.mp3 Filetype Upload

Question

I\'m working on a PHP upload script which allows .mp3 file uploads amongst others. I\'ve created an array which specifies permitted filetypes, including mp3s, and set a maxi

Answer 1

I doubt if you still need this but am sure many will also be facing this same problem. This is what I did and it worked for me.

Php Code:

if(isset($_POST['submit'])) {

    $fileName = $_FILES['userfile']['name'];
    $tmpName = $_FILES['userfile']['tmp_name'];
    $fileSize = $_FILES['userfile']['size'];
    $fileType = $_FILES['userfile']['type'];

if ($fileType != 'audio/mpeg' && $fileType != 'audio/mpeg3' && $fileType != 'audio/mp3' && $fileType != 'audio/x-mpeg' && $fileType != 'audio/x-mp3' && $fileType != 'audio/x-mpeg3' && $fileType != 'audio/x-mpg' && $fileType != 'audio/x-mpegaudio' && $fileType != 'audio/x-mpeg-3') {
        echo('<script>alert("Error! You file is not an mp3 file. Thank You.")</script>');
    } else if ($fileSize > '10485760') {
        echo('<script>alert("File should not be more than 10mb")</script>');
    } else if ($rep == 'Say something about your post...') {
    $rep == '';
    } else {
    // get the file extension first
    $ext = substr(strrchr($fileName, "."), 1); 

    // make the random file name
    $randName = md5(rand() * time());

    // and now we have the unique file name for the upload file
    $filePath = $uploadDir . $randName . '.' . $ext;

    $result = move_uploaded_file($tmpName, $filePath);
    if (!$result) {
        echo "Error uploading file";
    exit;
    }

    if(!get_magic_quotes_gpc()) {

    $fileName = addslashes($fileName);
    $filePath = addslashes($filePath);

    }

    $sql = "INSERT INTO media SET
            path = '$filePath',
            size = '$fileSize',
            ftype = '$fileType',
            fname = '$fileName'";

if (mysql_query($sql)) {
    echo('');
    } else {
        echo('<p style="color: #ff0000;">Error adding audio: ' . mysql_error() . '</p><br />');
}

and your html code will be;

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data"">
      <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
      <input type="file" class="file_input" name="userfile" />
      <input type="submit" value="" name="submit" id="submitStatus" class="submit" />
    </form>

Answer 2

Here is some code that will give you some symbolic meaning to your errors:

class UploadException extends Exception { 
    public function __construct($code) { 
        $message = $this->codeToMessage($code); 
        parent::__construct($message, $code); 
    } 

    private function codeToMessage($code) { 
        switch ($code) { 
            case UPLOAD_ERR_INI_SIZE: 
                $message = "The uploaded file exceeds the upload_max_filesize directive in php.ini"; 
                break; 
            case UPLOAD_ERR_FORM_SIZE: 
                $message = "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"; 
                break; 
            case UPLOAD_ERR_PARTIAL: 
                $message = "The uploaded file was only partially uploaded"; 
                break; 
            case UPLOAD_ERR_NO_FILE: 
                $message = "No file was uploaded"; 
                break; 
            case UPLOAD_ERR_NO_TMP_DIR: 
                $message = "Missing a temporary folder"; 
                break; 
            case UPLOAD_ERR_CANT_WRITE: 
                $message = "Failed to write file to disk"; 
                break; 
            case UPLOAD_ERR_EXTENSION: 
                $message = "File upload stopped by extension"; 
                break; 

            default: 
                $message = "Unknown upload error"; 
                break; 
        } 
        return $message; 
    } 
} 

// Use 
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { 
    //uploading successfully done 
} else { 
    throw new UploadException($_FILES['file']['error']); 
}

If you're getting an error from your last else statement, it is difficult to tell what exactly triggered it. Try using something like the above. http://www.php.net/manual/en/features.file-upload.errors.php

Answer 3

The 5MB limit is probably your problem.

Answer 4

MAX_FILE_SIZE is a value in Bytes

5120000 is not 500 MB. It's 5MB by my reckoning.

You'll also need to check that you're not exceeding the "post_max_size" and "upload_max_size" variables in your php.ini file

Secondly, an mp3 can be any of the following mimetypes

• audio/mpeg
• audio/x-mpeg
• audio/mp3
• audio/x-mp3
• audio/mpeg3
• audio/x-mpeg3
• audio/mpg
• audio/x-mpg
• audio/x-mpegaudio

http://filext.com/file-extension/MP3

Answer 5

You should never assume the value in $_FILES[...]['type'] actually matches the type of the file. The client can send any arbitrary string, and it's not checked at all by PHP. See here.

You'll have to do the work yourself to actually determine what type of file was uploaded, unless you have a good reason not to care about security at all (which you probably don't). PHP provides the fileinfo package by default, which does the heavy lifting for you. See finfo_file().

Answer 6

1. why not use in_array rather than the foreach loop for type check?
2. when you upload a valid file, have you tried checking the values of the $sizeOK & $typeOK