.php" method="post" enctype="multipart/form-data" />
   <div>  Upload a PDB file :  <br />
   <input type="hidden" name="MAX_FILE_SIZE" value="10485760"/>
   <input type="file" name="userfile" id="userfile" size="50000000" /><br />
   <input type="submit" value="GET SEQUENCE" />  </div>
</form>

I want to accept only file named four letters with .pdb extention, like "ABCD.pdb" , how can i achieve this?
upload.php is 

<?php  
    $upfile = 'uploads/'.$_FILES['userfile']['name'];  if (is_uploaded_file($_FILES['userfile']['tmp_name']))  
    {  
    if (!move_uploaded_file($_FILES['userfile']['tmp_name'],upfile))  
    {  
    echo 'Problem: Could not move file to destination directory';  
    exit;  
    }  
    }  
    else  
    {  
    echo 'Problem: Possible file upload attack. Filename: ';  
    echo $_FILES['userfile']['name'];  
    exit;  
    }   ?>
Community
  • 1
  • 1
  • What code have you in chainresult.php? – Aurelio De Rosa Dec 28 '11 at 03:31
  • http://stackoverflow.com/questions/4634159/how-to-restrict-input-type-file-so-that-it-can-only-select-pdf-files http://stackoverflow.com/questions/4328947/limit-file-format-when-using-input-type-file http://stackoverflow.com/questions/7897576/restrict-file-type-and-size-in-php-form-upload – random Dec 28 '11 at 03:32

3 Answers3

0

you have a choice. when the file is uploaded, it is given a temp name and stored in a temp and then upon approval - depending on your code - moved and given either the upload name (by default) or, 4 letters as you prescribe. here's the bigger issue... overwrites? 4 letters does not allow you much variety - if you are on a mickeysoft.... yikes! and can be really messy on retrieval if you transcribe case to lower on Linux (preferred).

spiffywebtools
  • 77
  • 4
0

you can add these lines at the top of upload.php

$name=$_FILES['userfile']['name']; 
$ext=substr($name,-3);
if(strlen($name)>8 || $ext!='pdb') 
{ 
echo 'file name is either more than 4 character or the extension is not supported'; 
exit; 
}

this will check whether the file name is less than or equal to 8 characters (4 char of file name 1 of the . and 3 of the extension hence 4+1+3)

you can validate through javascript also

<script type="text/javascript">
        function validate()
{
    var flag=true;
    var fullName=document.getElementById('userfile').value;
    file=fullName.match(/([^\/\\]+)$/g);
    ex=file[0].match(/[^.]+$/);
    if(file[0].length>8 || ex!='pdb')
    {
        alert('file Name or extension not supported');
        flag=false;
    }

    return flag;
}
</script>
<form action="chainresult.php" method="post" enctype="multipart/form-data" onSubmit="return validate();" >
   <div>  Upload a PDB file :  <br />
   <input type="hidden" name="MAX_FILE_SIZE" value="10485760"/>
   <input type="file" name="userfile" id="userfile" size="50000000" /><br />
   <input type="submit" value="GET SEQUENCE" />  </div>
</form>
ahhmarr
  • 2,296
  • 4
  • 27
  • 30
  • This solved the problem. Showing error. Thank you, but still it is accepting file. –  Dec 28 '11 at 05:41
  • but it will not upload it. if you want to validate file name without sending it to the upload.php then you can use javascript (note:using javascript is not a sure shot method as a user can easily turn off javascript and bypass the validation) – ahhmarr Dec 28 '11 at 19:57
0

The same as ahhmarr said but i'm using this function to determine file extension: 

function getExtension($str){
    $i = strrpos($str,'.');
    if(!$i)
        return '';

    $l = strlen($str) - $i;
    $ext = substr($str, $i+1, $l);
    return $ext;
}

$name = $_FILES['userfile']['name'];
$ext  = getExtension($name);
arma
  • 4,084
  • 10
  • 48
  • 63