我不确定这是否可行,但现在就去了。
我有一个目录,里面装满了我需要用PHP阅读的图像文件。然后,我需要将它们转换为html img元素,以便在库中使用。
我链接此页面(http://www.mysql-apache-php.com/fileupload-security.htm)以用作此作业的参考。它显示了使用imagecreatefromjpeg(),imagecreatefrompng()和imagecreatefromgif()的示例:
示例代码
// this is just example only
$imgfile = $rsPhoto['photo']; // or value from database
list($width, $height, $type, $attr) = getimagesize($imgfile);
switch ($type)
{
case 1: $im = imagecreatefromgif($imgfile);
header("Content-type: image/gif");
break;
case 2:
$im = imagecreatefromjpeg($imgfile);
header("Content-type: image/jpeg");
break;
case 3:
$im = imagecreatefrompng($imgfile);
header("Content-type: image/png");
break;
}
我根本不明白它在干什么。不知怎的,它得到某种奇怪的php对象文件,然后......显示为整个页面?在哪里/如何/为什么这样做?
以下是我想要的页面。 createGalleryEl不起作用,给我错误告诉我文件不存在。这是因为我的.htaccess文件吗?
gallery.php
<?php
//Create the basic headers, etc.
echo "<head>"
."<title>Photo Gallery</title>"
.'<link rel="stylesheet" type="text/css" href="style.css">'
.'<meta charset="UTF-8">'
."</head>";
echo "<body>";
echo "<h1>Photo Gallery</h1>";
echo "<div id='gallery'>";
/*Get all files in uploads. Check if they're image files. If they are,
create gallery elements for them with thumbnails and all. */
$files1 = scandir("uploads/");
foreach($files1 as $thisFile) {
$whitelist = array(".png", ".gif", "jpg", ".jpeg");
foreach ($whitelist as $file) {
if(preg_match("/$file\$/i", $thisFile)) {
//Create the gallery element for it.
createGalleryEl($thisFile);
}
}
}
echo '</div>'; //end of gallery
echo '</body>';
//Creates the actual element for the gallery.
function createGalleryEl($filename) {
echo "<div class='thumbnail'><img src='uploads/$filename'></div>";
}
?>
的.htaccess
Options -Indexes
Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
php_flag allow_url_fopen On
<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
order deny,allow
deny from all
</Files>
鉴于此设置,我如何获取图像文件并将它们放入html img元素?
另外,如果我完全误解了这种事情是如何运作的,请告诉我。我根本不习惯PHP和服务器端开发,所以我可能在大部分知识方面都缺乏知识。
答案 0 :(得分:1)
如果您想使用.htaccess保护原始图像目录,可以使用PHP GD库动态创建图像(参见http://php.net/manual/en/book.image.php)。
您的脚本的准系统会起作用,但由于您拒绝访问图像源目录,因此图像不会在浏览器中加载。
解决方法涉及在允许的目录中调用脚本,并使用标识符来加载特定图像。
示例:强>
<强> image.php 强>
<?php
// Set allowable array
$allowableImages = [];
// Find files in the directory - you can reuse your existing method to check if the file exists and is in the whitelist
// Alternatively you could pull this information from a database or just set a manual array
$files = scandir("uploads/");
foreach($files as $thisFile) {
$whitelist = array(".png", ".gif", "jpg", ".jpeg");
foreach ($whitelist as $file) {
if(preg_match("/$file\$/i", $thisFile)) {
$allowableImages[] = $thisFile;
}
}
}
// Get the image name from GET
$image = $_GET["i"];
// Create the image if it is in the array
if(in_array($image, $allowableImages)) {
$imgfile = "uploads/" . $image;
// Get image size attributes
list($width, $height, $type, $attr) = getimagesize($imgfile);
switch ($type) {
case 1:
$im = imagecreatefromgif($imgfile);
header("Content-type: image/gif");
imagegif($im);
break;
case 2:
$im = imagecreatefromjpeg($imgfile);
header("Content-type: image/jpeg");
imagejpeg($im);
break;
case 3:
$im = imagecreatefrompng($imgfile);
header("Content-type: image/png");
imagepng($im);
break;
}
// Destroy image resource
imagedestroy($im);
}
?>
然后在您的gallery.php文件中,只需更新createGalleryEl函数:
//Creates the actual element for the gallery.
function createGalleryEl($filename) {
echo "<div class='thumbnail'><img src='image.php?i=$filename'></div>";
}