I am new here, nice to meet you.
I'm trying create a clean copy of a picture uploaded by a user after security checks, and to save this copy in a designated folder and in my DB. I'm working with XAMPP on Windows 10 and I granted the right permissions for the said folder. My code is below:
/*bit of code for picture addition, in a function for album publication*/
if($_FILES['albumCover']['error'] === 0) {
$covType;
$createCover;
$covName = guidv4();
$imgRegex = '/^[a-z\d][^.]*\.(jpe?g$)|\.(png$)/i';
$covInfo = finfo_open(FILEINFO_MIME_TYPE);
$covMime = finfo_file($covInfo, $_FILES['albumCover']['tmp_name']);
finfo_close($covInfo);
if(!preg_match($imgRegex, $_FILES['albumCover']['name']) ||
str_contains($_FILES['albumCover']['name'], ' ') ||
in_array($_FILES['albumCover']['type'], ['image/jpeg','image/png'])||
strpos($covMime, 'image/') !== 0)
{
$addMessages['errors'][] = 'Caractère autorisé pour le nom d\'image : lettres sans
accent / sans trémas / sans cédille, chiffres, tirets et underscores. Fichiers
autorisés : images .jpg, .jpeg ou .png.';
}
if(empty($addMessages['errors'])) {
if(preg_match($imgRegex, $_FILES['albumCover']['name'])
&& $_FILES['albumCover']['type'] == 'image/jpeg'
&& strpos($covMime, 'image/') !== 0)
{
$covType = 'jpeg';
$createCover = imagecreatefromjpeg($_FILES['albumCover']['tmp_name']);
imagejpeg($createCover,
self::COV_SECURE_PATH.$covName.'.'.pathinfo($_FILES['albumCover']['name'],
PATHINFO_EXTENSION)
);
move_uploaded_file($_FILES['albumCover']['tmp_name'],
self::COV_SECURE_PATH.'/'.$_FILES['albumCover']['name']);
} elseif(preg_match($imgRegex, $_FILES['albumCover']['name'])
&& $_FILES['albumCover']['type'] == 'image/png'
&& strpos($covMime, 'image/') !== 0)
{
$covType = 'png';
$createCover = imagecreatefrompng($_FILES['albumCover']['tmp_name']);
imagepng($createCover,
self::COV_SECURE_PATH.$covName.'.'.pathinfo($_FILES['albumCover']['name'],
PATHINFO_EXTENSION));
move_uploaded_file($_FILES['albumCover']['tmp_name'],
self::COV_SECURE_PATH.'/'.$_FILES['albumCover']['name']);
}
}
}
A few more details: the bit of code above is part of a class method. The constant COV_SECURE_PATH is declared in the class, before the method. And the guidv4() function for the picture name is in the same file, before the declaration of the class.
I have no PHP error messages, my prints display the right name and extension of each file and I declared the attribute enctype="multipart/form-data" in my HTML form. The pictures are saved in my DB (I will add the code regarding the DB if needed), but they won't be saved in my folder and I don't know what I'm missing. So far I haven't found an answer when searching in any site, any help will be very appreciated.
Well, I have finally fixed everything. My error was: if(preg_match($imgRegex, $_FILES['albumCover']['name']) && $_FILES['albumCover']['type'] == 'image/jpeg' && strpos($covMime, 'image/') !== 0) {
instead of if(preg_match($imgRegex, $_FILES['albumCover']['name']) && $_FILES['albumCover']['type'] == 'image/jpeg' && strpos($covMime, 'image/') === 0) {
And I also realised that I hadn't activated GD in my php.ini, now it's done. Thanks to everyone who answered me!