Detecting the MIME type with a php upload script is not working -

Detecting the MIME type with a php upload script is not working -

i trying observe mime type of sound file uploaded via php. allowing .mp3 .mp4 , .wav. reason still says wrong file type if 1 of types. here validation code:

$allowedexts = array("wav", "mp3", "mp4", "mpeg"); $extension = end(explode(".", $_files["file"]["name"])); if ((($_files["file"]["type"] == "audio/wave") || ($_files["file"]["type"] == "audio/mp4")|| ($_files["file"]["type"] == "audio/mpeg"))&& ($_files["file"]["size"] < 20000) && in_array($extension, $allowedexts)) { }

if figures out please submit fixed part of code , not portion of please. appreciate help!

a improve way check mime type allow phps internal functions process file. content of $_files["file"] can partially faked attacker. additionaly, have reliable source, how mime type spelled.

try finfo http://php.net/manual/de/function.finfo-open.php

$allowedmimetypes = array('audio/wave', 'audio/mp4', 'audio/whatevermore'); $allowedexts = array('wav', 'mp3', 'mp4', 'mpeg'); $extension = pathinfo($_files['file']['name'], pathinfo_extension); $finfo = new finfo(fileinfo_mime); $mime = $finfo->file($_files['file']['tmp_name']); if(in_array($mime, $allowedmimetypes) && filesize($_files['file']['tmp_name']) < 200000 && in_array($extension, $allowedexts)) { echo 'yeah'; }

php upload