So I made a simple MP3 upload script and I want advice on securing it up and improvin

system · September 10, 2006, 10:03am

g it


<?php
if(isset($_GET['upload'])){
$_FILES['mp3']['tmp_name'];

if($_FILES['mp3']['type']!='audio/mpeg'){
die('Invalid file type'.$_FILES['mp3']['type']);
exit;
}

$name = $_FILES['mp3']['name'];

if (!preg_match("/.mp3/is", $name)){
   die('Invalid file type2'.$_FILES['mp3']['type']);
exit;
}

$name = md5($name.time().rand(0,10)).'.mp3';
$name = 'audio/'.$name;

copy($_FILES['mp3']['tmp_name'],$name) or die('Failed to upload MP3 file...');
die('done');
exit;
}
else
{
echo'<form method="post" action="new.php?upload" enctype="multipart/form-data"><input type="file" name="mp3" type="submit" /> <input type="submit" /></form>';
}
?>

as you can see, it’s very very basic
but it’s just a temp thing for now
but can you php experts recommend how to secure it up, and how to improve the code?

thanks =]

foofoonet · September 10, 2006, 9:12pm

thats a recent tutorial, theres loads around, why not compare your code to what others are already doing?

system · September 11, 2006, 6:42am

Good idea
will do
thanks =]