> Is it possible to check a file in $_FILES['userfile']['tmp_name'] to > make sure it is of a certain format? I want to allow a user to only > upload jpegs or mpegs, and want to check what format the file is in.
If there are only a few types, and you know what those types should look like, it shouldn't be too hard. Maybe. For instance, you could try having ypur application open the putative jpeg with the GIMP, and if the GIMP fails to open it or bombs, then your application rejects the upload. ;-P (If you actually did use the GIMP for this, however, you don't want to call the GIMP directly from PHP/Apache. Not only would it bog your web app down, but it would potentially open your site up to secure attacks against a piece of software that is not known to be secure. What you'd want is something like a cron job to look at the upload directory for new uploads and pass them to a script that would call the GIMP to do the check. That way, if the GIMP dies, there is no open shell connected to an IP port. The cron job would also want to call something to clean up any dead processes left around.) I think there are dedicated jpeg validation libraries floating around. Not sure about MPEG. If it's a simple format, you may be able to write your own parser (regex?) for it, in which case, maybe you only need to check the first 100 or 1000 or so bytes. Checking to make sure a file was _not_ an MS-DOS executable used to be fairly easy. Anyway, whether you parse or let the user tell you (MISE) depends on how careful you need to be (i. e., what your application is going to do with the upload). -- Joel Rees, programmer, Kansai Systems Group Altech Corporation (Alpsgiken), Osaka, Japan http://www.alpsgiken.co.jp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
