This is the code I have first of all
$allowedExts = array("gif", "jpeg", "jpg", "PNG", "png");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif") // .gif
|| ($_FILES["file"]["type"] == "image/jpeg") // .jpeg
|| ($_FILES["file"]["type"] == "image/jpg") // .jpg
|| ($_FILES["file"]["type"] == "image/jpg") // .jpg
|| ($_FILES["file"]["type"] == "image/PNG") // .PNG
|| ($_FILES["file"]["type"] == "image/png")) //.png
&& ($_FILES["file"]["size"] < 2000000)
&& in_array($extension, $allowedExts)
What I want is so I am able to Upload .RAR/.ZIP files as well.
You haven't really given us much to go on, but based on the information we have, you would do something like...
$allowedExts = array("gif", "jpeg", "jpg", "PNG", "png","rar","zip");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif") // .gif
|| ($_FILES["file"]["type"] == "image/jpeg") // .jpeg
|| ($_FILES["file"]["type"] == "image/jpg") // .jpg
|| ($_FILES["file"]["type"] == "image/jpg") // .jpg
|| ($_FILES["file"]["type"] == "image/PNG") // .PNG
|| ($_FILES["file"]["type"] == "image/png")
|| ($_FILES["file"]["type"] == "application/x-rar-compressed")
|| ($_FILES["file"]["type"] == "application/zip"))
&& ($_FILES["file"]["size"] < 2000000)
&& in_array($extension, $allowedExts)
You just need to add the extensions to the $allowedExts array, plus add the mime type for the file types in the check, like so:
$allowedExts = array("gif", "jpeg", "jpg", "PNG", "png", "zip", "rar");
$extension = end(explode(".", $_FILES["file"]["name"]));
if ((($_FILES["file"]["type"] == "image/gif") // .gif
|| ($_FILES["file"]["type"] == "image/jpeg") // .jpeg
|| ($_FILES["file"]["type"] == "image/jpg") // .jpg
|| ($_FILES["file"]["type"] == "image/jpg") // .jpg
|| ($_FILES["file"]["type"] == "image/PNG") // .PNG
|| ($_FILES["file"]["type"] == "image/png")) //.png
|| ($_FILES["file"]["type"] == "application/x-rar-compressed")) //.rar (can also use application/octet-stream)
|| ($_FILES["file"]["type"] == "application/zip")) //.zip (can also use application/octet-stream)
&& ($_FILES["file"]["size"] < 2000000)
&& in_array($extension, $allowedExts)
you can't trust to what's is on $_FILES["file"]["type"] since that is sent by the browser, which could be easily spoofed.
I recommend you to user the fileInfo extension to start, where you can actually check the mime type in the server side.
then use an array of while/black list to allow/deny the type of extension users would upload