i've got if/else in place to make sure only certain types of audio can be uploaded, but it doesn't seem to be working as other file types(images) are making it past my upload form. What's wrong with my code?
<?php
if($_POST['submit']=="in_mp3")
{
$_FILES['file']['name'] = str_replace (" ", "", $_FILES['file']['name']);
if ($_FILES['file']['name'] != "") {
if (($_FILES['file']['type'] == "audio/mpeg" or "audio/ogg") || ($_FILES['file']['type'] == "application/force-download")) {
if ($_FILES["file"]["size"] < 6097152) {
move_uploaded_file($_FILES["file"]["tmp_name"], "sound/" . $_FILES["file"]["name"]);
echo "File has been stored in your uploads directory.";}
else { echo "Please upload a file that is under 5 mb!";}
} else {
echo "Please upload a mp3 or ogg file!";
exit;}
} else { echo "Please enter a file.";}
}
You need to edit your if condition. The problem is that you evaluate "audio/ogg", which is not equal to "", and therefore, your if condition is always met. Try:
if ($_FILES['file']['type'] == "audio/mpeg" || $_FILES['file']['type'] == "audio/ogg" || $_FILES['file']['type'] == "application/force-download") {
You could also check the file extension:
if (in_array(end(explode(".", $_FILES['file']['name'])), array('mpg','mpeg', 'm2v', 'mp2', 'mp3', 'ogv', 'oga', 'ogx', 'ogg', 'spx')))