Check a bit of data before saving the file.

2011-11-02 16:33:57 -04:00 · 2011-11-02 16:33:57 -04:00 · eccd944e31
commit eccd944e31
parent 97f2c5de65
1 changed files with 27 additions and 3 deletions
--- a/upload.php
+++ b/upload.php
@ -10,12 +10,36 @@
 **/

 define('UPLOADS','uploads/');
+$extensions = array('jpg','jpeg','png','gif','bmp');
+
+if($_SERVER['REQUEST_METHOD'] != 'POST') {
+	error('request method error');
+}

 if(array_key_exists('image', $_FILES)) {
 	$file = $_FILES['image'];

-	move_uploaded_file($file['tmp_name'], UPLOADS . $file['name']);
-}
+	$extension = explode('.',$file['name']);
+	$extension = array_pop($extension);
+	$extension = strtolower($extension);

-echo json_encode(array('status'=>'Uploaded successfully','file'=>'http://screens.p5dev.com/' . UPLOADS . $file['name']));
+	//if(!in_array(strtolower(array_pop(explode('.',$file['name'])),$extensions))) {
+	if(!in_array($extension,$extensions)) {
+		error('file extension error.');
+	}
+
+
+
+	if(move_uploaded_file($file['tmp_name'], UPLOADS . $file['name'])) {
+		echo json_encode(array('type'=>'success','status'=>'Uploaded successfully','file'=>'http://screens.p5dev.com/' . UPLOADS . $file['name']));
+		exit;
+	}
+}
+error('unknown error');
+
+
+function error($message) {
+	echo json_encode(array('type'=>'error','status'=>$message));
+	exit;
+}
 ?>