Why we need a JS file extension verification ! user can easily submit from by writing js code in url or using tools like Greasemonkey. Yap ! user can upload server executable script file !!!  but, we need a js extension verification code coz, Let user uploading a large file which takes time then user got the message ‘file format not supported’ !
So, I used a js file extension verifier and a php extension / file type verifier both. have a look.

<script type="text/javascript">
function ex_chk(){
var str=document.getElementById("user_file").value;
compr = str.split(".");
i=compr.length-1;
if((compr[i]!="php")&&(compr[i]!="asp")
&&(compr[i]!="jsp")&&(compr[i]!="js")
&&(compr[i]!="cgi")&&(compr[i]!="swf")
&&(compr[i]!="exe")&&(compr[i]!="html"))
{ document.getElementById("file_upload").submit(); }
else{ alert("File format not supported"); }
}
</script>

<form name="file_upload" id="file_upload" action="upload.php"  method="post" enctype="multipart/form-data" onsubmit="">
Click Browse, select a file, then <br>
click upload<br>

<input type="file"  name="user_file" id="user_file" />
<br />
<input type="button" onclick="ex_chk();" name="btn_upload" value="Upload" />
</form>

php verification code:

function chk_ext(){
$allowedExtensions = array("php","asp","html","jsp","cgi","exe","js","swf");
foreach ($_FILES as $file) {
if ($file['tmp_name'] > '') {
if (in_array(end(explode(".",
strtolower($file['name']))),
$allowedExtensions)) {
$re = "File type not supported";
return 0;
}
}
}
return 1;
}//func end



- Posted by admin