2

I have the following code to check if (resume and reference letter uploaded match desired type (pdf OR doc OR docx) and size (less than 400 kb)

//check file extension and size
         $resume= ($_FILES['resume']['name']); 
         $reference= ($_FILES['reference']['name']); 
         $ext = strrchr($resume, ".");
         $ext1 = strrchr($reference, ".");
        if (!(($_FILES["resume"]["type"] == "application/doc")
        || ($_FILES["resume"]["type"] == "application/docx")
        || ($_FILES["resume"]["type"] == "application/pdf" ))
         && (($_FILES["reference"]["type"] == "application/doc")
        || ($_FILES["reference"]["type"] == "application/docx")
        || ($_FILES["reference"]["type"] == "application/pdf"))
        && (($ext == ".pdf") || ($ext == ".doc") || ($ext == ".docx"))
        && (($ext1 == ".pdf") || ($ext1 == ".doc") || ($ext1 == ".docx"))
        &&  ($_FILES["resume"]["size"] < 400000) //accept upto 500 kb
        &&  ($_FILES["reference"]["size"] < 400000)) {  

stop user } else { allow files to upload }

This is not working as desired, allows even txt files through + the size limit is not being checked, what is wrong with it?

Thanks,

Improve this question
1
  • 3
    OMG, you should rewrite it instead of finding the bug :-) Start by creating a list of allowed mime-types and file endings, then check against this list... Commented Sep 6, 2011 at 15:16

5 Answers 5

Reset to default
7

The below just uses the mime types to validate a file, then checks the size of both. For a list of most mime types see here or google.

function allowed_file(){

//Add the allowed mime-type files to an 'allowed' array 
 $allowed = array('application/doc', 'application/pdf', 'another/type');

//Check uploaded file type is in the above array (therefore valid)  
    if(in_array($_FILES['resume']['type'], $allowed) AND in_array($_FILES['reference']['type'], $allowed)){

   //If filetypes allowed types are found, continue to check filesize:

  if($_FILES["resume"]["size"] < 400000 AND $_FILES["reference"]["size"] < 400000 ){

    //if both files are below given size limit, allow upload
    //Begin filemove here....

    }

    }

}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I realize this post is from last year but I ran into the same issue. I attempted the answer above but my doc and pdf test files do not pass in safari and chrome (haven't tested in ie or ff). Both files are well under the 400kb specified in the script above. I went to the link and got the correct mimes: application/msword (doc) | application/pdf (pdf) | and text/plain (txt). The only other thing I took out was the reference parts.
Couldn't get it to work so I modified it a bit to work for me: ` //Add the allowed mime-type files to an 'allowed' array --endline-- $allowed = array('doc', 'docx', 'txt', 'pdf'); --endline-- //Check uploaded file type is in the above array (therefore valid) --endline-- if(in_array(pathinfo($_FILES['resume']['name'], PATHINFO_EXTENSION), $allowed)){ --endline--`
Even though this post is very old, just in case someone like me finds it trying to get help, I have relevant information to add. The $_FILES['whatever']['type'] value includes quotations, so for example it would be "application/pdf". Those quotations will need to be removed in order for the comparison to match with in_array. For example, in_array(str_replace('"','',$_FILES['whatever']['type'], $allowed))
0

The Mime type for docx is application/vnd.openxmlformatsofficedocument.wordprocessingml.document

Improve this answer

Comments

0

Here is some code I wrote in the past..

function checkFileExtension($ext)
{
    if ($ext == 'ai' || $ext == 'pdf' || $ext == 'jpg' || $ext == 'jpeg' || $ext ==
        'gif' || $ext == 'eps' || $ext == 'tif' || $ext == 'png' || $ext == 'xls' || $ext ==
        'xlsx' || $ext == 'doc' || $ext == 'docx' || $ext == 'ppt' || $ext == 'pptx' ||
        $ext == 'zip' || $ext == 'rar' || $ext == 'sitx' || $ext == 'psd' || $ext ==
        'indd' || $ext == 'dng') {
        $pass = (int)1;
    } else {
        $pass = (int)0;
    }
    return (int)$pass;
}


$ext = substr(strrchr($_FILES['file']['name'], "."), 1);
$fileAccepted = checkFileExtension($ext);
$fileSize = $_FILES['file']['size'];

if($fileAccepted==1 && $fileSize > '82428800'){
    // do stuff
}
Improve this answer

Comments

0

To do that I usually using something like that:

$filename = $_FILES['field_name']['name']; // Get the name of the file (including file extension).
$ext = strtolower(substr($filename, strpos($filename,'.'), strlen($filename)-1)); //get the extention in lower case

And than check if the file extension is accepted.

Also be aware that that the user can simply change the extension for a dangerous file, so it is safer to check with the mime type

Improve this answer

Comments

0

This may be useful:

First check desired mime types to verify:

Microsoft Office MIME Types and List of MIME Types

Then try make your code easier...

    $mimeTypes = array('application/vnd.openxmlformats-officedocument.wordprocessingml.document', 
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 
'application/vnd.openxmlformats-officedocument.presentationml.presentation');

    if (in_array($_FILES["resume"]["type"], $mimeTypes))
    {
        // File's OK
    }
    else
    {
        // Bad file !
    }

Important: User may change file extension, so always check the mime type intead of extension!! =)

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.