Identifying a pdf file and upload it to folder

3k views Asked by At

I´m using this php code to upload images to a folder but I would like to allow pdf files to be uploaded also, so I modified a little the code:

<?php

    $target_dir = "extra_images/";
    $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
    $uploadOk = 1;
    $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
    $textFileType = pathinfo($target_file,PATHINFO_EXTENSION);

    // Check if image file is a actual image or fake image
    if(isset($_POST["submit"])) {
        $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
            if($check !== false) {
             //echo "<div class=\"alert alert-success\" role=\"alert\"><strong><span class=\"glyphicon glyphicon-ok\" aria-hidden=\"true\"></span> Correct image type.</strong></div>";
                    $uploadOk = 1;
                } else {
                    echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>File is not an image.</strong></div>";
                    $uploadOk = 0;
                }
            }
            // Check if file already exists
            if (file_exists($target_file)) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>File already exists.</strong></div>";
                $uploadOk = 0;
            }
            // Check file size
            if ($_FILES["fileToUpload"]["size"] > 3750000) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>Your file is too large.</strong></div>";
                $uploadOk = 0;
            }
            // Allow certain file formats
            if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" && $textFileType != "pdf" ) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>Only jpg, jpeg, png, gif and pdf (for the Plan Article) files are allowed.</strong></div>";
                $uploadOk = 0;
            }
            // Check if $uploadOk is set to 0 by an error
            if ($uploadOk == 0) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>The file was not uploaded.</strong></div>";
            // if everything is ok, try to upload file
            } else {
                if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {

                    echo "<div class=\"alert alert-success\" role=\"alert\">The file <strong>". basename( $_FILES["fileToUpload"]["name"]). "</strong> has been uploaded.</div><br>Please copy this filename: <span class=\"form-inline\"><input type=\"text\" value=\"". basename( $_FILES["fileToUpload"]["name"]). "\" class=\"form-control input-sm\" style=\"width:220px;\" /></span> And paste it in an empty Extra image field above and save the form.";
                } else {
                    echo "<div class=\"alert alert-danger\" role=\"alert\">There was an error uploading your file.</div>";
                }
    }
    echo "</br></br><p><button class=\"btn btn-default pull-right\" style=\"margin-right:5px;\" type=\"submit\" onclick=\"javascript:history.go(-1)\"><span class=\"glyphicon glyphicon-step-backward\" aria-hidden=\"true\"></span> Back</button></p>";
 ?>

I added this bit:

&& $textFileType != "pdf" and this: $textFileType = pathinfo($target_file,PATHINFO_EXTENSION);

But this changes I made are not working, it still returns the "this is not an image" message.

What part of the code identifies the filetype? is the $imageFileType a special variable that php uses to identify filetypes?

I´m really confused about this. Can anyone help?

2

There are 2 answers

5
nomistic On BEST ANSWER

The file type for pdfs is application/pdf if you want to check the extension.

However, while you can check file extensions, but that's not a very reliable way of identifying whether a file is a pdf or not (it's easy to change a file extension for just about any file, creating a huge security hole).

While there's nothing in php like getimagesize() for pdfs, you can still check the mime type which is a fairly good step in the process like so:

    if (!empty($_FILES['fileToUpload']['tmp_name'])) {
            $finfo = finfo_open(FILEINFO_MIME_TYPE);
            $mime = finfo_file($finfo, $_FILES['fileToUpload']['tmp_name']);
            if ($mime != 'application/pdf') {

                echo 'this is not a PDF file!';
                exit();
            }
5
Frederico Lopes On

Thank you for all the help, after some code wrestling here it is the final functional version:

<?php

            $target_dir = "extra_images/";
            $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
            $uploadOk = 1;
            $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);

            // Check if image file is a actual image or fake image
            /*if(isset($_POST["submit"])) {
                $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
                if($check !== false) {
                    //echo "<div class=\"alert alert-success\" role=\"alert\"><strong><span class=\"glyphicon glyphicon-ok\" aria-hidden=\"true\"></span> Correct image type.</strong></div>";
                    $uploadOk = 1;
                } else {
                    echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>File is not an image.</strong></div>";
                    $uploadOk = 0;
                }
            }*/
            // Check if file already exists
            if (file_exists($target_file)) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>File already exists.</strong></div>";
                $uploadOk = 0;
            }
            // Check file size
            if ($_FILES["fileToUpload"]["size"] > 3750000) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>Your file is too large.</strong></div>";
                $uploadOk = 0;
            }

            // Allow certain file formats
            /*if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>Only jpg, jpeg, png, gif and pdf (for the Plan Article) files are allowed.</strong></div>";
                $uploadOk = 0;
            }*/

            //Check for pdf format
            if (!empty($_FILES['fileToUpload']['tmp_name'])) {
                $finfo = finfo_open(FILEINFO_MIME_TYPE);
                $mime = finfo_file($finfo, $_FILES['fileToUpload']['tmp_name']);
                if (($mime != 'application/pdf') && ($mime != 'image/jpg') && ($mime != 'image/jpeg') && ($mime != 'image/gif') && ($mime != 'image/png')) {

                    $uploadOk = 0;
                    echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>This file is not a valid file.</strong></div>";

                    //exit();

                }} //this bracket was missing I think



            // Check if $uploadOk is set to 0 by an error
            if ($uploadOk == 0) {
                echo "<div class=\"alert alert-danger\" role=\"alert\"><strong>The file was not uploaded.</strong></div>";
            // if everything is ok, try to upload file
            } else {
                if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {

                    echo "<div class=\"alert alert-success\" role=\"alert\">The file <strong>". basename( $_FILES["fileToUpload"]["name"]). "</strong> has been uploaded.</div><br>Please copy this filename: <span class=\"form-inline\"><input type=\"text\" value=\"". basename( $_FILES["fileToUpload"]["name"]). "\" class=\"form-control input-sm\" style=\"width:220px;\" /></span> And paste it in an empty Extra image field above and save the form.";
                } else {
                    echo "<div class=\"alert alert-danger\" role=\"alert\">There was an error uploading your file.</div>";
                }
            }
            echo "</br></br><p><button class=\"btn btn-default pull-right\" style=\"margin-right:5px;\" type=\"submit\" onclick=\"javascript:history.go(-1)\"><span class=\"glyphicon glyphicon-step-backward\" aria-hidden=\"true\"></span> Back</button></p>";

?>

Regarding the && / || issue, at first I also had the idea of using the || operator, I tried it and it did´t worked, probably because we are using the != to compare so if some file is NOT jpg, NOT pdf... and so on it is not allowed and gets the error message and the &uploadOK = 0 so won´t upload.

Looking at the code this is what is written but still goes against my logic :)

Thank you very much for the help ;)