Alright, so I mentioned before to one of the admins that smf's file attachment script was lacking, and I asked if I could make my own script. He said it was fine, so I made it. The problem is, I'm trying to get a certain file to upload (because I have limits to what is uploaded), but I don't know how to add an exception for a certain file.

Here is what I have so far:


//Checking the file type and size
if ((($_FILES["file"]["type"] == "image/gif")
|| ($_FILES["file"]["type"] == "image/jpg")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "application/zip")
|| ($_FILES["file"]["type"] == "application/x-bittorrent")
|| ($_FILES["file"]["type"] == "application/x-msdownload")
|| ($_FILES["file"]["type"] == "application/x-sdlc")
|| ($_FILES["file"]["type"] == "image/jpeg")
|| ($_FILES["file"]["type"] == "x-unknown/text"))
&& ($_FILES["file"]["size"] < 5000000))

But when I test the file to be added, I get:

Upload: Tolerance Finder by Abyssal.scar
Type: unknown/unknown
Size: 3.93359375 Kb
Stored in: /tmp/php/phpdcj5Za

The extension, as you can see, is .scar.

I don't want to risk added access for every filetype, so any help is appreciated.

Why must people make it so hard, use an array and compare it like..
<?php
$allowedfiletypes = array("image/gif" , "image/jpg" , "image/jpeg" , "image/png" , "application/zip" , "application/x-bittorrent" , "application/x-msdownload" , "application/x-sdic" , "x-unknown/text" , "myotherallowedfiletypes");
foreach($allowedfiletypes as $cur)
{
if($_FILES['file'] ['type'] == $cur)
{
if($_FILES["files"] ["size"] < 5000000)
{
//Continue//
}
//Too Big Error//
}
else
{
// My Not Allowed Stuff//
}
?>
Also you could use admin verification and just make sure they have access to it and let them make an exception.

I could care less about what I use to check the files.

I don't understand what you are getting at.

Oh sorry, I wasn't reading the question fully. Do you want it to just be able to "make expections" on a file to file basis or make an exception for a certain file type?

Certain filetype.

If your on a free account then that file name isn't allowed. And wont be.

I'm on paid (starter) hosting...

Check the file extension in the filename, do NOT use meta types like image/gif they are unreliable.

Not quite sure how I would go about doing that.

I can help with that :)
use:

<?php
$currentfile = 'filename.php';
$filetype = explode('.' , $currentfile );
$bannedtypes = array('php' , 'exe' , 'etc');
foreach($bannedtypes as $curtype)
{
if($filetype[1] == $curtype)
{
echo 'My Error Msg for Banned File Type';
exit;
}

//Upload and stuff here//
?>

If I was doing this I would use something like that, you could also swap it around and make it allowed file types so it will ban everything else. What files you want to ban go in the array and the others not in it will be allowed.

Oh, ok thanks!

1 Question.

What is this for?

$currentfile = 'filename.php';
$filetype = explode('.' , $currentfile );

Oh, ok thanks!

1 Question.

What is this for?

$currentfile = 'filename.php';
$filetype = explode('.' , $currentfile );

$currentfile is the filename to upload.
$filetype is an array, explode change the filename into an array by using both sides of the dot.

Sorry, I worded my question incorrectly.

$currentfile = 'filename.php';

So, is that checking filename.php for all restricted/allowed files types?

Hold on a sec... I have to fix something, I just found a way someone could get by it so hold on and let me fix it.

<?php
$currentfile = 'filename.php';
$filetype = explode('.' , $currentfile );
$bannedtypes = array('php' , 'exe' , 'etc');
$vulcheck = count($filetype);
foreach($bannedtypes as $curtype)
{
$vulcheck = $vulcheck-1;
if($filetype[$vulcheck] == $curtype)
{
echo 'My Error Msg for Banned File Type';
exit;
}

//Upload and stuff here//
?>

I had to fix a vulnerability because people could do this to a file, filname.gif.php and get by it so this fixes that vulnerability and give the final filename.

$currentfile = 'filename.php';

So, is that checking filename.php for all restricted/allowed files types?

Sorry, I worded my question incorrectly.

$currentfile = 'filename.php';

So, is that checking filename.php for all restricted/allowed files types?

filename.php is the file, it's checking to see if it's a banned file type.