我有一个switch语句,它确定上传的图像的文件类型,以便在我的应用程序中用作化身,但是它似乎有点错误,只要它允许成功注册,无论是否存在允许的文件类型或不,并且没有返回错误消息。提交的文件类型不被允许。
$submit = $_POST['submit'];
if ($submit == 'Sign up!') {
require_once("db_connect.php");
$submit = clean_string($_POST['submit']);
$first_name = clean_string($_POST['first-name']);
$last_name = clean_string($_POST['last-name']);
$email = clean_string($_POST['email']);
$password = clean_string($_POST['password']);
$confirm_password = clean_string($_POST['confirm-password']);
//Output variables
$register_bad_message = '';
$register_good_message = '';
require_once($_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php');
$privatekey = "6Ldbd8ASAAAAAFz8VT29H5w4WLNjsbI-mFY2QkaC";
$resp = recaptcha_check_answer ($privatekey,
$_SERVER["REMOTE_ADDR"],
$_POST["recaptcha_challenge_field"],
$_POST["recaptcha_response_field"]);
if (!$resp->is_valid) {
$errMessage = $resp->error;
$register_bad_message = '<div class="alert alert-error">The reCAPTCHA you entered wasn\'t correct. Please try again.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
} else {
if ($first_name&&$last_name&&$email&&$password&&$confirm_password) {
if ($password == $confirm_password) {
if (strlen($password) > 25 || strlen($password) < 6) {
$register_bad_message = '<div class="alert alert-error">Please enter a password between 6 and 25 characters.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
} else {
if($db_server) {
$first_name = clean_string($first_name);
$last_name = clean_string($last_name);
$email = clean_string($email);
$password = clean_string($password);
mysql_select_db($db_database);
$taken = mysql_query("SELECT email FROM users WHERE email='$email'");
$count = mysql_num_rows($taken);
if ($count > 0) {
$register_bad_message = '<div class="alert alert-error">The email you have entered is already associated with a Screening account. Please choose another.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
} else {
if ($_FILES) {
//Put file properties into variables
$file_name = $_FILES['profile-image']['name'];
$file_size = $_FILES['profile-image']['size'];
$file_tmp_name = $_FILES['profile-image']['tmp_name'];
//Determine filetype
switch ($_FILES['profile-image']['type']) {
case 'image/jpeg': $ext = "jpg"; break;
case 'image/png': $ext = "png"; break;
default: $ext = ''; break;
}
if ($ext) {
//Check filesize
if ($file_size < 5242880) {
//Process file - resize, clean up filename and move to safe location
$image = new SimpleImage();
$image->load($file_tmp_name);
$image->resizeToWidth(250);
$image->save($file_tmp_name);
$n = "$file_name";
$n = ereg_replace("[^A-Za-z0-9.]", "", $n);
$n = strtolower($n);
$n = "avatars/$n";
move_uploaded_file($file_tmp_name, $n);
} else {
$register_bad_message = '<div class="alert alert-error">Please ensure your chosen file is less than 5MB.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
} else if (!empty($ext)) {
$register_bad_message = '<div class="alert alert-error">Please ensure your image is of filetype .jpg or.png.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
}
$password = md5($password);
$query = "INSERT INTO users (first_name, last_name, email, password, image) VALUES ('$first_name', '$last_name', '$email', '$password', '$n')";
mysql_query($query) or die("Insert failed. " . mysql_error() . "<br />" . $query);
$register_good_message = '<div class="alert alert-success">Registration successful!</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
} else {
$register_bad_message = '<div class="alert alert-error">Error: could not connect to the database.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
require_once("db_close.php");
}
} else {
$register_bad_message = '<div class="alert alert-error">Passwords failed to match. Please try again.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
} else {
$register_bad_message = '<div class="alert alert-error">Please fill in all fields before continuing.</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
}
}
}
例如,上传.GIF文件不会导致错误和“注册成功”消息,但是在登录配置文件时,不会显示上传的个人资料照片。我认为代码拒绝文件类型而不是将其存储在数据库中,但仍在处理注册,而不是取消它,这应该是它应该做的。
答案 0 :(得分:1)
您必须将$ext
设置为false
而不是'',因为if语句不是false。
default: $ext = false; break;
或者您检查$ext
是否不是空字符串:
if ($ext != '') {
要在上传无效文件类型时阻止注册,您必须输入
$password = md5($password);
$query = "INSERT INTO users (first_name, last_name, email, password, image) VALUES ('$first_name', '$last_name', '$email', '$password', '$n')";
mysql_query($query) or die("Insert failed. " . mysql_error() . "<br />" . $query);
$register_good_message = '<div class="alert alert-success">Registration successful!</div>';?>
<script>
$('a.account-register').trigger('click');
</script><?php
if($ext != '') { /*Put code at the end of if*/}
或if($ext) { /*Put code at the end of if*/ }
内部。否则,如果存在有效的文件类型则无关紧要。
答案 1 :(得分:0)
有时,$ _FILES ['profile-image'] ['type']的内容未设置。例如,如果您从cURL或套接字提交文件。 我会尝试从$ _FILES ['profile-image'] ['tmp_name']
为我自己加载mime类型编辑:
我也注意到了这种结构:
if ($_FILES) { .... }
最好使用
if (isset($_FILES[key])){ .... }