Define which types of files can be uploaded

Hi

Does somebody know how to define which types of files can be uploades by users with the file-upload-tool? I´d like to set it to "just audio and video", because I think it´s a risk to open the doors for all kinds of programmes..

Can somebody help me please?

 

  • On the files plugin (I think it is on start.php) you will have to filter the MIME type that you want to allow or deny to upload.

    Rodolfo Hernandez
    Arvixe/Elgg Community Liaison

  • You could create a hook for the upload action and then simply run a check against allowd and uploaded types.

      $allowedExtensions = array("txt","csv","htm","html","xml",
       
    "css","doc","xls","rtf","ppt","pdf","swf","flv","avi",
       
    "wmv","mov","jpg","jpeg","gif","png");
      foreach (
    $_FILES as $file) {
        if (
    $file['tmp_name'] > '') {
          if (!
    in_array(end(explode(".",
               
    strtolower($file['name']))),
               
    $allowedExtensions)) {
           die(
    $file['name'].' is an invalid file type!<br/>'.
           
    '<a href="javascript:history.go(-1);">'.
           
    '&lt;&lt Go Back</a>');
          }
        }
      }

    Have a look at http://php.net/manual/en/features.file-upload.php

  • Thanks for your answers. Unfortunately I´m not well versed with PHP, so I don´t know exactly how and where I have to insert this code.

    Is there a way to let the user only choose for example mp3s instead of checking the type during the upload? I figure that to be a little bit easier.

    By the way I´m using Elgg 1.8.3.

    Thanks for your help.

  • That should be possible with client-side programming languages like JavaScript (jQuery). You might be able to find a ready-made plugin if you google. 

    Creating a server-side solution with PHP is another way. If you are willing to take the learning curve, we can guid you through the process. First step would be to take a look at the group bookmarks, there are some guidelines how to create a plugin skeleton. Once ready, let us know.

  • Ok, thanks. I think I will have to do this anyway.. 

    But  isn´t there a way to modify the active plugin by now?

  • @IK - I would go with the server-side solution.  Client side is too easy to circumvent, usually all you need is a javascript blocker like noscript and you can do whatever you want.

  • I found a thread where a guy managed to only allow mp3 files. that´s what he wrote:

     

    "Thanks man. It was pretty easy once I realized I had to use the upload.php in the actions/file folder.

    I added a few lines of code like this:

    $file->tags = $tags;

    // allow mp3s only

    $ext = strtolower(substr($_FILES['upload']['name'], -4));

    if ($ext <> ".mp3"){

    echo "Please only upload mp3 files - <a href='http://deltaboogie.net/file/all'>Return to Songs</a>";

    exit;

    }

    // we have a file upload, so process it

    Where the first and last line in the snippet above are existing code I include to show where I added my code.
    Now I'm wondering if this would be better implemented as a plugin or if what I have done, changing the existing system and documenting it, is the best way to approach this.
    It would be trivial to alter this code to allow only .pdf files or only .txt files and very easy to allow only image files, etc.
    Also I use Songs, instead of Files in the prompt because I've changed to the word Songs in my en.php language file. The Delta Boogie Network is a music site and I want only mp3s uploaded because they work with the included player. Of course, the link and the prompt should be customized to match the site."
     
    Can you tell me where and what to insert exactly? I´d like to only allow mp3 and wav.
Beginning Developers

Beginning Developers

This space is for newcomers, who wish to build a new plugin or to customize an existing one to their liking