Can anyone help. I am using the following code to check that jpg image
only can be uploaded

if ($_FILES['userfile']['type'] != 'image/jpeg')
{
$msg = 'Problem: file is not jpg';
}

when uploading a jpg or jpeg this works fine in firefox but when i try
to upload a jpg using internet explorer an error is produced saying that
it is not a jpg when in fact it is.
Can anyone help
Thanks
bill

On 20 Feb, 00:42, bill <n... [at] noreturn.f9.co.uk> wrote:
> Can anyone help. I am using the following code to check that jpg image
> only can be uploaded
>
> if ($_FILES['userfile']['type'] != 'image/jpeg')
> {
> $msg = 'Problem: file is not jpg';
> }
>
> when uploading a jpg or jpeg this works fine in firefox but when i try
> to upload a jpg using internet explorer an error is produced saying that
> it is not a jpg when in fact it is.
> Can anyone help
> Thanks
> bill

This is because the browser can lie about what it is sending you, are
you sure you have the correct html form encoding:
enctype="multipart/form-data"
see here:
http://www.w3.org/TR/device-upload

you can also set the mime type in the input field itself to specify
images, separated with a space AFAIK - details at the UTL above.

However you still need to implement checking server-side, most do
this, but trying to get the size of the image using the GD library,
and also perhaps trying to extract the thumbnail and showing that (if
present) as a quick way to show your user feedback.

One thing though, don't assume that because it is an image, that it's
safe, use good security practises:
proper "no execute" permissions,
forcetype image/jpeg for the jpeg images directory
parse the image for embedded php code, and erase it if present
if the image is to be public, then you _must_ pretect your server, if
it is not public, then store it where it cannot be accessed via a URL.
I only mention this because a couple of well chosen lines of php
embedded in any image on an unprotected server can give server-wise
access to the person who uploads the image, and knows where to find it
via a URL afterwards.

bill wrote:
> Can anyone help. I am using the following code to check that jpg image
> only can be uploaded
>
> if ($_FILES['userfile']['type'] != 'image/jpeg')
> {
> $msg = 'Problem: file is not jpg';
> }
>
> when uploading a jpg or jpeg this works fine in firefox but when i try
> to upload a jpg using internet explorer an error is produced saying that
> it is not a jpg when in fact it is.
> Can anyone help
> Thanks
> bill

Try:

if (($_FILES['userfile']['type'] != 'image/jpeg') &&
($_FILES['userfile']['type'] != 'image/jpg'))
{
$msg = 'Problem: file is not jpg';
}

or:

//edit array to suit needs
$img_types = array('image/jpeg','image_jpg','image/gif','image/png');
if (!in_array($_FILES['userfile']['type'],$allowed_types))
{
$msg = 'Problem: file is not of allowed image type.';
}

---
Norm

bill wrote:
> Can anyone help. I am using the following code to check that jpg image
> only can be uploaded
>
> if ($_FILES['userfile']['type'] != 'image/jpeg')
> {
> $msg = 'Problem: file is not jpg';
> }
>
> when uploading a jpg or jpeg this works fine in firefox but when i try
> to upload a jpg using internet explorer an error is produced saying that
> it is not a jpg when in fact it is.
> Can anyone help
> Thanks
> bill

I have tried the array approach and it still says image is not a jpg.
I have a javascript that only allows jpg and this works ok and only
allows jpg to the server but the server still says its not a jpg. Here
is the code from the form.
<form enctype="multipart/form-data" action="picture.php" name="frmpic"
method=post onsubmit="return ExtensionsOkay();">
<input type="hidden" name="MAX_FILE_SIZE" value="20000">
Upload image file: <input name="userfile" type="file">
<input type="submit" value="Send File" name="upload">
</form>

$img_types = array('image/jpeg','image_jpg');
if (!in_array($_FILES['userfile']['type'],$img_types))
{
$msg = 'Problem: file is not jpg';
}
How can it say that it is not a jpg when it is and works ok in firefox.

bill wrote:
> bill wrote:
>> Can anyone help. I am using the following code to check that jpg image
>> only can be uploaded
>>
>> if ($_FILES['userfile']['type'] != 'image/jpeg')
>> {
>> $msg = 'Problem: file is not jpg';
>> }
>>
>> when uploading a jpg or jpeg this works fine in firefox but when i try
>> to upload a jpg using internet explorer an error is produced saying
>> that it is not a jpg when in fact it is.
>> Can anyone help
>> Thanks
>> bill
>
> I have tried the array approach and it still says image is not a jpg.
> I have a javascript that only allows jpg and this works ok and only
> allows jpg to the server but the server still says its not a jpg. Here
> is the code from the form.
> <form enctype="multipart/form-data" action="picture.php" name="frmpic"
> method=post onsubmit="return ExtensionsOkay();">
> <input type="hidden" name="MAX_FILE_SIZE" value="20000">
> Upload image file: <input name="userfile" type="file">
> <input type="submit" value="Send File" name="upload">
> </form>
>
> $img_types = array('image/jpeg','image_jpg');
> if (!in_array($_FILES['userfile']['type'],$img_types))
> {
> $msg = 'Problem: file is not jpg';
> }
> How can it say that it is not a jpg when it is and works ok in firefox.

There's a typo... should be 'image/jpg' not 'image_jpg' in the array.

---
Norm

On 20 Feb, 09:30, bill <n... [at] noreturn.f9.co.uk> wrote:
> bill wrote:
> > Can anyone help. I am using the following code to check that jpg image
> > only can be uploaded
>
> > if ($_FILES['userfile']['type'] != 'image/jpeg')
> > {
> > $msg = 'Problem: file is not jpg';
> > }
>
> > when uploading a jpg or jpeg this works fine in firefox but when i try
> > to upload a jpg using internet explorer an error is produced saying that
> > it is not a jpg when in fact it is.
> > Can anyone help
> > Thanks
> > bill
>
> I have tried the array approach and it still says image is not a jpg.
> I have a javascript that only allows jpg and this works ok and only
> allows jpg to the server but the server still says its not a jpg. Here
> is the code from the form.
> <form enctype="multipart/form-data" action="picture.php" name="frmpic"
> method=post onsubmit="return ExtensionsOkay();">
> <input type="hidden" name="MAX_FILE_SIZE" value="20000">
> Upload image file: <input name="userfile" type="file">
> <input type="submit" value="Send File" name="upload">
> </form>
>
> $img_types = array('image/jpeg','image_jpg');
> if (!in_array($_FILES['userfile']['type'],$img_types))
> {
> $msg = 'Problem: file is not jpg';
> }
> How can it say that it is not a jpg when it is and works ok in firefox.

Have you checked to see what the value actually _is_, I am not sure if
my last post worked but you will find that the browser lies.
Install fiddler and watch the headers for yourself and see, so your
whole approach is flawed, because some of your users will find this a
show stopper, not many, but a significant few.

Instead, dont trust the messenger, or in this case IE, simply get the
file's width and height, and if it aint got none, it aint an image.
Then check for executable code embedded inside.
I mean what exactly are you checking to see if is an image for? There
are ico, bmp, tiff. wmf and a whole lot of other images.
If you are checking "so that its safe" then good luck, that wont work,
if you're "checking so it can be put it into a folder called images"
then good luck with that too, instead put stuff up on the server into
a folder where the sun doesn't shine, scan for viruses, and the move
the uploaded file based on what its properties are.

My $0.02.

bill wrote:
> Can anyone help. I am using the following code to check that jpg image
> only can be uploaded
>
> if ($_FILES['userfile']['type'] != 'image/jpeg')
> {
> $msg = 'Problem: file is not jpg';
> }
>
> when uploading a jpg or jpeg this works fine in firefox but when i try
> to upload a jpg using internet explorer an error is produced saying that
> it is not a jpg when in fact it is.
> Can anyone help
> Thanks
> bill

checked the file type and IE said it was uploading. It said it was
image/pjpeg. But it was a jpg.
put that type into the array and the file uploaded ok.
To install fiddler i need to install net 1.1. I run apache and will not
use windows rubbish.
Thanks for your time.

"bill" <news [at] noreturn.f9.co.uk> wrote in message
news:45db3e7e$0$8737$ed2619ec [at] ptn-nntp-reader02.plus.net...
| bill wrote:
| > Can anyone help. I am using the following code to check that jpg image
| > only can be uploaded
| >
| > if ($_FILES['userfile']['type'] != 'image/jpeg')
| > {
| > $msg = 'Problem: file is not jpg';
| > }
| >
| > when uploading a jpg or jpeg this works fine in firefox but when i try
| > to upload a jpg using internet explorer an error is produced saying that
| > it is not a jpg when in fact it is.
| > Can anyone help
| > Thanks
| > bill
|
| checked the file type and IE said it was uploading. It said it was
| image/pjpeg. But it was a jpg.
| put that type into the array and the file uploaded ok.
| To install fiddler i need to install net 1.1. I run apache and will not
| use windows rubbish.

get a clue! a file extension does not a file make. ever consider that it
may, in fact, be a pjpeg? ever consider i may want to hack you by uploading
a script whilst naming it with a .jpg extension? you should do more
validation that what you are...which is next to nothing.

as for 'windows rubbish', tool for the job oh opinionated one...tool for the
job.

On Feb 20, 6:31 pm, bill <n... [at] noreturn.f9.co.uk> wrote:
> bill wrote:
> > Can anyone help. I am using the following code to check that jpg image
> > only can be uploaded
>
> > if ($_FILES['userfile']['type'] != 'image/jpeg')
> > {
> > $msg = 'Problem: file is not jpg';
> > }
>
> > when uploading a jpg or jpeg this works fine in firefox but when i try
> > to upload a jpg using internet explorer an error is produced saying that
> > it is not a jpg when in fact it is.
> > Can anyone help
> > Thanks
> > bill
>
> checked the file type and IE said it was uploading. It said it was
> image/pjpeg. But it was a jpg.
> put that type into the array and the file uploaded ok.
> To install fiddler i need to install net 1.1. I run apache and will not
> use windows rubbish.
> Thanks for your time.

bill there are other proxies not made by Microsoft Employees, however
Eric is a very helpful guy, and he has indicated that it is difficult
for him to manoeuvre within the confines of Microsoft legal, and so
the tool remains free, and as open as possible - in fact you can code
within in using .NET (which incidentally is a cross platform
technology thanks to Novell and Mono) so you are free to extend
fiddler as you like, while the support comes from Eric should you need
it, not from Microsoft.

As for your actual problem, I am still a little bit surprised you
haven't taken the point: that a mimetype is little more than a string
of text sent by the browser, it doesnt mean it _is_ a jpeg - oh that
life were that simple.
I obviously don't want to beat you over the head with this, but you
are on a journey of discovery and why not just take the advice of the
newsgroup you post on. Steve and I are looking out for you. If you
want to allow image uploads, then make sure they are images, after all
if you receive a brown box with "this is your cd from amazon" you dont
get happy 'til you've opened it, checked its not broken, played it and
it is what you paid for.

Who told you in the first place that mimetype checking was the way to
go, and why believe them over us, email me your url if you need proof,
I'll leave a helloworld.txt file in the doc root of your site. (white
hat)

bill wrote:
> Can anyone help. I am using the following code to check that jpg image
> only can be uploaded
>
> if ($_FILES['userfile']['type'] != 'image/jpeg')
> {
> $msg = 'Problem: file is not jpg';
> }
>
> when uploading a jpg or jpeg this works fine in firefox but when i try
> to upload a jpg using internet explorer an error is produced saying that
> it is not a jpg when in fact it is.
> Can anyone help
> Thanks
> bill
Point taken over mime types. I was just trying to find an easy solution
to allow jpgs on to site. At this stage I am trying to get the site up
and running for testing. Will let you know how it develops. Thanks for
your time and advice it is appreciated.
Bill

"bill" <bill [at] noreturn.co.uk> wrote in message
news:45db6efa$0$8754$ed2619ec [at] ptn-nntp-reader02.plus.net...
| bill wrote:
| > Can anyone help. I am using the following code to check that jpg image
| > only can be uploaded
| >
| > if ($_FILES['userfile']['type'] != 'image/jpeg')
| > {
| > $msg = 'Problem: file is not jpg';
| > }
| >
| > when uploading a jpg or jpeg this works fine in firefox but when i try
| > to upload a jpg using internet explorer an error is produced saying that
| > it is not a jpg when in fact it is.
| > Can anyone help
| > Thanks
| > bill
| Point taken over mime types. I was just trying to find an easy solution
| to allow jpgs on to site. At this stage I am trying to get the site up
| and running for testing. Will let you know how it develops. Thanks for
| your time and advice it is appreciated.

listen, don't cut corners even if you are prototyping something that may be
thrown away. more often than not, a simple, well-written script turns into a
complete application/solution...as does a poorly written one. the point is,
rarely will someone go back and get a prototype production-ready. it just
gets built upon. *always* do your best and *never* program shit on purpose.
EZ is no solution.

there are two ways that verify an image type. one is blatant, the other
requires out-of-the-box thinking...but both are standard to php. get out
there and and find them.

<he steps down from soap box and presses 'send'>

bill wrote:
> bill wrote:
>> Can anyone help. I am using the following code to check that jpg image
>> only can be uploaded
>>
>> if ($_FILES['userfile']['type'] != 'image/jpeg')
>> {
>> $msg = 'Problem: file is not jpg';
>> }
>>
>> when uploading a jpg or jpeg this works fine in firefox but when i try
>> to upload a jpg using internet explorer an error is produced saying
>> that it is not a jpg when in fact it is.
>> Can anyone help
>> Thanks
>> bill
>
> checked the file type and IE said it was uploading. It said it was
> image/pjpeg. But it was a jpg.
> put that type into the array and the file uploaded ok.
> To install fiddler i need to install net 1.1. I run apache and will not
> use windows rubbish.
> Thanks for your time.

Sorry about that... I realized after I headed to work that IE likes
to use 'image/pjpeg'... you should be set now.

Norm

bill wrote:
> bill wrote:
>> Can anyone help. I am using the following code to check that jpg image
>> only can be uploaded
>>
>> if ($_FILES['userfile']['type'] != 'image/jpeg')
>> {
>> $msg = 'Problem: file is not jpg';
>> }
>>
>> when uploading a jpg or jpeg this works fine in firefox but when i try
>> to upload a jpg using internet explorer an error is produced saying
>> that it is not a jpg when in fact it is.
>> Can anyone help
>> Thanks
>> bill
> Point taken over mime types. I was just trying to find an easy solution
> to allow jpgs on to site. At this stage I am trying to get the site up
> and running for testing. Will let you know how it develops. Thanks for
> your time and advice it is appreciated.
> Bill

Bill,

You're doing just fine... you gotta start somewhere. What you are
doing is just the first line of defense. Some links to check out:

These are a good start-
http://www.php.net/manual/en/function.gd-info.php
http://www.php.net/manual/en/function.getimagesize.php

These may take more effort-
http://www.php.net/manual/en/function.imagetypes.php
http://www.php.net/manual/en/function.mime-content-type.php
http://www.php.net/manual/en/ref.fileinfo.php


Norm