我正在使用PHP处理.jpg,.gif,.jpeg,.png,.zip和.rar文件的上传到upload/目录。只允许授权用户(使用给定密码)上传文件。我已经为文件夹upload/所有权www-data:www-data提供了适当的访问权限,因此这不是问题所在。
上传效果很好,只要我通过网站直接在服务器上传,该服务器托管整个网站并且其IP与某个域相关联。如果我转到另一台计算机并尝试通过网站将zip文件上传到服务器,我会收到Invalid file消息,并且没有任何内容上传或存储在数据库中。这是我的代码:
$allowedExts = array("jpg", "jpeg", "gif", "png");
$extension = end(explode(".", $_FILES["fajl"]["name"]));
$allowedExts1 = array("zip", "rar");
$extension1 = end(explode(".", $_FILES["fajl"]["name"]));
if ((($_FILES["fajl"]["type"] == "image/gif")
|| ($_FILES["fajl"]["type"] == "image/jpeg")
|| ($_FILES["fajl"]["type"] == "image/png")
|| ($_FILES["fajl"]["type"] == "image/pjpeg"))
&& ($_FILES["fajl"]["size"] < 4000000)
&& in_array($extension, $allowedExts))
{
if ($_FILES["fajl"]["error"] > 0)
{
echo "Return Code: " . $_FILES["fajl"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["fajl"]["name"] . "<br />";
echo "Type: " . $_FILES["fajl"]["type"] . "<br />";
echo "Size: " . ($_FILES["fajl"]["size"] / 1024) . " KB<br />";
echo "Temp file: " . $_FILES["fajl"]["tmp_name"] . "<br />";
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"]))
{
echo $_FILES["fajl"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["fajl"]["tmp_name"], $_SERVER['DOCUMENT_ROOT'] . '/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"]);
echo "Stored in: " . $_SERVER['DOCUMENT_ROOT'] . '/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"];
$pomlokacijasl='/upload/slike/' . $nav . '/' . $_FILES["fajl"]["name"];
$query22 = "INSERT INTO `slike` (navig, slik) VALUES ('$nav', '$pomlokacijasl')";
$query22 = mysql_query($query22) or trigger_error ("Error in query: $query22. ".mysql_error());
mysql_free_result($query22);
}
}
}
else if ((($_FILES["fajl"]["type"] == "application/x-rar-compressed")
|| ($_FILES["fajl"]["type"] == "application/zip"))
&& ($_FILES["fajl"]["size"] < 25000000)
&& in_array($extension1, $allowedExts1))
{
if ($_FILES["fajl"]["error"] > 0)
{
echo "Return Code: " . $_FILES["fajl"]["error"] . "<br />";
}
else
{
echo "Upload: " . $_FILES["fajl"]["name"] . "<br />";
echo "Type: " . $_FILES["fajl"]["type"] . "<br />";
echo "Size: " . ($_FILES["fajl"]["size"] / 1024) . " KB<br />";
echo "Temp file: " . $_FILES["fajl"]["tmp_name"] . "<br />";
if (file_exists($_SERVER['DOCUMENT_ROOT'] . '/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"]))
{
echo $_FILES["fajl"]["name"] . " already exists. ";
}
else
{
move_uploaded_file($_FILES["fajl"]["tmp_name"], $_SERVER['DOCUMENT_ROOT'] . '/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"]);
echo "Stored in: " . $_SERVER['DOCUMENT_ROOT'] . '/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"];
$pomlokacijadat='/upload/datoteke/' . $nav . '/' . $_FILES["fajl"]["name"];
$query22 = "INSERT INTO `datoteke` (navig, dat) VALUES ('$nav', '$pomlokacijadat')";
$query22 = mysql_query($query22) or trigger_error ("Error in query: $query22. ".mysql_error());
mysql_free_result($query22);
}
}
}
else
{
echo "Invalid file";
}
我该如何解决这个问题?将$_SERVER('DOCUMENT_ROOT')附加到$_SERVER('SERVER_NAME')会有效吗?
答案 0 :(得分:1)
您的MIME类型检查会排除zip文件的某些有效类型。它因浏览器而异,但最常见的类型是:
application/zip
application/x-zip
application/octet-stream
application/x-zip-compressed
您应该允许支票中的所有内容。要匹配其余代码,请执行以下操作:
$allowedCompressedTypes = array("application/x-rar-compressed", "application/zip", "application/x-zip", "application/octet-stream", "application/x-zip-compressed");
else if (in_array($_FILES["fajl"]["type"], $allowedCompressedTypes)
&& ($_FILES["fajl"]["size"] < 25000000)
&& in_array($extension1, $allowedExts1)) {