.mp3 Filetype Upload

Question

I'm working on a PHP upload script which allows .mp3 file uploads amongst others. I've created an array which specifies permitted filetypes, including mp3s, and set a maximum upload limit of 500MB:

// define a constant for the maximum upload size
define ('MAX_FILE_SIZE', 5120000);

// create an array of permitted MIME types
$permitted = array('application/msword', 'application/pdf', 'text/plain', 'text/rtf', 'image/gif', 'image/jpeg', 'image/pjpeg', 'image/png', 'image/tiff', 'application/zip', 'audio/mpeg', 'audio/mpeg3', 'audio/x-mpeg-3', 'video/mpeg', 'video/mp4', 'video/quicktime', 'video/x-ms-wmv', 'application/x-rar-compressed');

So far in testing all specified filetypes have been successfully uploaded but for some reason it comes up with an error for .mp3. As you can see above I've included audio/mpeg, audio/mpeg3, and audio/x-mpeg-3 but none of them seem to make a difference.

Can someone suggest what the problem could be and also indicate which audio type is the one needed to allow .mp3 uploads?

Thanks

Update: The code I'm using to run the check on the file is as follows:

// check that file is within the permitted size
        if ($_FILES['file-upload']['size'][$number] > 0 || $_FILES['file-upload']['size'][$number] <= MAX_FILE_SIZE) {
            $sizeOK = true;
        }

        // check that file is of an permitted MIME type
        foreach ($permitted as $type) {
            if ($type == $_FILES['file-upload']['type'][$number]) {
                $typeOK = true;
                break;
            }
        }

        if ($sizeOK && $typeOK) {
            switch($_FILES['file-upload']['error'][$number]) {
                case 0:
                    // check if a file of the same name has been uploaded
                    if (!file_exists(UPLOAD_DIR.$file)) {
                        // move the file to the upload folder and rename it
                        $success = move_uploaded_file($_FILES['file-upload']['tmp_name'][$number], UPLOAD_DIR.$file);
                    }
                    else {
                        // strip the extension off the upload filename
                        $filetypes = array('/\.doc$/', '/\.pdf$/', '/\.txt$/', '/\.rtf$/', '/\.gif$/', '/\.jpg$/', '/\.jpeg$/', '/\.png$/', '/\.tiff$/', '/\.mpeg$/', '/\.mpg$/', '/\.mp4$/', '/\.mov$/', '/\.wmv$/', '/\.zip$/', '/\.rar$/', '/\.mp3$/');
                        $name = preg_replace($filetypes, '', $file);
                        // get the position of the final period in the filename
                        $period = strrpos($file, '.');
                        // use substr() to get the filename extension
                        // it starts one character after the period
                        $filenameExtension = substr($file, $period+1);
                        // get the next filename    
                        $newName = getNextFilename(UPLOAD_DIR, $name, $filenameExtension); 
                        $success = move_uploaded_file($_FILES['file-upload']['tmp_name'][$number], UPLOAD_DIR.$newName);
                    }
                    if ($success) {
                        $result[] = "$file uploaded successfully";
                    }
                    else {
                        $result[] = "Error uploading $file. Please try again.";
                    }
                    break;
                case 3:
                    $result[] = "Error uploading $file. Please try again.";
                default:
                    $result[] = "System error uploading $file. Contact webmaster.";
            }
        }
        elseif ($_FILES['file-upload']['error'][$number] == 4) {
            $result[] = 'No file selected';
        }
        else {
            $result[] = "$file cannot be uploaded. Maximum size: $max. Acceptable file types: doc, pdf, txt, rtf, gif, jpg, png, tiff, mpeg, mpg, mp3, mp4, mov, wmv, zip, rar.";
        }

I'm getting the bottom else result telling me either the file size is wrong or the extension isn't allowed.

Update 2: I've run a print_r of the _FILES array to hopefully provide a little more info. The results are:

Array ( [file-upload] => Array ( [name] => Array ( [0] => Mozart.mp3 [1] => [2] => )

        [type] => Array
            (
                [0] => audio/mpg
                [1] => 
                [2] => 
            )

        [tmp_name] => Array
            (
                [0] => /Applications/MAMP/tmp/php/phpgBtlBy
                [1] => 
                [2] => 
            )

        [error] => Array
            (
                [0] => 0
                [1] => 4
                [2] => 4
            )

        [size] => Array
            (
                [0] => 75050
                [1] => 0
                [2] => 0
            )

    )

)

Answer 1

MAX_FILE_SIZE is a value in Bytes

5120000 is not 500 MB. It's 5MB by my reckoning.

You'll also need to check that you're not exceeding the "post_max_size" and "upload_max_size" variables in your php.ini file

Secondly, an mp3 can be any of the following mimetypes

• audio/mpeg
• audio/x-mpeg
• audio/mp3
• audio/x-mp3
• audio/mpeg3
• audio/x-mpeg3
• audio/mpg
• audio/x-mpg
• audio/x-mpegaudio

http://filext.com/file-extension/MP3

Answer 2

I doubt if you still need this but am sure many will also be facing this same problem. This is what I did and it worked for me.

Php Code:

if(isset($_POST['submit'])) {

    $fileName = $_FILES['userfile']['name'];
    $tmpName = $_FILES['userfile']['tmp_name'];
    $fileSize = $_FILES['userfile']['size'];
    $fileType = $_FILES['userfile']['type'];

if ($fileType != 'audio/mpeg' && $fileType != 'audio/mpeg3' && $fileType != 'audio/mp3' && $fileType != 'audio/x-mpeg' && $fileType != 'audio/x-mp3' && $fileType != 'audio/x-mpeg3' && $fileType != 'audio/x-mpg' && $fileType != 'audio/x-mpegaudio' && $fileType != 'audio/x-mpeg-3') {
        echo('<script>alert("Error! You file is not an mp3 file. Thank You.")</script>');
    } else if ($fileSize > '10485760') {
        echo('<script>alert("File should not be more than 10mb")</script>');
    } else if ($rep == 'Say something about your post...') {
    $rep == '';
    } else {
    // get the file extension first
    $ext = substr(strrchr($fileName, "."), 1); 

    // make the random file name
    $randName = md5(rand() * time());

    // and now we have the unique file name for the upload file
    $filePath = $uploadDir . $randName . '.' . $ext;

    $result = move_uploaded_file($tmpName, $filePath);
    if (!$result) {
        echo "Error uploading file";
    exit;
    }

    if(!get_magic_quotes_gpc()) {

    $fileName = addslashes($fileName);
    $filePath = addslashes($filePath);

    }

    $sql = "INSERT INTO media SET
            path = '$filePath',
            size = '$fileSize',
            ftype = '$fileType',
            fname = '$fileName'";

if (mysql_query($sql)) {
    echo('');
    } else {
        echo('<p style="color: #ff0000;">Error adding audio: ' . mysql_error() . '</p><br />');
}

and your html code will be;

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post" enctype="multipart/form-data"">
      <input type="hidden" name="MAX_FILE_SIZE" value="2000000">
      <input type="file" class="file_input" name="userfile" />
      <input type="submit" value="" name="submit" id="submitStatus" class="submit" />
    </form>

Answer 3

You should never assume the value in $_FILES[...]['type'] actually matches the type of the file. The client can send any arbitrary string, and it's not checked at all by PHP. See here.

You'll have to do the work yourself to actually determine what type of file was uploaded, unless you have a good reason not to care about security at all (which you probably don't). PHP provides the fileinfo package by default, which does the heavy lifting for you. See finfo_file().

Answer 4

1. why not use in_array rather than the foreach loop for type check?
2. when you upload a valid file, have you tried checking the values of the $sizeOK & $typeOK

Answer 5

The 5MB limit is probably your problem.

Answer 6

Here is some code that will give you some symbolic meaning to your errors:

class UploadException extends Exception { 
    public function __construct($code) { 
        $message = $this->codeToMessage($code); 
        parent::__construct($message, $code); 
    } 

    private function codeToMessage($code) { 
        switch ($code) { 
            case UPLOAD_ERR_INI_SIZE: 
                $message = "The uploaded file exceeds the upload_max_filesize directive in php.ini"; 
                break; 
            case UPLOAD_ERR_FORM_SIZE: 
                $message = "The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form"; 
                break; 
            case UPLOAD_ERR_PARTIAL: 
                $message = "The uploaded file was only partially uploaded"; 
                break; 
            case UPLOAD_ERR_NO_FILE: 
                $message = "No file was uploaded"; 
                break; 
            case UPLOAD_ERR_NO_TMP_DIR: 
                $message = "Missing a temporary folder"; 
                break; 
            case UPLOAD_ERR_CANT_WRITE: 
                $message = "Failed to write file to disk"; 
                break; 
            case UPLOAD_ERR_EXTENSION: 
                $message = "File upload stopped by extension"; 
                break; 

            default: 
                $message = "Unknown upload error"; 
                break; 
        } 
        return $message; 
    } 
} 

// Use 
if ($_FILES['file']['error'] === UPLOAD_ERR_OK) { 
    //uploading successfully done 
} else { 
    throw new UploadException($_FILES['file']['error']); 
}

If you're getting an error from your last else statement, it is difficult to tell what exactly triggered it. Try using something like the above. http://www.php.net/manual/en/features.file-upload.errors.php