-2

我正在使用以下代码在我的网络服务器上存储图像:

function SavePic()
{
    $allowedExts = array("jpeg", "jpg");
    $temp = explode(".", $_FILES["UserPic"]["name"]);
    $extension = end($temp);

    if ((($_FILES["UserPic"]["type"] == "image/jpeg")
    || ($_FILES["UserPic"]["type"] == "image/jpg"))
    //&& ($_FILES["UserPic"]["size"] < 2097152)
    && in_array($extension, $allowedExts))
    {
        if ($_FILES["UserPic"]["error"] > 0)
        {
            echo json_encode("Error: ".$_FILES["UserPic"]["error"]);
        }
        else
        {    
            $folder = "/home5/username/public_html/Project/Users/Images/";                
            echo move_uploaded_file($_FILES["UserPic"]["tmp_name"],$folder.$_REQUEST["email"].".".$extension);
        }
    }
    else
    {
        echo json_encode("Invalid file");
    }
}

并使用以下代码检索图像:

function RetrievePic()
{
    $handle = fopen('php://input','r');
    $jsonInput = fgets($handle);
    // Decoding JSON into an Array
    $retrieveParameters = json_decode($jsonInput,true);        

    $UserPic = array("UserPic" => "http://www.mysite.com/Project/Users/Images/".$retrieveParameters['email']."."."jpg");
    echo json_encode($UserPic);
}

例如,如果我的电子邮件是 abc@xyz.com,则图像将存储为“abc@xyz.com.jpg”。问题是,当我尝试覆盖图像以用新图像替换旧图像时,服务器每次都返回旧图像。

更新: 当我将网址放在浏览器中时,例如http://www.mysite.com/Project/Users/Images/abc@xyz.com.jpg 显示最新图像,之后我开始接收最新图像。

4

2 回答 2

0
  • 我不建议您处理带有扩展名的文件。它可以很容易地伪装。也不靠谱
    $_FILES['UserPic']['type']
  • 在 PHP 版本5.4.1下, $_FILES存在严重的安全漏洞。
    • 目录遍历攻击
    • $_FILES崩溃攻击

你应该这样做:

<?php

// Configure
$upload_key     = 'UserPic';
$max_filesize   = 2097152; // Bytes
$save_directory = '/home5/username/public_html/Project/Users/Images';

if (version_compare(PHP_VERSION, '5.4.1') < 0) {
    die('This PHP Version has serious security hole concerning $_FILES.');
}

if (isset($_FILES[$upload_key])) {

    try {

        $error = $_FILES[$upload_key]['error'];

        if (is_array($error)) {
            throw new Exception('This script can\'t accept multiple files');
        }

        switch ($error) {
            case UPLOAD_ERR_INI_SIZE:
                throw new Exception('Exceeded upload_max_filesize');
            case UPLOAD_ERR_FORM_SIZE:
                throw new Exception('Exceeded MAX_FILE_SIZE');
            case UPLOAD_ERR_PARTIAL:
                throw new Exception('Incomplete file uploaded');
            case UPLOAD_ERR_NO_FILE:
                throw new Exception('No file uploaded');
            case UPLOAD_ERR_NO_TMP_DIR:
                throw new Exception('No tmp directory');
            case UPLOAD_ERR_CANT_WRITE:
                throw new Exception('Couldn\'t write data');
            case UPLOAD_ERR_EXTENSION:
                throw new Exception('Extension error');
        }

        $name     = $_FILES[$upload_key]['name'];
        $tmp_name = $_FILES[$upload_key]['tmp_name'];
        $size     = $_FILES[$upload_key]['size'];

        if ($name === '') {
            throw new Exception('Invalid filename');
        }

        if ($size > $max_filesize) {
            throw new Exception(sprintf('Exceeded %d bytes limit', $max_filesize));
        }

        if (!is_uploaded_file($tmp_name)) {
            throw new Exception('Not an uploaded file');
        }

        $finfo = new finfo(FILEINFO_MIME);
        $type = $finfo->file($tmp_name);

        if ($type === false) {
            throw new Exception('Failed to get MimeType');
        }

        if (substr($type, 'image/jpeg') !== 0) {
            throw new Exception('Only JPEG images available');
        }

        if (!isset($_REQUEST['email']) || !is_string($email = $_REQUEST['email']) || $email === '') {
            throw new Exception('E-mail address required');
        }

        if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
            throw new Exception('Invalid E-mail address');
        }

        $new_name = $save_directory.'/'.$email.'.jpg';

        if (is_file($new_name)) {
            throw new Exception('The file already exists');
        }

        if (!@move_uploaded_file($tmp_name, $new_name)) {
            throw new Exception('Failed to move uploaded file');
        }

        $msg = "File successfully uploaded as {$new_name}";

    } catch (Exception $e) {

        $msg = 'Error: '.$e->getMessage();

    }

} else {

    $msg = 'No file sent';

}

echo json_encode($msg);
于 2013-07-13T09:47:31.393 回答
0

这看起来像一个缓存问题。您是否确认新图片已正确保存在服务器上?

如果图片保存正确,那么您应该在 RetrievePic 例程中添加一些标题以防止它被缓存。另请参阅:禁用某些图像的缓存

于 2013-07-13T09:33:48.053 回答