Sécuriser l'upload d'image ? verifier l'extention .jpg, .gif, .png
Bonjour à tous, une petite question svp.
Je doit sécuriser mon formulaire d'upload.
Mais je ny arrive absolument pas, ca fé une semaine que j'essai plein de truck et la, je suis dans le vide.
Voici mon code, si vous avez une idée, ce serais super kool
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76
|
if(isset($_POST['ajouteranimateur'])){
$cat=$_POST['cat'];
$nomprenom=addslashes($_POST['nomprenom']);
$age=addslashes($_POST['age']);
$bio=addslashes($_POST['bio']);
$emission=addslashes($_POST['emission']);
$uploaddir = "../public/news/";
$image1=$_FILES['image1']['name'];
$uploadfile = $uploaddir . basename($_FILES['image1']['name']);
move_uploaded_file($_FILES['image1']['tmp_name'], $uploadfile);
$commaff= mysql_query("SELECT * FROM ".T_COMMENTAIRES." ORDER BY id_com DESC");
$don = mysql_fetch_array($commaff);
$com=$don[1]+1;
$modif = mysql_query("INSERT INTO ".T_COMMENTAIRES." VALUES('', '$com', '', '', '', '')");
$modif = mysql_query("INSERT INTO ".T_NEWS." VALUES('', '$nomprenom', '$age', '$image1','$bio', '$emission', '$cat','$com')");
$aujourdhui = date("Ymd");
echo'
<SCRIPT language=JavaScript>
alert(\'News Ajoutée\');
</SCRIPT>';
}
if(isset($_GET['add'])){
$commaff= mysql_query("SELECT * FROM ".T_CATNEWS." ORDER BY ordrer");
while ($donnees = mysql_fetch_array($commaff))
{
$option.= '<option value="'.$donnees[0].'">'.stripslashes($donnees[1]).'</option>';
}
echo'<form action="admin_news.php" method="post" enctype="multipart/form-data" name="form1" id="form1" onSubmit="return submitForm();">
<table width="97%" height="200" border="0" cellspacing="0" cellpadding="0" class="main_table">
<tr>
<td height="45" colspan="2" class="t_header"><div align="center">Ajouter une News </div></td>
</tr>
<tr>
<td width="221" height="29" class="td_1"> Choix Categorie: </td>
<td width="414" class="td_2"><select name="cat">
'.$option.'
</select></td>
</tr>
<tr>
<td width="221" height="29" class="td_1">Titre:</td>
<td width="414" class="td_2"><input type="textfield" name="nomprenom" size="80" /></td>
</tr>
<tr>
<td width="221" height="29" class="td_1">Date:</td>
<td width="414" class="td_2"><input name="age" type="textfield" size="80" value="';$date = date("Y-m-d");
Print("$date");echo'
"></td>
</tr>
<tr>
<td width="221" height="29" class="td_1">Description:</td>
<td width="414" class="td_2"><input name="bio" type="textfield" size="80" value="" /></td>
</tr>
<tr>
<td width="221" height="29" class="td_1">Contenu:</td>
<td width="414" class="td_2">';
$oFCKeditor2->Create();
echo'</td>
</tr>
<tr>
<td width="221" height="29" class="td_1"> Image: <strong>(Format carré et renommé)</strong></td>
<td width="414" class="td_2"><input type="file" name="image1" size="80" /></td>
</tr>
<tr>
<td height="45" colspan="2" class="td_1"><div align="center">
<input type="submit" name="ajouteranimateur" value="Ajouter" class="button" />
</div></td>
</tr>
</table>
</form>';
} |