Checking images

[Wizard13335]

Hello. I was wondering, how would you check a file form field to make sure the file is an image file or not (you know, jpg, gif, png). I am pretty sure this is done with PHP, and if it is, please walk me through or give me very detailed explanations on how to incorporate it into my site; I have no idea how PHP works.

Thank you for you help.

[Twey]

As of PHP 4.1.0, the $_FILES array contains data about the uploaded files. This includes the MIME-type of the uploaded file. All you need to do is check that this begins with "image/" (JPEGs are image/jpeg, GIFs are image/gif, PNGs are image/png and so on). However, PHP doesn't check this: it relies on the browser's definition, which can be altered by the user.

PHP Code:

<?php
$file = $_FILES['nameOfInputElement'];

$isImage = explode("/", $file['type']);
$isImage = $isImage[0];
$isImage = ($isImage == "image");
if($isImage) {
  // Do the file upload stuff, accept the file
} else {
  // Yell at the user and die.
}
?>

If you're using a *n?x server with the file(1) utility installed, you can perform a simpler and far more reliable check using it:

PHP Code:

<?php
$file = $_FILES['nameOfInputElement'];
$mimetype = shell_exec("file -i " . $file['tmp_name']);
$mimetype = explode(": ", $mimetype);
$mimetype = $mimetype[1];
$isImage = explode("/", $mimetype);
$isImage = $isImage[0];
$isImage = ($isImage == "image");

if($isImage) {
  // Do the file upload stuff, accept the file
} else {
  // Yell at the user and die.
}
?>

There are also mimetype handling thingummies for PHP. See this for these - there are numerous deprecations and setup steps.

[Wizard13335]

Um, im really bad at figuring how to do this, but how would i incoporate that code into my site? I seriously don't know anything abuot PHP except that everything begins with $.

Thank you.

[Twey]

Heh. I presume you already have a working something-or-other to do with the file. All you have to do is replace " // Do the file upload stuff, accept the file " with your current code, and " // Yell at the user and die. " with a page telling the user that their file has failed to pass your checks. You can use ?> to switch back into HTML-parsing mode, and <?php to enter into PHP mode again. For example:

PHP Code:

<?php
$file = $_FILES['nameOfInputElement'];
$mimetype = shell_exec("file -i " . $file['tmp_name']);
$mimetype = explode(": ", $mimetype);
$mimetype = $mimetype[1];
$isImage = explode("/", $mimetype);
$isImage = $isImage[0];
$isImage = ($isImage == "image");

if($isImage) {
  // Do the file upload stuff, accept the file
} else {
  // Everything from the ? > down to the next < ?php is plain HTML,
  // to be displayed if the file fails validation.
?>
<html>
  <head>
    <title>Validation Failed</title>
  </head>
  <body>
    This isn't an image file!  What are you thinking of?!
  </body>
</html>
<?php
}
?>

[Wizard13335]

I think I get it now, but to use the code do I just insert the "<?php" tag thing at the top of my page? Because although you explained how to modify the code, i still have no idea how to actually connect the code to an HTML page. No offense, of course; I think it's great that you know all this, especially since i am the world's biggest noob at PHP coding.

[Twey]

Heh. You can just put an ?> tag after "if($isImage) {", then paste your page there, then put another <?php tag at the end of your page.

[Wizard13335]

Sorry about all those questions. Thank you very much!