At the moment I have allowed for .jpg files to be uploaded.
How do I add jpeg, gif and png?
My current code is as follows...
$filename = basename($_FILES['photo']['name']);
$ext = substr($filename, strrpos($filename, '.') + 1);
//Check if the file is JPEG image and it's size is less than 5Mb
$allowedExts = array('jpg', 'jpeg', 'gif', 'png');
if ( (in_array($ext, $allowedExts)) && ($_FILES["photo"]["type"] == "image/jpeg") && ($_FILES["photo"]["size"] <= 5242880) ){
//Determine the path to which we want to save this file
$newname = str_replace( ' ', '_', trim( strip_tags( $_POST['name'] ) ) ) . _ . $formKey->generateKey() . '_' . time() . '.jpg';
Make an array of allowed extensions, and check against it. Take a look at http://php.net/manual/en/function.in-array.php.
You'd end with something like:
$allowedExts = array('jpg', 'jpeg', 'gif'); // Add more here
if (in_array($ext, $allowedExts))
{
// Do something here
}
Also, to check the extension of a file, I suggest you to use pathinfo: http://php.net/manual/en/function.pathinfo.php Some people can trick you with uploading files ending with .jpg, but that could be .php files.
[EDIT] Updated as I hate the mini-commenting:
$allowedExtensions = array("image/jpeg", "image/png", "image/gif", "image/pjpeg", "image/jpg");
$pathInfo = pathinfo($_FILES["photo"]["type"]);
if (in_array($pathInfo['extension'], $allowedExtensions))
{
// Do stuff
}
Waaaay simpler this way. This can even be simplified by using pathinfo's second parameter, but I'm assuming you'll need the other elements of the array after.
You could use the following:
if(file_exists($path_image) && in_array(exif_imagetype($path_image),array(1, 2, 3, 6))){ ... }