我尝试了很多脚本来验证很多功能来验证用户上传是否是图像。我尝试测试它并且当我用ext tar,xclx,docx,sql加载文件时它工作,但是当我上传带有扩展名的文件时,它会失败.themepack。它似乎也无法验证文件大小。这是我的代码:
if(isset($_POST['submit'])) {
if (is_uploaded_file($_FILES['photo']['tmp_name']) && ($_FILES['photo']['error'] === UPLOAD_ERR_OK)) {
// Get a reference:
$file = $_FILES['photo'];
$tmp_name = sha1($file['name']) . uniqid('',true);
$dest = $uploads_dir . $tmp_name . '_tmp';
// Validate the file size (1MB max):
$size = ROUND($file['size']/1024);
if ($size > 1024) {
$error[] = 'File u r uploading is too big.';
}
$whitelist_ext = array('gif','png' ,'jpg');
$whitelist_type = array('image/jpeg', 'image/png','image/gif');
$filename = $_FILES['photo']['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if(!in_array($ext,$whitelist_ext) ) {
$error[] = 'you are entering wrong extension files.';
}else{
// Validate the file type:
// Create the resource:
if(function_exists('finfo_open')){ //(PHP >= 5.3.0, PECL fileinfo >= 0.1.0)
$fileinfo = finfo_open(FILEINFO_MIME_TYPE);
if (!in_array(finfo_file($fileinfo, $file['tmp_name']), $whitelist_type)) {
$error[] = "Uploaded file is not a valid image";
}
}else if(function_exists('mime_content_type')){ //supported (PHP 4 >= 4.3.0, PHP 5)
if (!in_array(mime_content_type($file['tmp_name']), $whitelist_type)) {
$error[] = "Uploaded file is not a valid image";
}
}else{
if (!@getimagesize($file['tmp_name'])) { //@ - for hide warning when image not valid
$error[] = "Uploaded file is not a valid image";
}
}
if ( function_exists( 'exif_imagetype' ) ) {
if (exif_imagetype($file['tmp_name']) != (IMAGETYPE_JPEG || IMAGETYPE_GIF || IMAGETYPE_PNG)) {
$error[] = "Uploaded file is not a valid image";
} else{
if ( ( list($width, $height, $type, $attr) = getimagesize( $filename ) ) !== false ) {
return $type;
}
$error[] = "Uploaded file is not a valid image";
}
}
}
finfo_close($fileinfo);
}
//if no errors have been created carry on
if (!isset($error)) {
//hash the password
$hashedpassword = $user->password_hash($_POST['pass1'], PASSWORD_BCRYPT);
//create the activasion code
$activasion = md5(uniqid(rand(), true));
try {
//insert into database with a prepared statement
$stmt = $pdo->prepare('INSERT INTO users (nama_lengkap,username,pass,usertype, email,active,real_pic_name, tmp_pic_name, dateAdded) VALUES (:nama_lengkap, :username,:pass, :usertype, :email, :active, :real_pic_name, :tmp_pic_name,now())');
$stmt->execute(array(
':nama_lengkap' => $_POST['nama_lengkap'],
':username' => $_POST['username'],
':pass' => $hashedpassword,
':usertype' => $_POST['usertype'],
':email' => $_POST['email'],
':active' => $activasion,
':real_pic_name' => $photo_name,
':tmp_pic_name' => $photo_tmp
));
$id = $pdo->lastInsertId('id');
//move_uploaded_file($photo_tmp, $uploads_dir . $photo_name);
if (!(move_uploaded_file($_FILES["photo"]["tmp_name"], $target_file))) {
$error[] = "Sorry, there was an error uploading your file.";
}else{
redirect('add-user.php?action=joined');
unset( $_SESSION['token'] );
}
} catch (PDOException $e) {
$error[] = $e->getMessage();
}
}
}
当我使用.themepack上传文件时,它可以到达此代码:
$error[] = "Sorry, there was an error uploading your file.";
是因为这是检查是否有错误的错误方法吗?
if (!isset($error)) {