How Can I Rename Certain File Extensions In A PHP Uploader?

Question

I am trying to make it so when a user uploads a .sh file it will change the file extension to .txt before it gets on my server. My current code is

$fileName = $_FILES["file"]["name"];
$fileSize = $_FILES["file"]["size"];
$fileExt = explode(".", $fileName);
$fileRealExt = strtolower(end($fileExt));
$uploadDirectory = "/uploads/";
$currentDirectory = getcwd();
$uploadPath = $currentDirectory . $uploadDirectory . basename($fileName);
$newFileName = uniqid("", true)  . "." . $fileRealExt;
$fileTmpName = $_FILES["file"]["tmp_name"];
$fileUploadPath = $currentDirectory . $uploadDirectory . $newFileName;
$notAllowed = array("sh");
if (isset($_POST["submit"])) {
        if (in_array($fileRealExt, $notAllowed)) {
                $fileName = $fileExt[0] . ".txt";
                $newFileName = uniqid("", true)  . ".txt";
                $didUpload = move_uploaded_file($fileTmpName, $fileUploadPath);
                if ($didUpload) {
                        header("Location: $uploadDirectory$newFileName");
                } else{
                        header("Location: error.php");
                }
        }
}
?>

Right now what it does is the header() will take you to the randomized filename with the .txt extension but it will be there and it will not upload at all. How can I fix this?

`move_uploaded_file` uses `$fileUploadPath` as the destination, but that's defined before you try to do the renaming, so it still has its earlier value. Therefore you haven't removed the problem at all. — ADyson, Aug 17 '21 at 17:26

How Can I Rename Certain File Extensions In A PHP Uploader?

0 Answers0