|
PHP - Restrict File Extensions?
Hi. I'm making a file-sharing website but how do I stop users from uploading certain extensions?
Here is my script so far: <?php session_start(); $file_name = $HTTP_POST_FILES['ufile']['name'];$random_digit=rand(0000,9999);$new_file_name=$random_digit.$file_name;$path= "upload/".$new_file_name;if($ufile !=none){if(copy($HTTP_POST_FILES['ufile']['tmp_name'], $path)){echo "Successful<BR/>";}else{echo "Error";}}?>() Similar Tutorials
How do I only allow jpg and png file extensions to be uploaded as a attachment. My current code is below
$msg = '';
if (array_key_exists('userfile', $_FILES)) {
// create object of PHPMailer class with boolean parameter which sets/unsets exception.
$mail = new PHPMailer(true);
try {
//$mail->isSMTP(); // using SMTP protocol
$mail->Host = 'host'; // SMTP host as gmail
$mail->SMTPAuth = true; // enable smtp authentication
$mail->Username = 'emailaddress'; // sender gmail host
$mail->Password = 'emailpassword'; // sender gmail host password
$mail->SMTPSecure = 'ssl'; // for encrypted connection
$mail->Port = 587; // port for SMTP
$mail->setFrom('emailaddress', "Name"); // sender's email and name
$mail->addAddress('emailaddress', "Name"); // receiver's email and name
$attachmentNames = [];
//Attach multiple files one by one
for ($ct = 0; $ct < count($_FILES['userfile']['tmp_name']); $ct++) {
$uploadfile = tempnam(sys_get_temp_dir(), hash('sha256', $_FILES['userfile']['name'][$ct]));
$filename = $_FILES['userfile']['name'][$ct];
if (move_uploaded_file($_FILES['userfile']['tmp_name'][$ct], $uploadfile)) {
if(isset($uploadfile))
$mail->addAttachment($uploadfile, $filename);
$attachmentNames[] = $_FILES['userfile']['name'][$ct];
} else {
$msg .= 'Failed to move file to ' . $uploadfile;
}
}
Hiya, Firstly, I'm a complete novice, apologies! But I have got my upload.php working which is nice. I will post the code below. However, I would now like to restrict the file size and file type to only word documents. I currently have a restriction of 200KB but it's not working - no idea why as I've looked at other similar codes and they look the same. Also, just to complicate things - can I stop files overwriting each other when uploaded? At the moment, if 2 people upload files with the same name one will overwrite the other. Is this too many questions in 1? Any help is very much appreciated! Code below: Code: [Select] <form enctype="multipart/form-data" action="careers.php" method="POST"> Please choose a file: <input name="uploaded" type="file" /><br /> <input type="submit" value="Upload" /> </form> <?php $target = "upload/"; $target = $target . basename( $_FILES['uploaded']['name']) ; $ok=1; //This is our size condition if ($uploaded_size > 200) { echo "Your file is too large.<br>"; $ok=0; } //This is our limit file type condition if ($uploaded_type =="text/php") { echo "No PHP files<br>"; $ok=0; } //Here we check that $ok was not set to 0 by an error if ($ok==0) { Echo "Sorry your file was not uploaded"; } //If everything is ok we try to upload it else { if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "Your file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded."; } else { echo "Sorry, there was a problem uploading your file."; } } ?> Hello one and all, Just a quick request here, I've written a script that sends an email with an attached file by the user. (docx, txt, pdf, doc, rtf) are the formats I have accepted. At the moment I'm sending them with the following... Code: [Select] $fileatt_type = "application/pdf"; // File Type It works fine with all formats in older email clients, i.e, like yahoo before they updated the layout, but in the newer versions it's specific and if I try to send it this way it is always delivered as a .PDF and doesn't open if it is any of the other formats. It may sound silly but I've searched a fair bit for the other extensions or formats to include instead of the above code (maybe something like application/doc or something) but there doesn't seem to be a list. Can anyone point me in the right direction? Much obliged, PHP the learned. I have solved this now. I want these two extensions to work together Note that the plugin has 2 codes 1 https://wordpress.org/plugins/qty-increment-buttons-for-woocommerce/ 2 https://wordpress.org/plugins/woo-product-price-x-quantity-preview/#installation By default, PHP comes with some extensions disabled. Question 1: Is there a command (via command-line) to enable ALL extensions? Question 2: Are there any drawbacks to having all extensions enabled (e.g. slows it down, conflicts, etc.)? Thank you. Hello
So I want to try and match everything preceding a file extension in a string using preg_match.
An example file name: "Images_home_blah.blah.jpg" .
I've tried the following regex:
/^([a-z0-9_\-\.]+)(?!\.jpg)/iBut this sadly appears to capture the whole string instead of ignoring the '.jpg' part. Can anyone point me in the right direction? Thanks, Drongo Hey guys i have a script that i made with multiple permissions.. i need to add in the pages restitutions for diffrent levels.. so i got the level $query = "SELECT * FROM users WHERE `username`='$username_from_cookie'"; $numresults=mysql_query($query); $numrows=mysql_num_rows($numresults); // get results $result = mysql_query($query) or die("Couldn't execute query"); // now you can display the results returned while ($row10= mysql_fetch_array($result)) { $permissions= $row10["permissions"]; echo '$permissions'; } Now to restick im ok with like to but more then that i get confused.. this shows navigation on levels of permissions.. if ($row10['permissions'] == 2) { print "<a href=\"U.php\"><img src=\"./Icons/Users.png\" title=\"Prof\" /></a>"; } else { print "<img src=\"./Icons/Users_o.png\"/>"; } 2 levels if ($row10['permissions'] == 5) { print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>"; } elseif ($row10['permissions'] == 2) { print "<a href=\"Prof_1.php\"><img src=\"./Icons/sec.png\" title=\"Enseignant(e)\"/></a>"; } else { print "<img src=\"./Icons/sec_o.png\" title=\"Enseignant(e)\"/>"; } ok so instead of have 10 lines of codes can i $row10['permissions'] == 5&2&3 ??? and can i do if not permissions ==5 redirect to loggin.. thanks What is the best way to force a user to input numeric value into a form, with the following condition: Either the number is an integer (positive or negative or zero), or non integer but limited to the one digit behind the dot (e.g. 1.2 is valid, but 1.21 is not)? I know I can test it in the server side, but I prefer it to be on the form side. Can it be in the HTML level? I am trying to find a workaround for people using bookmarks and executing them simultaneously forcing a script to run thousands of times in just a second. Is there a way I can implement a token or a short bit of javascript that would force the user to use the link vs bookmarked URL pages? Sorry if I am being vague here but its really causing me issues having people doing this on my site. Hi, I have been searching everywhere to try to figure out how to restrict the number of chararacters shown when I do a while loop of data. The one I want to restrict is Property_Short_Description here - <?php echo "2.gif vspace=5 border=0><br />"; echo $row['Property_Short_Description'];} ?> Thanks so much Hi All, Im new to this forum but think its going to be a regular location for me for quite a while. Im very very new to php and the guy that was doing code for me is not responding to emails, so i thought id have a go myself...lol at the moment im going through the trial and error phase while learning. I have edited some of the code he has put on the site to create a new look. the original page: http://www.ridersguide.co.uk/county_accommodation.php?county=4; the one im trying:http://www.ridersguide.co.uk/county_accommodation2.php?county=4; The new bit is to add a preview of the text for the page. echo $row[ad_text]; the code above brings up all the text but i only want to show the first 4 or 5 lines. Is this possible in php? Any help appreciated Neil I'm using the restrict content pro plugin to accept website registrations. I would like users to have the ability to click a checkbox on the registration page and it automatically applies a $50 discount. I am using this code to add a checkbox to the registration field, but I'm having trouble applying the "RCP_Discount" class when the box is checked. Any help would be greatly appreciated. Thank you! ~Sarah hi... I have a site that allows user to download some files. at present if i type http://www.abc.com/files/xyz.zip it allows all the users to access and download files. I want only the login users can access these files....... pls help how to do this. thanks in advance This topic has been moved to PHP Regex. http://www.phpfreaks.com/forums/index.php?topic=351154.0 This topic has been moved to Apache HTTP Server. http://www.phpfreaks.com/forums/index.php?topic=357293.0 How to configure the server to restrict a user from accessing the directory structure, by changing the URL? for example: if the server redirects the user to the following URL upon successful login. http://mysite/dir1/dir2/dir3/phpfile.php currently, if i try change the URL to http://mysite/dir1/ even though there is no index webpage for dir1/, the directory structure gets exposed. how do i go about restricting the user from accessing the directory structure and throw an error message at him like "you are not authorised to view this", whenever a "smarty-pants" user tries to edit the URL manually. The user should only be able to see the webpages which the server redirects him to. nothing else. How to configure the PHP server such that, if the URL is modified manually, server should redirect to an error page instead of exposing the directory structure. This topic has been moved to PHP Installation & Configuration. http://www.phpfreaks.com/forums/index.php?topic=332517.0 Hi guys, in my database i have the table called users, where i have 5 fields (id, username, email, password, user_level) - for the user_level field i have 2 options administrator and editor.
What i want to do is that when the user who is logged in have administrator in the user_level field to see all the pages from backend, and the user who have in the user_level field editor to see only some of the pages from the backend such as newsletter, or messages.
I hope you understand what i'm asking if not fell free to ask me if you need more specific details.
I tried to make a php page called access.php wher i put the following code, but not working
<?php
session_start();
$sql = $mysqli->query("SELECT user_level FROM imobiliare_users WHERE id=$id");
$user_level = $mysqli->query($sql);
echo $user_level;
if ($user_level !="administrator") {
echo "You are not the proper user type to view this page";
die();
}
?>
Hope you can help me. Thx in advance for help.
I have couple of shipping methods DHL & FedEx, if selected products exits in cart show only selected shipping method, how to archive using shopping cart pricing rule or any other way to do this?
|
|||||||