0

I have a form which is located here, http://brandybrowauto.com/npo3.html, and the code is below. The first section is the html form itself which just collects some information and then calls npo3.php to collect the data and upload the image and add some json to a file. While it is still messy and needs alot of cleanup i just want to get the feature itself working. I have some small validation, but during my tests, into a folder which has full 777 permissions, I continue to get the error for "This extension is not allowed, please upload images only." which is the extension checker I have in the php page. I dont know why I keep getting this when the file is definitely one of those types I have in the approved array. I have the right enctype on the form and store the filename in a variable that I use in the script. Any ideas whats happening to cause that every time I try to upload?

<form action="npo3.php" method="post" enctype="multipart/form-data" name="add_car" onsubmit="checkForm();">
                                <table cellspacing="8" cellpadding="8" style="margin:0 auto;">
                                    <tr>
                                        <td>
                                            <table cellspacing="8" cellpadding="8">
                                                <tr>
                                                    <td>
                                                        <select name="make" id="make">
                                                            <option value="">- Select Make -</option>
                                                            <option value="Acura">Acura</option>
                                                            <option value="Audi">Audi</option>
                                                            <option value="BMW">BMW</option>
                                                            <option value="Buick">Buick</option>
                                                            <option value="Cadillac">Cadillac</option>
                                                            <option value="Chevrolet">Chevrolet</option>
                                                            <option value="Chrysler">Chrysler</option>
                                                            <option value="Daewoo">Daewoo</option>
                                                            <option value="Dodge">Dodge</option>
                                                            <option value="Eagle">Eagle</option>
                                                            <option value="Fiat">Fiat</option>
                                                            <option value="Ford">Ford</option>
                                                            <option value="Geo">Geo</option>
                                                            <option value="GMC">GMC</option>
                                                            <option value="Honda">Honda</option>
                                                            <option value="Hyundai">Hyundai</option>
                                                            <option value="Infiniti">Infiniti</option>
                                                            <option value="Isuzu">Isuzu</option>
                                                            <option value="Jaguar">Jaguar</option>
                                                            <option value="Jeep">Jeep</option>
                                                            <option value="Kia">Kia</option>
                                                            <option value="Land_Rover">Land Rover</option>
                                                            <option value="Lexus">Lexus</option>
                                                            <option value="Lincoln">Lincoln</option>
                                                            <option value="Mazda">Mazda</option>
                                                            <option value="Mercedes">Mercedes</option>
                                                            <option value="Mercury">Mercury</option>
                                                            <option value="Mitsubishi">Mitsubishi</option>
                                                            <option value="Nissan">Nissan</option>
                                                            <option value="Oldsmobile">Oldsmobile</option>
                                                            <option value="Plymouth">Plymouth</option>
                                                            <option value="Pontiac">Pontiac</option>
                                                            <option value="Porsche">Porsche</option>
                                                            <option value="Saab">Saab</option>
                                                            <option value="Saturn">Saturn</option>
                                                            <option value="Scion">Scion</option>
                                                            <option value="Subaru">Subaru</option>
                                                            <option value="Suzuki">Suzuki</option>
                                                            <option value="Toyota">Toyota</option>
                                                            <option value="Volkswagen">Volkswagen</option>
                                                            <option value="Volvo">Volvo</option>
                                                        </select>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <input class="gray" type="text" name="stock" id="stock" value="Stock#" onfocus="inputFocus(this);" onblur="inputBlur(this);"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <input class="gray" type="text" name="name" id="name" value="Name" onfocus="inputFocus(this);" onblur="inputBlur(this);"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <input class="gray" type="text" name="year" id="year" value="Year" onfocus="inputFocus(this);" onblur="inputBlur(this);"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <input class="gray" type="text" name="mileage" id="mileage" value="Mileage" onfocus="inputFocus(this);" onblur="inputBlur(this);"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <input class="gray" type="text" name="price" id="price" value="Price" onfocus="inputFocus(this);" onblur="inputBlur(this);"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <input class="gray" type="text" name="desc" id="desc" value="Description" onfocus="inputFocus(this);" onblur="inputBlur(this);"/>
                                                    </td>
                                                </tr>
                                            </table>
                                        </td>
                                        <td>
                                            <table cellspacing="8" cellpadding="8">
                                                <tr>
                                                    <td>
                                                        &nbsp;
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        Image 1:&nbsp;<input type="file" name="image1" id="image1" value="Image1"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        Image 2:&nbsp;<input type="file" name="image2" id="image2" value="Image2"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        Image 3:&nbsp;<input type="file" name="image3" id="image3" value="Image3"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        Image 4:&nbsp;<input type="file" name="image4" id="image4" value="Image4"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        Image 5:&nbsp;<input type="file" name="image5" id="image5" value="Image5"/>
                                                    </td>
                                                </tr>
                                                <tr>
                                                    <td>
                                                        <input type="submit" name="submit" id="submit" value="Submit"/>
                                                    </td>
                                                </tr>
                                            </table>
                                        </td>
                                    </tr>
                                </table>
                            </form>

This is the npo3.php page below. It does a bunch of other stuff too, but its during the for loop during the extension check that i keep hitting that die message.

<?php
$stock = $_POST["stock"];
$name = $_POST["name"];
$year = $_POST["year"];
$mileage = $_POST["mileage"];
$price = $_POST["price"];
$desc = $_POST["desc"];
$make2 = $_POST["make"];

$path2 = "images/PartsCars/".$make2."/info.json";
$string2 = file_get_contents($path2);
$data2 = json_decode($string2, true);

if($stock == ""){
    die('You need to enter a Stock # to match the image name. Please go back and fill in the Stock#.');
}
else {
    $data2[$stock] = array("name" => $name, "year" => $year, "mileage" => $mileage, "price" => $price, "description" => $desc);
}

for($i = 1; $i <= 5; $i++) {

    if($_FILES['image1']['name'] != "") {
        $filename = $_FILES['image'.$i]['name'];
        $filetmpname = $_FILES['image'.$i]['tmp_name'];
        $filetype = $_FILES['image'.$i]['type'];
        $filetype = strtolower($filetype);

        //check if files contain php or asp and kill it 
        $pos1 = strpos($filename,'php');
        $pos2 = strpos($filename,'asp');
        if(!($pos1 === false) && !($pos2 === false)) {
            die('You cannot upload that type of file to our system. Images only.');
        }

        //get the file ext
        $file_ext = strrchr($filename, '.');

        //check if extension is allowed or not
        $allowedExt = array(".jpg",".jpeg",".gif",".png",".JPG",".PNG"); 
        if (!(in_array($file_ext, $allowedExt))){
            die('This extension is not allowed, please upload images only.');
        }

        //check upload type
        $pos = strpos($filetype,'image');
        if($pos === false) {
            die('Only images types are allowed to be uploaded.');
        }
        $imageinfo = getimagesize($_FILES['image'.$i]['tmp_name']);
        if($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg' && $imageinfo['mime'] != 'image/jpg' && $imageinfo['mime'] != 'image/png') {
            die('Only images types are allowed to be uploaded.');
        }

        //check double file type (image with comment)
        if(substr_count($filetype, '/')>1){
            die('Only images types are allowed to be uploaded.');
        }

        // upload to upload direcory 
        $uploaddir = 'images/PartsCars/'.$make2.'/' ;
        move_uploaded_file($filetmpname, $uploaddir.$filename);
    }
    else {
        die('Image 1 did not have any file selected. Please go back and select an image.');
    }
}

file_put_contents($path2, json_encode($data2));

$path = "images/PartsCars/".$make2."/";
$temp_files = scandir($path);
$string = file_get_contents("images/PartsCars/".$make2."/info.json");

$data = json_decode($string);
natsort($temp_files);
//$temp_files = array_reverse($temp_files);

echo '<a href="npo3.html"><button>+Add Car</button></a>';
echo '<table style="padding-left:20px;width:930px;">';

foreach($temp_files as $file) 
{
    if($file != "." && $file != ".." && $file != "Thumbs.db" && $file != basename(__FILE__) && $file != "info.json") 
    {
        echo '<tr>';        
        $info = pathinfo($file);
        $file_name =  basename($file,'.'.$info['extension']);
        $findme  = array(" (2)"," (3)"," (4)"," (5)");
        $findme2  = array(" (1)");
        $pos1 = strpos($file_name, $findme[0]);
        $pos2 = strpos($file_name, $findme[1]);
        $pos3 = strpos($file_name, $findme[2]);
        $pos4 = strpos($file_name, $findme[3]);
        $subpictures = str_replace($findme, "", $file_name);
        $subpictures2 = str_replace($findme2, "", $file_name);

        if ($pos1 !== false || $pos2 !== false || $pos3 !== false || $pos4 !== false) {
            echo '<script type="text/javascript">document.getElementById("'.$subpictures.'").innerHTML += "<a href=\"'.$path.$file.'\"><img src=\"'.$path.$file.'\" style=\"width:100px;height:80px;padding:10px;\"/></a>";</script>';
        }
        else {
            echo '<td style="border-bottom:1px #fff solid;width:240px;"><a href="'.$path.$file.'"><img src="'.$path.$file.'" alt="'.$file.'" style="width:200px;height:150px;padding:20px;"/></a></td>';
            echo '<td style="border-bottom:1px #fff solid;width:440px;">';
            echo '<span style="font-size:2em;padding:10px;color:#fff;font-weight:bold;">'.$data->{$file_name}->{'name'}.'</span><br/>';
            echo '<br/><span style="padding-left:10px;">Year: '.$data->{$file_name}->{'year'}.'</span>';
            echo '<br/><span style="padding-left:10px;">Mileage: '.$data->{$file_name}->{'mileage'}.'</span>';
            echo '<br/><span style="padding-left:10px;">Price: '.$data->{$file_name}->{'price'}.'</span>';
            echo '<br/><span style="padding-left:10px;">Description: '.$data->{$file_name}->{'description'}.'</span>';
            echo '<br/><br/><span style="padding-left:10px;">Please <a href="contact.php">contact us</a> for more details.</span></td>';
            echo '<td style="border-bottom:1px #fff solid;width:250px;" id="'.$subpictures2.'"></td></tr>';
        }
    }
}
echo '</table>'; 

?>
Improve this question
1
  • are you getting the extension error?? Commented Jun 26, 2012 at 4:49

2 Answers 2

Reset to default
2

I think this

for($i = 1; $i <= 5; $i++) {
    if($_FILES['image1']['name'] != "") {

should be

for($i = 1; $i <= 5; $i++) {
    if($_FILES['image'.$i]['name'] != "") {

Also debug extension you are getting:

echo "Image $i:". $file_ext = strrchr($filename, '.');

If you want atleas one file to be uploaded you can add one flag as shown below.

$fileUpload = false;
for($i = 1; $i <= 5; $i++) 
{
    if($_FILES['image'.$i]['name'] != "") 
    {
        .....
        .....
        move_uploaded_file($filetmpname, $uploaddir.$filename);
        $fileUpload = true;
    }    
}
if(!$fileUpload) 
{
    die('Please go back and select atleast one image.');
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Good catch! Since I was just checking that image1 wasnt "" it was trying to run that validation on image2-5 in which i didnt upload an image so there was no extension for it to validate and thus kept giving me that error. I changed that and it worked, but I still want to be able to make sure that AT LEAST image1 was uploaded, how do i just check the first image and then give error if none was selected?
Awesome and so simple. Thanks for all your help. Everything seems to working as is now. I really appreciate it.
1

If you getting extension check error then you are not checking the extension correctly because we are not sure about the extension is in small letters or in capital letters then make the file name in one format to use strtolower() function, see the post for image upload and resize : 

        $filename = strtolower($filename); // Name of the file uploaded by you
        $extension = strrchr( $filename, '.' );
        $auth_exten = array('.jpg', '.jpeg', '.png', '.gif');

        if( in_array( $extension, $auth_exten ) ){
            return true;
        }
        else{
            return false;
        }
Improve this answer

2 Comments

I have the all caps versions of the extensions in my array already, but i tried the way you mentioned and it still gives me that error with the wrong extension.
Thank you for your help, but VibhaJ caught my error. I was checking the extension of the files i didnt even upload.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.