PHP File Upload

[UnKnOwNCoDe]

Im trying to use this code to allow users to upload files

PHP Code:

<?php
// define constant which contains the maximum file size in bytes
define('MAX_FILE_SIZE', 4000000);

if (array_key_exists('btn', $_POST)) {

// define new constant which contains the path the the upload folder
define('UPL_FLD','uploads/');

//Find the extension
$flext = pathinfo($_FILES['frmfile']['name']);
$ext = strtolower($flext['extension']);

// create new file name
$file = str_replace(' ', '_', $_POST['frmname'].'.'.$ext);
$file = strtolower($file);

// create variable and assign the formatted value of MAX_FILE_SIZE to it
$maxfs = number_format(MAX_FILE_SIZE/1024, 1).'KB';
$fsize = false;

// check the file size
if ($_FILES['frmfile']['size'] > 0 && $_FILES['frmfile']['size'] <= MAX_FILE_SIZE) {

    $fsize = true;

}

// allow MIME file types
$filetype = array('image/gif','image/jpeg','image/pjpeg','image/png');
$ftype = false;

// check if uploaded file type is allowed
foreach($filetype as $type) {

    if ($type == $_FILES['frmfile']['type']) {
    
        $ftype = true;
        break;
    
    }

}

if ($ftype && $fsize && $_POST['frmname'] != '') {

    switch($_FILES['frmfile']['error']) {
    
        case 0:
        // move file to the upload folder
        $upload = move_uploaded_file($_FILES['frmfile']['tmp_name'],UPL_FLD.$file);
        if ($upload) {
        
            $msg = $_FILES['frmfile']['name'].' uploaded successfully';
            
        } else {
        
            $msg = 'Error.<br />Please try again.';
        }
        break;
        
        case 3:
        $msg = 'Error.<br />Please try again.';
        break;
        
        default:
        $msg = 'Error - please contact administrator';
        
    }
        
        
} elseif ($_FILES['frmfile']['error'] == 4) {

    $msg = 'Please select file';

} elseif ($_POST['frmname'] == '') {

    $msg = 'Please provide your full name';
    
} else {

    $msg = $_FILES['frmfile']['name'].' cannot be uploaded.<br />';
            if(!$ftype) {
                $msg .= 'Acceptable file formats are: .gif, .jpg, .png<br />';
            }
            if(!$fsize) {
                $msg .= 'Maximum file size is '.$maxfs;
            }

}

}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>File upload</title>
<style type="text/css">
<!--
body {
    font-family:Arial, Helvetica, sans-serif;
    font-size:10pt;
    color:#444;
}
#frm_upload, #tbl_upload, #btn, #sbm {
    margin:0px;
    padding:0px;
}
#tbl_upload {
    border-top:solid 1px #aaa;
    border-left:solid 1px #aaa;
}
#tbl_upload th, #tbl_upload td {
    border-right:solid 1px #aaa;
    border-bottom:solid 1px #aaa;
    text-align:left;
    vertical-align:top;
}
#tbl_upload th {
    padding:3px 10px 0px 10px;
    background-color:#f1f1f1;
    font-weight:bold;
}
#tbl_upload td {
    padding:3px;
}
.frmfld {
    border:1px solid #aaa;
    width:300px;
}
#btn, #sbm {
    height:20px;
    width:120px;
    display:block;
}
#btn {
    background-color:transparent;
    border:none;
    cursor:pointer;
}
#sbm {
    border:solid 1px #aaa;
    background:url(button.gif) repeat-x 0px 50%;
}
.warning {
    color:#990000;
    font-weight:bold;
}
-->
</style>
</head>

<body>

<?php if(isset($msg)) { echo '<p class="warning">'.$msg.'</p>'; } ?>

<form action="" method="post" enctype="multipart/form-data" name="frm_upload" id="frm_upload">
  <table border="0" cellspacing="0" cellpadding="0" id="tbl_upload">
    <tr>
      <th scope="row"><label for="frmname">Full name:</label></th>
      <td><input type="text" name="frmname" id="frmname" class="frmfld" /></td>
    </tr>
    <tr>
      <th scope="row"><label for="frmfile">File:</label></th>
      <td>
      <input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
      <input name="frmfile" type="file" id="frmfile" size="30" /></td>
    </tr>
    <tr>
      <th scope="row">&nbsp;</th>
      <td>
      <label for="btn" id="sbm">
      <input type="submit" name="btn" id="btn" value="Upload" />
      </label>
      </td>
    </tr>
  </table>
</form>

</body>
</html>

the file types i want to allow to be uploaded it .za and .bsp so I edit this part of the code

PHP Code:

// allow MIME file types
$filetype = array('image/gif','image/jpeg','image/pjpeg','image/png');
$ftype = false; 


To

PHP Code:

// allow MIME file types
$filetype = array('.za','.bsp');
$ftype = false; 


and it still isnt working. any ideas why? I get the error the extension is not allowed..

[dclamp]

Please edit your post using [php][/php] tags.

When you do that i will take a look at your question..

[I_Love_My_Vans]

Sorry to bump, I agree, it looks awful. Wrap it in [php] tags...

[the182guy]

Apart from PHP tags it needs indenting so that people can see where your ifs/switches are in relation to eachother.

Secondly the big block of CSS is not relevant so it's just making your post look even more ugly.

Thirdly don't rely on the MIME type (image/jpg, image/gif) to check the file because this can easily be forged.

[penagate]

The code actually is already indented. I've added the PHP tags for you.

[UnKnOwNCoDe]

Sorry I posted it right before I went to bed and just waking up now. Thanks Penegate.

The website is only going to be used by a few people. All I would like to know is why am I being given the error.

[UnKnOwNCoDe]

Nvm, I figured out what was wrong. Thx anyway.

[StrangerInBeijing]

How about sharing the solution, for other's that come across this post in future?

[UnKnOwNCoDe]

Changed

Code:

$filetype = array('.za','.bsp');

to

Code:

$filetype = array('package/.za','package/.bsp');