PDA

View Full Version : Checking images



Wizard13335
11-05-2005, 09:11 PM
Hello. I was wondering, how would you check a file form field to make sure the file is an image file or not (you know, jpg, gif, png). I am pretty sure this is done with PHP, and if it is, please walk me through or give me very detailed explanations on how to incorporate it into my site; I have no idea how PHP works.

Thank you for you help. :)

Twey
11-06-2005, 11:35 AM
As of PHP 4.1.0, the $_FILES array contains data about the uploaded files. This includes the MIME-type of the uploaded file. All you need to do is check that this begins with "image/" (JPEGs are image/jpeg, GIFs are image/gif, PNGs are image/png and so on). However, PHP doesn't check this: it relies on the browser's definition, which can be altered by the user.

<?php
$file = $_FILES['nameOfInputElement'];

$isImage = explode("/", $file['type']);
$isImage = $isImage[0];
$isImage = ($isImage == "image");
if($isImage) {
// Do the file upload stuff, accept the file
} else {
// Yell at the user and die.
}
?>
If you're using a *n?x server with the file (http://linux.ctyme.com/man/man0754.htm)(1) utility installed, you can perform a simpler and far more reliable check using it:

<?php
$file = $_FILES['nameOfInputElement'];
$mimetype = shell_exec("file -i " . $file['tmp_name']);
$mimetype = explode(": ", $mimetype);
$mimetype = $mimetype[1];
$isImage = explode("/", $mimetype);
$isImage = $isImage[0];
$isImage = ($isImage == "image");

if($isImage) {
// Do the file upload stuff, accept the file
} else {
// Yell at the user and die.
}
?>
There are also mimetype handling thingummies for PHP. See this (http://uk.php.net/mime_magic) for these - there are numerous deprecations and setup steps.

Wizard13335
11-07-2005, 04:04 AM
Um, im really bad at figuring how to do this, but how would i incoporate that code into my site? I seriously don't know anything abuot PHP except that everything begins with $.

Thank you.

Twey
11-07-2005, 12:23 PM
Heh. I presume you already have a working something-or-other to do with the file. All you have to do is replace " // Do the file upload stuff, accept the file " with your current code, and " // Yell at the user and die. " with a page telling the user that their file has failed to pass your checks. You can use ?> to switch back into HTML-parsing mode, and <?php to enter into PHP mode again. For example:

<?php
$file = $_FILES['nameOfInputElement'];
$mimetype = shell_exec("file -i " . $file['tmp_name']);
$mimetype = explode(": ", $mimetype);
$mimetype = $mimetype[1];
$isImage = explode("/", $mimetype);
$isImage = $isImage[0];
$isImage = ($isImage == "image");

if($isImage) {
// Do the file upload stuff, accept the file
} else {
// Everything from the ? > down to the next < ?php is plain HTML,
// to be displayed if the file fails validation.
?>
<html>
<head>
<title>Validation Failed</title>
</head>
<body>
This isn't an image file! What are you thinking of?!
</body>
</html>
<?php
}
?>

Wizard13335
11-08-2005, 04:19 AM
I think I get it now, but to use the code do I just insert the "<?php" tag thing at the top of my page? Because although you explained how to modify the code, i still have no idea how to actually connect the code to an HTML page. No offense, of course; I think it's great that you know all this, especially since i am the world's biggest noob at PHP coding.

Twey
11-08-2005, 09:45 AM
Heh. You can just put an ?> tag after "if($isImage) {", then paste your page there, then put another <?php tag at the end of your page.

Wizard13335
11-08-2005, 02:17 PM
Sorry about all those questions. Thank you very much!