renato at rmc dot inf dot br (2012-07-16 19:03:28)

Easy way to get a MIME TYPE from a uploaded file.

<?php
$finfo = new finfo(FILEINFO_MIME);
$type = $finfo->file($_FILE['tmp_name']);
$mime = substr($type, 0, strpos($type, ';'));
?>

contato at vfreitas dot com (2012-03-01 18:31:50)

Well, i have a great probleam with that, MS Office 2007 extensions (pptx, xlsx, docx) do not have a default Mime type, they have "application/zip" mime type, so, to fix that, i do one little function to verify the extension.
That function allow's you to be safe of fake extensions hack.

<?php

$arrayZips = array("application/zip", "application/x-zip", "application/x-zip-compressed");

$arrayExtensions = array(".pptx", ".docx", ".dotx", ".xlsx");

$file = 'path/to/file.xlsx';

$original_extension = (false === $pos = strrpos($file, '.')) ? '' : substr($file, $pos);

$finfo = new finfo(FILEINFO_MIME);

$type = $finfo->file($file);

if (in_array($type, $arrayZips) && in_array($original_extension, $arrayExtensions))
{
   return $original_extension;
}

?>

Zane MegaLab.it (2011-06-13 08:38:57)

I was getting application/octet-stream or "<= not supported" for all the files.
I found out that in PHP 5.3 the magic file is built-in into PHP and that is what should be used. The magic file found on the system may not always be what libmagic expects, hence the error.

info at tech dash bits dot net (2011-02-13 01:34:45)

While figuring out my problem using this new function, i had a brainwave in using the full path of the file instead of the relative path. For example:

<?php
$folder = "somefolder/";
$fileName "aFile.pdf";

$finfo = finfo_open(FILEINFO_MIME_TYPE);
finfo_file($finfo, $folder.$fileName);
?>

This will result in an error where it can't find the file specified.

This however fixxes that problem:

<?php
$folder = "somefolder/";
$fileName "aFile.pdf";

$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime = finfo_file($finfo, dirname(__FILE__)."/".$folder.$fileName);
?>

scott at thebrain dot ca (2009-01-06 21:29:01)

I thought to use fileinfo to check if a file was gzip or bzip2. However, the mime type of a compressed file is "data" because compression is an encoding rather than a type.

gzip files begin with binary 1f8b.
bzip2 files begin with magic bytes 'B'  'Z'  'h'.
e.g.

<?php
$s = file_get_contents("somefilepath");
if ( bin2hex(substr($s,0,2)) == '1f8b' ) {/* could be a gzip file */}
if( substr($s,0,3) == 'BZh' ){/* could be a bzip2 file */}
?>

I am not an encoding expert. My only testing was using a few of my own encoded files.

darko at uvcms dot com (2008-08-01 08:28:15)

OO (bit improved) version of the same thing

<?php
$file = '<somefile>';
$ftype = 'application/octet-stream';
$finfo = @new finfo(FILEINFO_MIME);
$fres = @$finfo->file($file);
if (is_string($fres) && !empty($fres)) {
   $ftype = $fres;
}
?>

darko at uvcms dot com (2008-04-24 09:53:46)

Another interresting feature of finfo_file on Windows.
This function can return empty string instead of FALSE for some file types (ppt for example). Therefore to be sure do a triple check of output result and provide default type just in case. Here is a sample code:
$ftype = 'application/octet-stream';
$finfo = @finfo_open(FILEINFO_MIME);
if ($finfo !== FALSE) {
$fres = @finfo_file($finfo, $file);
if ( ($fres !== FALSE)
&& is_string($fres)
&& (strlen($fres)>0)) {
$ftype = $fres;
}
@finfo_close($finfo);
}

WebShowPro (2007-09-25 14:01:49)

Just an improvement on the sample Ryan Day posted - slightly off topic since this method does not use finfo_file but in some cases this method might be preferable.

The main change is the -format %m parameters given to the identify call.  I would suggest using the full system path to identify i.e. /usr/bin/identify to be a little safer (the location may change from server to server though).

<?php

function is_jpg($fullpathtoimage){
    if(file_exists($fullpathtoimage)){
        exec("/usr/bin/identify -format %m $fullpathtoimage",$out);
        //using system() echos STDOUT automatically
        if(!empty($out)){
            //identify returns an empty result to php
            //if the file is not an image
            
            if($out == 'JPEG'){
                return true;
            }
        }
    }
    return false;
}

?>

Ryan Day (2007-08-31 02:34:00)

to check images on unix based systems its much better to use the identify command provided by image magic as it provides accurate results about all files

<?php
function is_jpg($fullpathtoimage){
    if(file_exists($fullpathtoimage)){
        exec("identify $fullpathtoimage",$out);
        //using system() echos STDOUT automatically
        if(!empty($out)){
            //identify returns an empty result to php 
            //if the file is not an image
            $info = $out[0];
            $info = explode(' ',$out[0]);
            //^IF THE FILENAME CONTAINS SPACES 
            //^THIS WILL NOT WORK...be creative
            $type = $info[1];
            if($type == 'JPEG'){
                return true;
            }
        }
    }
    return false;
}
?>

identify can process all types of images that are web friendly
sample output:
./image/someimage.jpg JPEG 150x112 150x112+0+0 DirectClass 8-bit 4.54688kb
if you dont want to control the image name or want to support spaces use: escapeshellarg()
http://us2.php.net/manual/en/function.escapeshellarg.php

function links:
exec() -- http://us2.php.net/manual/en/function.exec.php
explode() -- http://us2.php.net/manual/en/function.explode.php

Schraalhans Keukenmeester (2007-05-21 15:20:48)

Tempting as it may seem to use finfo_file() to validate uploaded image files (Check whether a supposed imagefile really contains an image), the results cannot be trusted. It's not that hard to wrap harmful executable code in a file identified as a GIF for instance.
A better & safer option is to check the result of:
if (!$img = @imagecreatefromgif($uploadedfilename)) {
trigger_error('Not a GIF image!',E_USER_WARNING);
// do necessary stuff
}