How to check the content of an uploaded file without relying on its extension?

Question

How do you go about verifying the type of an uploaded file reliably without using the extension? I\'m guessing that you have to examine the header / read some of the bytes,

Answer 1

That indeed is what the Unix file program does, with greater or lesser degrees of reliability. In part, it depends on whether the programs whose files you are trying to detect emits a file header; the program tar is notorious for not doing so. It depends on how many types of files you plan to try and recognize, but it might well be simplest to use an implementation of file; it recognizes many file types, and modern versions are extensible via a file of extra file type definitions that can handle a multitude of scenarios.