php is case sensitive to file extension

Question

right now I have a php that successfully takes files that users want to upload and stores them on a database. these files are required to be either (wav,mp3,aiff) however when they are uploaded apparently Mp3,AIFF, Wav,ect is not acceptable...how do i turn off this case sensitivity? I posted my code just in case it might help, I don't mean to scare off readers.

<?

// Max size PER file in KB
$max_file_size="5000";

// Max size for all files COMBINED in KB
$max_combined_size="10000";

//Maximum file uploades at one time
$file_uploads="10";

//The name of your website
$websitename="Samplepackgenerator";

// Full browser accessable URL to where files are accessed. With trailing slash.
$full_url="http://YOUR_SITE/uploads/";

// Path to store files on your server If this fails use $fullpath below. With trailing slash.
$folder="./uploads/";

// Use random file names? true=yes (recommended), false=use original file name.
// Random names will help prevent files being denied because a file with that name already exists.
$unique_name=true;

// Types of files that are acceptiable for uploading. Keep the array structure.
$allow_types=array("aiff","mp3","wav");


// Only use this variable if you wish to use full server paths. Otherwise leave this empty. With trailing slash.
$fullpath="";

//Use this only if you want to password protect your upload form.
$password=""; 

// Initialize variables
$password_hash=md5($password);
$error="";
$success="";
$display_message="";
$file_ext=array();
$password_form="";

// Function to get the extension a file.
// function get_ext($key) { 
//  $key=strtolower(substr(strrchr($key, "."), 1));
//  //$key=str_replace("wav","mp3","aiff",$key);
//  return $key;
//}

// Filename security cleaning. Do not modify.
function cln_file_name($string) {
    $cln_filename_find=array("/\.[^\.]+$/", "/[^\d\w\s-]/", "/\s\s+/", "/[-]+/", "/[_]+/");
    $cln_filename_repl=array("", ""," ", "-", "_");
    $string=preg_replace($cln_filename_find, $cln_filename_repl, $string);
    return trim($string);
}

// If a password is set, they must login to upload files.
If($password) {

    //Verify the credentials.
    If($_POST['verify_password']==true) {
        If(md5($_POST['check_password'])==$password_hash) {
            setcookie("phUploader",$password_hash);
            sleep(1); //seems to help some people.
            header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);
            exit;
        }
    }

    //Tally the size of all the files uploaded, check if it's over the ammount. 
    If(array_sum($_FILES['file']['size']) > $max_combined_size*1024) {

        $error.="<b>FAILED:</b> All Files <b>REASON:</b> Combined file size is to large.<br />";

    // Loop though, verify and upload files.
    } Else {
        // Loop through all the files.
        For($i=0; $i <= $file_uploads-1; $i++) {
            //Get the file extension
            $file_ext[$i] = pathinfo($_FILES['file']['name'][$i], PATHINFO_EXTENSION);

            // If the file is a file
            If($_FILES['file']['name'][$i]) {
                // Randomize file names

                $file_name[$i]=1;
                while(1){
                $file_name[$i] =$file_name[$i]+1;
                if (!file_exists("uploads/$file_name[$i].$file_ext[$i]")){ break;}
                }

                // Check for blank file name
                If(str_replace(" ", "", $file_name[$i])=="") {

                    $error.= "<b>FAILED:</b> ".$_FILES['file']['name'][$i]." <b>REASON:</b> Blank file name detected.<br />";

                //Check if the file type uploaded is a valid file type. 
                }   
                ElseIf(!in_array($file_ext[$i], $allow_types)) {
                $error.= "<b>FAILED:</b> ".$_FILES['file']['name'][$i]." <b>REASON:</b> Invalide file type.<br />";
                }               
                Elseif($_FILES['file']['size'][$i] > ($max_file_size*1024)) {

                    $error.= "<b>FAILED:</b> ".$_FILES['file']['name'][$i]." <b>REASON:</b> File to large.<br />";

                // Check if the file already exists on the server..
                } 
                Elseif(file_exists($folder.$file_name[$i].".".$file_ext[$i])) {

                    $error.= "<b>FAILED:</b> ".$_FILES['file']['name'][$i]." <b>REASON:</b> File already exists.<br />";

                } 
                Else {

                    If(move_uploaded_file($_FILES['file']['tmp_name'][$i],$folder.$file_name[$i].".".$file_ext[$i])) {

                        $success.="<b>SUCCESS:</b> ".$_FILES['file']['name'][$i]."<br />";


                    } Else {
                        $error.="<b>FAILED:</b> ".$_FILES['file']['name'][$i]." <b>REASON:</b> General upload failure.<br />";
                    }

                }
                } // If Files

        } // For

    } // Else Total Size

    If(($error=="") AND ($success=="")) {
        $error.="<b>FAILED:</b> No files selected<br />";
    }

    $display_message=$success.$error;

} // $_POST AND !$password_form
?>

Answer 1

Wow! Wow! Easy!

File extension has not trusted information of file type. You must check mimetype of file with http://php.net/manual/en/function.finfo-file.php (FILEINFO_MIME_TYPE) because many files can be without extension.

And later you can get extension from mimetype like this: Convert MIME type to file Extension PHP

Answer 2

I believe you just want to wrap your assignment to the $file_ext array in a strtolower function call.

Like so...

$file_ext[$i] = strtolower(
  pathinfo($_FILES['file']['name'][$i], PATHINFO_EXTENSION)
);

Answer 3

Instead of turning off the case sensitivity, you can convert the name to lowercase using the function strtolower(). For more information, please read the manual

Answer 4

Change:

ElseIf(!in_array($file_ext[$i], $allow_types)) {

to:

ElseIf(!in_array(strtolower($file_ext[$i]), $allow_types)) {

This converts all the letters in the file extension to lower case before checking it against the list in $allow_types.