个人资料图片上传 - 安全性和效率

时间:2013-07-04 16:08:49

标签: php image security upload profile

我正在尝试允许用户在我的网站上传个人资料照片。基本上我遵循链接的代码:Allow users to upload a pic for their profile

我不知道代码是否足够安全。我担心用户可能会上传恶意文件。

另外,我担心如果有很多用户,我会在一个文件夹中有很多图片,这可能会减慢检索过程。我想知道存储配置文件图片的最佳做法是什么。最多几张照片是否应该在文件夹中以提高效率?

感谢您的建议!!以下是我的代码:

    if(is_uploaded_file($_FILES['image']['tmp_name']))
    {   
        uploadImage($_FILES['image']['tmp_name'], 100, 100, "image/users/test2.jpeg");
    } 

function uploadImage($source, $max_width, $max_height, $destination) {

list($width, $height) = getimagesize($source);
if ($width > 150 || $height > 150) {
    $ratioh = $max_height / $height;
    $ratiow = $max_width / $width;
    $ratio = max($ratioh, $ratiow);
    // New dimensions
    $newwidth = intval($ratio * $width);
    $newheight = intval($ratio * $height);

    $newImage = imagecreatetruecolor($newwidth, $newheight);

    $ext = trim(strtolower($_FILES['image']['type']));

    $sourceImage = null;

    // Generate source image depending on file type
    switch ($ext) {   
    case "image/jpg":
    case "image/jpeg":
        $sourceImage = imagecreatefromjpeg($source);
        break;
    case "image/gif":
        $sourceImage = imagecreatefromgif($source);
        break;
    case "image/png":
        $sourceImage = imagecreatefrompng($source);
        break;
    }

    imagecopyresampled($newImage, $sourceImage, 0, 0, 0, 0, $newwidth, $newheight, $width, $height);

    // Output file depending on type
    switch ($ext) {
    case "image/jpg":
    case "image/jpeg":
        imagejpeg($newImage, $destination);
        break;
    case "image/gif":
        imagegif($newImage, $destination);
        break;
    case "image/png":
        imagepng($newImage, $destination);
        break;
    }

    // Destroy resources
    imagedestroy($newImage);
    imagedestroy($sourceImage);

}

}

谢谢!

0 个答案:

没有答案