<?php
ini_set('upload_max_filesize', '70M');
ini_set('post_max_size', '70M');
ini_set('max_input_time', 6000);
ini_set('max_execution_time', 300000);
$f = 'path';
$obj = new COM ( 'scripting.filesystemobject' );
if ( is_object ( $obj ) )
{
$ref = $obj->getfolder ( $f );
//echo 'Directory: ' . $f . ' => Size: ' . $ref->size;
$obj = null;
}
else
{
//echo 'can not create object';
}
if ( $ref->size < 32212254720){
if (($_FILES["fileToUpload"]["type"] == "audio/mp3")
|| ($_FILES["fileToUpload"]["type"] == "audio/wav")
|| ($_FILES["fileToUpload"]["type"] == "audio/mpeg")
&& ($_FILES["fileToUpload"]["size"] >= 26214400)
&& ($_FILES["fileToUpload"]["size"]<= 70000000)
)
{
things done
else
{
echo error
}
echo error space if full
}
the problem is that ($_FILES["fileToUpload"]["size"] >= 26214400) dont work, i can upload files less than 25 mb still?! is that normal? i upload file that is 800bytes and it works any idea how to make it work? or if there is another solution?
This:
if (($_FILES["fileToUpload"]["type"] == "audio/mp3")
|| ($_FILES["fileToUpload"]["type"] == "audio/wav")
|| ($_FILES["fileToUpload"]["type"] == "audio/mpeg")
&& ($_FILES["fileToUpload"]["size"] >= 26214400)
&& ($_FILES["fileToUpload"]["size"]<= 70000000)
)
is wrong, hard to maintain and unreliable.
First of all you are mixing || and && without grouping || in one parenthesis - this is your main problem here. Easily fixed by adding one more set of parenthesis:
if (
(
($_FILES["fileToUpload"]["type"] == "audio/mp3")||($_FILES["fileToUpload"]["type"] == "audio/wav")||($_FILES["fileToUpload"]["type"] == "audio/mpeg")
)
&& ($_FILES["fileToUpload"]["size"] >= 26214400)
&& ($_FILES["fileToUpload"]["size"]<= 70000000)
)
But this is unreadable, so let's just define an array of allowed values and check against it:
$allowed = array("audio/mp3", "audio/wav", "audio/mpeg");
if (
in_array($_FILES["fileToUpload"]["type"], $allowed)
&& ($_FILES["fileToUpload"]["size"] >= 26214400)
&& ($_FILES["fileToUpload"]["size"]<= 70000000)
)
Last thing - $_FILES["fileToUpload"]["type"] can be changed/malformed/spoofed, so it's not something to trust. Use server side solutions to determine filetype by content.