Max Image width and height condition ignored by opera?
 

This one is making em go a little crazy. The script works perfectly for uploading an avatar no bigger than 100px by 100px and 100kb in size, producing an error if any of the conditions are not met in Firefox and IE, but in opera, it will allow me to upload any image, regardless of it's dimensions or size. Can anyone take a look at the code I have and see if they spot a problem that needs fixing? Any help is appreciated!

You should not be doing this in javascript, even if it works it can be easily bypassed by anyone (this includes your filetype validation). This type of validation should ALWYAS be done on the server side.

Forgive me Village, but I'm not quite following. I mean the page is a standalone php file built and defined into the CMS I'm using. The only javascript I'm using is Shadowbox to show this page in a small box on the site. Any suggestions on how I should code the script then?

Let's clean up the code a little before we start narrowing down where the issue is - I noticed you are using getimagesize() to find the dimensions of the image, but you're using a custom function to determine the file type.

Never trust a file extension to be what it says it is. I could easily rename an executable to dot jpg and trick your script into believing it was an image - getimagesize will attempt to return the correct mime-type for the file that has been uploaded if your expecting only images. The other option would be <a href="http://us3.php.net/manual/en/ref.fileinfo.php">FileInfo</a> but I don't see any reason you wouldn't be just fine using getimagesize.

I'm not seeing the JavaScript that VI is mentioning but maybe I missed something there; outside of that, zomg, I haven't seen the CENTER element since Netscape.

Never mind what I said, for some reason I thought that was javascript. Looking at it again I have no clue why.

Yeah sorry about the center tags, I was just trying to breeze through it to get a working beta. I usually use all divs, but I didn't want to go through all the trouble of styling at the moment so I just coded it the fastest way possible.

Heh, no worries. Yeah the only JS that's being used is shadowbox to show the page.


Anyway, I'll revise the code and clean it up a bit. Should be a couple of hours but I'll have a revised code posted soon.

Thanks for the help guys!

I wasn't picking on them, just so you know. I just honestly haven't seen them in so long it was kind of a flash back for me. One of the first sites I ever designed was on Geocities Area51 back when frames were first introduced and we all thought they were soooooo darn snazzy. That and make everything an animated gif... gah.

Here's what I dont get though. Even if I use "getimagesize" and have it grab the image's type, which returns a numerical result in which I hav have an array define it if I wish, I'm still able to rename a .exe as a .jpg and upload it into the form successfully.

I am expecting only jpg, png and gif extensions to be allowed, but I'm not seeing, or maybe not understanding an efficient way to do that. I've never really tinkered with image/file upload operations before so I feel utterly lost.

I also read the php manual on fileinfo, and I dont even understand how to properly use it.

Any ideas?

Heh, I remember Geocities well. That was what I first used in 2002 to make a website. It was actually one of the coolest sitebuilders in the day with the drag and drop feature for the content. Although now I look back and compare it to all the dynamic content and jquery utilities and laugh so hard.

Seems to be working a lot better now. I also figured out how to stop files that aren't real images by checking the file's true mime type. Tested it by trying to upload an exe renamed as an image extension.

Please let me know if you spot anything else out of whack.

Thanks!

while ($feedback != '1') {
echo 'Bump';
}

Why did I use my PSP to type this? *Sigh*