Wratox1
Member
- Reaction score
- 22
im making a site where you can watch flashfiles(.swf), and i made an upload page where you can upload .swf-files and i have this code to upload the file:
can i make it safer against upload-attacks?
//Wratox
PHP:
<?php
// Configuration - Your Options
$allowed_filetypes = array('.swf'); // These will be the types of file that will pass the validation.
$max_filesize = 5242880; // Maximum filesize in BYTES (currently 5MB).
$upload_path = './flash/'; // The place the files will be uploaded to (currently a 'files' directory).
$count = count(glob("$upload_path/*.*"));
$filename = $_FILES['file']['name']; // Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes))
die('The file you attempted to upload is not allowed.');
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES['file']['tmp_name']) > $max_filesize)
die('The file you attempted to upload is too large.');
// Check if we can upload to the specified path, if not DIE and inform the user.
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
$count += 1;
$name = "$count";
if (move_uploaded_file($_FILES['file']['tmp_name'], $upload_path.$name.'.swf'))
{
die('File is valid, and was successfully uploaded.');
}
else
{
die('Possible file upload attack! <br> ' . $_FILES['file']['name'] . '<br>' . filesize($_FILES['file']['tmp_name']));
}
?>
can i make it safer against upload-attacks?
//Wratox