PHP CODING HELP. Pleeeeaaase?

Question

This php script uploads (jpg) and (gif ) images into a directory, but now i want to change the file type to only (xml) files.
I need help, im confused.

I want it to upload only .xml file types. can this be customized?
SCRIPT

html;
if($_GET['do'] == 'upload')
{
//upload all the fields until done
For($i=0; $i <= $_i-1; $i++)
{
//create a random number
$_random = rand(1, 1000000);
//actual file name with the random number
$_file_name =basename($_FILES['file' . $i]['name']);
$actualfilename=basename($_FILES['file' . $i]['name']);
$type= explode('.',strrev($actualfilename));
$type= strrev("$type[0].");
$type=strtolower($type);
//file with the upload folder
$target_path = $upload_dir.$actualuser."$type";
if (in_array($type,$file_exists)) {
}
else {
echo "Invalid file format";
exit();
}
$userjpg="userdata/avatars/$actualuser".".jpg";
$usergif="userdata/avatars/$actualuser".".gif";
if ($type='.jpg' and file_exists($usergif)) {
unlink($usergif);
}
elseif ($type='.gif' and file_exists($userjpg)) {
unlink($userjpg);
}
//do not upload the 'left blank' fields
if(basename($_FILES['file' . $i]['name']) != '')
{

if(move_uploaded_file($_FILES['file' . $i]['tmp_name'], $target_path))
{
//uploaded successfuly
$_uploaded=1;
}
else
{
//error uploading
$_error=1;
}
}
else
{
$_check=$_check+1;
}

}

//file(s) did upload
if($_uploaded == '1')
{
$_uploaded=0;
echo "

Your picture has been uploaded.";
echo ("");
}
//file uploaded?
if($_error == '1')
{
$_error=0;
echo "There was an error uploading some of the file(s), please try again! Maybe the file size. Maximum file size is " . $_max_file_size/1000 . "KB
";
}
//user selected a file?
if($_check == $_i)
{
$_check=0;
echo "Select a file first than click 'Upload File'
";
}
}
?>

Answer 1

You could try something like this


$banned_ext="php|phtml|cgi|pl|asp|jsp|c|cfm|shtml|exe|bat|com|";


function checkfileatt($fname,$fsize){
global $max_size;
global $banned_ext;
$err="No file attached";
//Checking file type in or out of banned file extensions list
$pos1=strrchr($fname,".");
$ftype=str_replace(".","",$pos1);
$blist=explode("|",$banned_ext);
for($i=0;$i if($ftype==$blist[$i]) $err="ERROR: Your file extension (*.$ftype) is not be accepted.";
}

Chris C, this is not for hackers, it is to check the file extension when a file has been upload to a directory or attached to an email. I have used this many times for clients of mine. Actually I don't see how you get the hacking thing at all!!! It is pretty simple if you go through each line. It list the banned file extensions and then checks to make sure the file is not one of them.

Answer 2

Well CMVISME posted a nice checker to make sure that someone's not trying to hack into your site.

Other than that, you can change the following lines:
elseif ($type='.gif' and file_exists($userjpg)) {
unlink($userjpg);
}

To something like this (which is more readable):
else {
switch ($type)
{
case ".gif":
case ".xml":
if (file_exists($userjpg)
unlink($userjpg);
break;
default:
echo "Cannot upload files, other than '.gif', or '.xml'"
exit 1;
break;
}
}

Answer 3

I just want to suggest you can use VB or VS .NET in this particular coding it will be much more easier.

Answer 4

Yes it can be customized. How much do you know about PHP?

Answer 5

ummm idk