我想用php制作图片上传系统,我希望用户只需上传即可 png,jpg文件,而不是病毒或其他文件。我怎么能这样做?
答案 0 :(得分:1)
步骤1:检查扩展名(扩展名文件以...结尾)
第2步:检查MIME类型($ file_info = getimagesize($ _ FILES ['image_file']; $ file_mime = $ file_info ['mime'];)
仅允许您要上传的图片扩展名,因为您可以制作白名单
尝试类似
的内容$whitelist = array(".jpeg",".jpg",".png");
foreach ($whitelist as $item)
{
if(preg_match("/$item\$/i", $_FILES['uploadfile']['name']))
{
$uploaddir='uploads/uploads_image/';
$uploadfilename=mysql_prep(basename($_FILES['uploadfile']['name']));
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB);
$iv= mcrypt_create_iv($iv_size,MCRYPT_DEV_RANDOM);
$newname= mcrypt_encrypt(MCRYPT_RIJNDAEL_256, "this is the key",$uploadfilename.time(), MCRYPT_MODE_ECB, $iv);
$newfilename= (bin2hex($newname));
$uploadfile=$uploaddir.$newfilename.".png";
$access=true;
}
}
如果用户尝试通过制作黑名单来上传杂项文件,您也可以阻止用户的IP
foreach ($blacklist as $item)
{
if(preg_match("/$item\$/i", $_FILES['uploadfile']['name']))
{
$network = ip2long("10.12.0.0");
$mask = ip2long("255.255.0.0");
$ip = ip2long($_SERVER{'REMOTE_HOST'});
if (($network & $mask) == ($ip & $mask)) {
die("Unauthorized");
}
}
}
答案 1 :(得分:1)
($_FILES["file"]["type"] == "image/png")
有关此click here
的详细信息答案 2 :(得分:0)
1st check:-
//check if contain php and kill it
$pos = strpos($filename,'php');
if(!($pos === false)) {
die('error');
}
2nd check:-
//get the file ext
$file_ext = strrchr($filename, '.');
$image_list = array(".jpg",".jpeg",".gif",".png");
if (!(in_array($file_ext, $image_list))) {
die('not allowed extension,please upload images only');
}
3rd check:-
$fileType = $_FILES["uploaded_file"]["type==image/jpeg || image/gif || image/png"];
4th check:-
preg_match("/.(gif|jpg|png)$/i", $fileName);
hope these checks solve your problem....