Upload mp4 not working help please all other files work except mp4 help

PHP
1

Hi i have the script to upload files i set the type fo file and extension allowed all the files type and extension i can upload except mp4 is ther anything extra i need to do isnt file type (video/mp4) extension (mp4) but still not working.


<?php
mysql_connect("localhost", "root", "") or die(mysql_error()) ;
mysql_select_db("database_name") or die(mysql_error()) ;

// my file the name of the input area on the form type is the extension of the file
//echo $_FILES["myfile"]["type"];

//myfile is the name of the input area on the form
$name = $_FILES["image"]["name"]; // name of the file
$type = $_FILES["image"]["type"]; //type of the file
$size = $_FILES["image"]["size"]; //the size of the file
$temp = $_FILES["image"]["tmp_name"];//temporary file location when click upload it temporary stores on the computer and gives it a temporary name

$error =array(); // this an empty array where you can then call on all of the error messages
$allowed_exts = array('jpg', 'jpeg', 'png', 'gif','avi','mp4'); // array with the following extension name values
$image_type = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif', 'video/mp4'); // array with the following image type values
$location = 'images/'; //location of the file or directory where the file will be stored
$appendic_name = "news".$name;//this append the word [news] before the name so the image would be news[nameofimage].gif

// substr counts the number of carachters and then you the specify how how many you letters you want to cut off from the beginning of the word example drivers.jpg it would cut off dri, and would display vers.jpg
//echo $extension = substr($name, 3);

//using both substr and strpos, strpos it will delete anything before the dot in this case it finds the dot on the $name file deletes and + 1 says read after the last letter you delete because you want to display the letters after the dot. if remove the +1 it will display .gif which what we want is just gif
$extension = strtolower(substr($name, strpos ($name, '.') +1));//strlower turn the extension non capital in case extension is capital example JPG will strtolower will make jpg
// another way of doing is with explode
// $image_ext strtolower(end(explode('.',$name))); will explode from where you want in this case from the dot adn end will display from the end after the explode

$title = $_POST["title"];
$subtitle = $_POST["subtitle"];

     if (isset($image)) // if you choose a file name do the if bellow
       {

       // if extension is not equal to any of the variables in the array $allowed_exts error appears
        if(in_array($extension, $allowed_exts) === false )
       {
         $error[] = 'Extension not allowed! gif, jpg, jpeg, png only<br />'; // if no errror read next if line
       }
        // if file type is not equal to any of the variables in array $image_type error appears
        if(in_array($type, $image_type) === false)
       {
          $error[] = 'Type of file not allowed! only images allowed<br />';
       }


       // check if  folder exist in the server
        if(!file_exists ($location))
       {
          $error[] = 'No directory ' . $location. ' on the server Please create a folder ' .$location;
       }

     }
     // if no error found do the move upload function
       if (empty($error)){
           if (move_uploaded_file($temp, $location .$appendic_name))
           {			
			    if (move_uploaded_file($temp1, $location .$name1))
           {
             // insert data into database first are the field name teh values are the variables you want to insert into those fields appendic is the new name of the image
mysql_query("INSERT INTO tablename (title, subtitle, image)
 VALUES ('$title', '$subtitle', '$appendic_name')") ;
 echo $type;
  echo "<br />";
 echo $type1;


           }
         }
       else
          {
        foreach ($error as $error)
           {
               echo $error;
           }
        }

	   }

//echo $type;
?>
2

It is because you are using “$_FILES[“image”][“type”]” which is a supplied by the user agent (browser), this is a security issue as well as unreliable.

3

thought thats how you upload files i really dont know any other way could you please show me how is it suppost to be or point me in a direction wher i can find out?

4

Ok i 've just tried to upload a smaller mp4 file and it works, but why the larger mp4 file doesnt upload and how can i fix that issue?

5

still no luck been researching and found this related to upload large file with php tried but didnt work

1) Create a .htaccess file in the root folder of web server.
2) Put the following code in side the .htaccess file and save it.
php_value upload_max_filesize 20M
php_value post_max_size 20M
php_value max_execution_time 200
php_value max_input_time 200
6

The way you are testing for a file extension is insecure e.g

mymaliciousfile.jpg.php

would bypass your strpos test

7

you mean this line in my code?

$extension = strtolower(substr($name, strpos ($name, '.') +1));

but then wouldnt my extension line decile your file or even the file type

$allowed_exts = array('jpg', 'jpeg', 'png', 'gif','avi','mp4'); // array with the following extension name values
$image_type = array('image/jpg', 'image/jpeg', 'image/png', 'image/gif', 'video/mp4'); // array with the following image type values
8

On closer examination your file extension check would be ok, but as logic_earth has pointed out, the file type check is unsafe because it can be faked - a malicious attacker could send a crafted header with an allowed file type but still be an unsafe file.

9

I see.

what would you suggest to make it safer?

10

Using mime_content_type, getimagesize or fileinfo are safer as they examine the file data rather than relying on a header that is easily faked.

11

If you have the capability to use system commands you can also use the linux file command and ffmpeg to get more file information