I have a HTML Form which deals with uploading files.
I use the PHP variables $_FILES (name, type, error, size, tmp_name) to store the values in my database and also validate the uploaded file.
I do most validations fine by checking mime types and what not. However when it comes to checking the size of the document, after research I have heard that the user can easily modify the content of $_FILES["size"] and make a fake value inside there.
This is a problem for my website as i am planning on restricting certain users to 20MB upload and higher ranked members to uploading a max of 100mb, and so on...So of course it is problematic if a regular user tricks the code to saying the size is lower then 20mb, whereas the file could actually be over 20MB.
So the question is, how do i tackle this sittuation and check the file size properly?
Note, i cannot use getimagesize() since the files being uploaded are not images.
