Check Uploaded File Extension on PHP Form

Question

I'm have a PHP contact for that checks for errors in a submission. At one part, I check the file upload for specific extensions. If the extensions isn't allowed (i.e. PHP file), then the form should produce an error message (and NOT upload the file). All of my other error message work, except this one. Please take a look at the code below and let me know if you see the problem (cause I can't see what is wrong)

// *** FILE UPLOAD INFO *** //
//Get the uploaded file information
$name_of_uploaded_file =
    basename($_FILES['uploaded_file']['name']);
//get the file extension of the file
$type_of_uploaded_file =
    substr($name_of_uploaded_file,
    strrpos($name_of_uploaded_file, '.') + 1);
$size_of_uploaded_file =
    $_FILES["uploaded_file"]["size"]/1024;//size in KBs

//FILE UPLOAD
        //Settings
        $max_allowed_file_size = 5000; // size in KB
        $allowed_extensions = array("jpg", "jpeg", "gif", "bmp", "png", "zip", "pdf", "doc", "rtf");
        // Validations
        if($size_of_uploaded_file > $max_allowed_file_size )
        {
          $errors .= "<li>Size of file should be less than $max_allowed_file_size </li>";
        }
        //------ Validate the file extension -----
        $allowed_ext = 0;
        for($i=0; $i<sizeof($allowed_extensions); $i++)
        {
          if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file) == 0)
          {
            $allowed_ext = 1;
          }
        }

        if($allowed_ext==1)
        {
          $errors .= "<li>The uploaded file is not supported file type</li>";
          // " Only the following file types are supported: ".implode(',',$allowed_extensions);
        }

       // Check for Errors
       if(strlen($error_message) > 0) { // Check length of error message
          $errors=1; // There are Errors
       }    

Answer 1

Got the answer. The .errors variable was conflicting with another one earlier in the form. So, it was not validating the error. Got it working. Thanks!

Answer 2

Simply use in_array(), replace your code with new one

// your code to be replaced    
//------ Validate the file extension -----

    $allowed_ext = 0;
    for($i=0; $i<sizeof($allowed_extensions); $i++)
    {
      if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file) == 0)
      {
        $allowed_ext = 1;
      }
    }

    if($allowed_ext==1)
    {
      $errors .= "<li>The uploaded file is not supported file type</li>";
      // " Only the following file types are supported: ".implode(',',$allowed_extensions);
    }


// new code
//------  Validate the file extension -----

if(!in_array($type_of_uploaded_file,$allowed_extensions))
{
    $errors .= "<li>The uploaded file is not supported file type</li>";         
}

Answer 3

You have inverted the conditional so that, if your if syntax is correct, it will give you the contrast result. i.e if it is a php file will be uploaded, but jpg will be not. So I prefer to make $allowed_ext a Boolean value. i.e true or false, the way of setting it as 0 or 1 may cause confusion and need may need other operators.

$allowed_ext = false;
        for($i=0; $i<sizeof($allowed_extensions); $i++)
        {
          if(strcasecmp($allowed_extensions[$i],$type_of_uploaded_file) == 0)
          {
            $allowed_ext = true;
          }
        }

        if(!$allowed_ext)
        {
          $errors .= "<li>The uploaded file is not supported file type</li>";
          // " Only the following file types are supported: ".implode(',',$allowed_extensions);
        }....