我想用 php 制作图片上传系统,我希望用户能够只上传 png、jpg 文件,而不是病毒或其他文件。我怎样才能做到这一点?
问问题
328 次
3 回答
1
步骤 1:检查扩展名(扩展名文件以结尾)
第 2 步:检查 MIME 类型 ($file_info = getimagesize($_FILES['image_file']; $file_mime = $file_info['mime'];)
只允许您要上传的那些图像扩展名,为此您可以制作白名单
尝试类似的东西
$whitelist = array(".jpeg",".jpg",".png");
foreach ($whitelist as $item)
{
if(preg_match("/$item\$/i", $_FILES['uploadfile']['name']))
{
$uploaddir='uploads/uploads_image/';
$uploadfilename=mysql_prep(basename($_FILES['uploadfile']['name']));
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv= mcrypt_create_iv($iv_size,MCRYPT_DEV_RANDOM);
$newname= mcrypt_encrypt(MCRYPT_RIJNDAEL_256, "this is the key",$uploadfilename.time(), MCRYPT_MODE_ECB, $iv);
$newfilename= (bin2hex($newname));
$uploadfile=$uploaddir.$newfilename.".png";
$access=true;
}
}
如果用户尝试通过制作黑名单来上传杂项文件,您也可以阻止用户的 ip
foreach ($blacklist as $item)
{
if(preg_match("/$item\$/i", $_FILES['uploadfile']['name']))
{
$network = ip2long("10.12.0.0");
$mask = ip2long("255.255.0.0");
$ip = ip2long($_SERVER{'REMOTE_HOST'});
if (($network & $mask) == ($ip & $mask)) {
die("Unauthorized");
}
}
}
于 2012-10-27T07:54:04.423 回答
1
($_FILES["file"]["type"] == "image/png")
有关此的更多信息,请单击此处
于 2012-10-27T07:55:11.200 回答
0
1st check:-
//check if contain php and kill it
$pos = strpos($filename,'php');
if(!($pos === false)) {
die('error');
}
2nd check:-
//get the file ext
$file_ext = strrchr($filename, '.');
$image_list = array(".jpg",".jpeg",".gif",".png");
if (!(in_array($file_ext, $image_list))) {
die('not allowed extension,please upload images only');
}
3rd check:-
$fileType = $_FILES["uploaded_file"]["type==image/jpeg || image/gif || image/png"];
4th check:-
preg_match("/.(gif|jpg|png)$/i", $fileName);
hope these checks solve your problem....
于 2012-10-27T09:59:48.530 回答