I've been trying and retrying at this code trying to get the file extension and conditionally check against it, but due to the files placement in flow I can't see what's going into $ext.
Can anyone pinpoint what is going wrong here? It's just manipulating the uploads file for dropzone.js.
if (!empty($_FILES)) {
$tempFile = $_FILES['file']['tmp_name']; //3
$targetPath = dirname( __FILE__ ) . $ds. $storeFolder . $ds; //4
$targetFile = $targetPath. $_FILES['file']['name']; //5
$ext = end(explode(".", $_FILES['file']['tmp_name']));
if(filesize($tempFile) < 6000000 and $ext == "png"){
move_uploaded_file($tempFile,$targetFile); //6
}
}
You are using tmp_name variable to get extension which will always give you file with .tmp extension.
In place of
$ext = end(explode(".", $_FILES['file']['tmp_name']));
Use this :
$ext = end(explode(".", $_FILES['file']['name']));
Update :- But it is better to validate the file type by checking its mime time(as said by @castis), as some user might rename its file with some extension and upload it.
Below is a code sample to validate a text file, you can use similar method to validate image type.
$file_type = mime_content_type($_FILES['img']['tmp_name']);
if($file_type == 'text/plain'){
echo "file type is text";
}
?>
<form action="#" method="post" enctype="multipart/form-data">
<input type="file" name="img">
<input type="submit" value="Submit">
</form>