1

好的,所以我找到了一个上传脚本,并添加了适合我的会话的调整。如果会话未登录,它会回显图像,但如果会话已登录,则显示文件上传器。问题是,有人可以将有害的 PHP 脚本上传到这里,我只希望它用于图像。有什么建议可以只制作我的代码图像吗?我尝试添加过滤器,但这不起作用。这是我的代码:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Upload your own picture of Bouncy!</title>
</head>
<style type='text/css'>
body {
background-image:url('../membership/sitebg.png');
background-repeat:repeat-x;
background-color:#ffffff;
}

a {
color: #093D03;
text-shadow:0px 0px 5px #ffffff;
}

a:visited {
color: #093D03;
}

a:active {
color: #093D03;
}

a:hover {
color: #1AFF00;
}
</style>
<?php
session_start();

if ($_SESSION['loggedin'] == true) 
{
echo "<br />";
echo "<br />";
echo "<center><font face='arial'>Welcome to the funny picture uploader,<b> ".$_SESSION['username'];
echo "</b><br /><a href='http://x.org/membership/logout.php'>Logout</a> | <a href='#'>More</a> | <a href='http://x.org'>Home</a>";
echo "<br />";
echo "<br />";
                    $max_no_img=1; // Maximum number of images value to be set here
                    echo "<form method=post action='' enctype='multipart/form-data'>";
                    echo "<table border='0' width='400' cellspacing='0' cellpadding='0' align=center>";
                    for($i=1; $i<=$max_no_img; $i++)                             {
                    echo "<tr><td>Images $i</td><td>
                    <input type=file name='images[]' class='bginput'></td></tr>";
                                                                                 }
                          echo "<tr><td colspan=2 align=center><input type=submit value='Add Image'></td></tr>";
                          echo "</form> </table>";
      while(list($key,$value) = each($_FILES['images']['name']))
                                                                                                      {
          //echo $key;  
          //echo "<br>";
          //echo $value;
          //echo "<br>";
      if(!empty($value)){   // this will check if any blank field is entered
      $filename =rand(100000000000000,10000000000000000000).$value;    // filename stores the value

      $filename=str_replace(" ","-",$filename);// Add _ inplace of blank space in file name, you can remove this line

      $add = "pictures/$filename";   // upload directory path is set
      //echo $_FILES['images']['type'][$key];     // uncomment this line if you want to display the file type
      //echo "<br>";                             // Display a line break
      copy($_FILES['images']['tmp_name'][$key], $add); 
      echo "<center><b>Your picture will be stored at:</b></center> ";
      echo "<center><a href='http://bouncygames.org/$add'>Click here to view your image!</a></center>";
          //  upload the file to the server
      chmod("$add",0777);                 // set permission to the file.
        }                                                                                               }
} else {
echo "<br /><center><img src='sorry.png'><br />
<a href='x'><img src='button-to-join.png'></a>
</center>";
}
?>

我的问题: 我怎样才能让这个只上传图片?

4

2 回答 2

0

为了<input type="file" name="file" id="file" />

我得到文件类型$type = $_FILES["file"]["type"]

您也可以这样做,然后通过简单的if($type == "jpeg" || $type == "png")方式决定是否接受该文件。

于 2012-08-18T17:37:55.303 回答
0

在这里你可以看到我对类似问题的解决方案:首先我使用一个隐藏的表单字段,因为它被发送到同一个页面,也就是 web 表单所在的页面。

<ul id="pictures">
<li><input type="file" name="files[]"><input type="hidden" name="send"></li>
<?php 
if (isset($_POST['send']))
{
    if(count($_FILES['files']['name']))
    {
        foreach ($_FILES['files']['name']as $datei)
        {
    $upload_folder = 'images/'; //Das Upload-Verzeichnis
    $filename = pathinfo($_FILES['datei']['name'], PATHINFO_FILENAME);
    $extension = strtolower(pathinfo($_FILES['datei']['name'], PATHINFO_EXTENSION));


    //Checking the file extension.
    $allowed_extensions = array('png', 'jpg', 'jpeg', 'gif');
    if(!in_array($extension, $allowed_extensions)) {
        die("<li>Ungültige Dateiendung. Nur png, jpg, jpeg und gif-Dateien sind erlaubt</li>");
    }

    //Checking the file size
    $max_size = 500*1024; //500 KB
    if($_FILES['datei']['size'] > $max_size) {
        die("<li>Bitte keine Dateien größer 500kb hochladen</li>");
    }

    //Checking the EXIF-data
    if(function_exists('exif_imagetype')) { //exif_imagetype erfordert die exif-Erweiterung
        $allowed_types = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
        $detected_type = exif_imagetype($_FILES['datei']['tmp_name']);
        if(!in_array($detected_type, $allowed_types)) {
            die("<li>Nur der Upload von Bilddateien ist gestattet</li>");
        }}}
    }

    //Path for uploading
    $new_path = $upload_folder.$filename.'.'.$extension;

    //New filename, file already exists.
    if(file_exists($new_path)) { 
        $id = 1;
        do {
            $new_path = $upload_folder.$filename.'_'.$id.'.'.$extension;
            $id++;
        } while(file_exists($new_path));
    }

    //Alright, move the file to its destination.
    move_uploaded_file($_FILES['datei']['tmp_name'], $new_path);
    echo '<li>Bild erfolgreich hochgeladen: <a href="'.$new_path.'">'.$new_path.'</a></li>';

}

?>

这个脚本我找到了一个网络搜索。

于 2017-09-17T19:30:09.280 回答