我一直在编写文件上传器,我想验证类型和大小,我目前有这个:
<?php
//SETTING UP LOCAL VARIABLES
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$message = trim($_POST['message']);
//STRIPPED OUT ALL NON ASCII CHARACTERS
$username = preg_replace('/[^(\x20-\x7F)]*/','', $username);
$password = preg_replace('/[^(\x20-\x7F)]*/','', $password);
$name = preg_replace('/[^(\x20-\x7F)]*/','', $name);
//$email = preg_replace('/[^(\x20-\x7F)]*/','', $email);
//SETTING UPLOAD DIR
$upload_dir = $_SERVER['DOCUMENT_ROOT'] . "/beta_images/";
//CREATING A RANDOM HASH TO PROTECT FROM DUPLICATE FILES
$random = rand(1, 100);
$user_hash = $random . $name;
$hash = sha1($user_hash);
$hash = substr($hash, 32, $random);
foreach ($_FILES['file']['error'] as $key => $error) {
$counter++;
if (
(
($_FILES['file']['type'][$key] == "image/jpeg")
|| ($_FILES['file']['type'][$key] == "image/pjpeg")
|| ($file['file']['type'][$key] == "image/jpg")
)
&& ($error == UPLOAD_ERR_OK)
&& ($_FILES['file']['size'][$key] < 20971520)
) {
$temp_name = $_FILES['file']['tmp_name'][$key];
$image_name = $hash . '_' . $name . $counter . '.jpg';
move_uploaded_file($temp_name, $upload_dir . $image_name);
} else {
$body_fail = "Someone forgot to do something and wound up on the Sorry page. You might want to contact them and try and convince them to join still. Here are the details \n\n Username: $username \n Password: $password \n Email: $email \n Name: $name \n Message: $message";
mail("bla", "Failed beta sign up", $body_fail);
header("Location: ../sorry.html");
}
}
//EMAIL INTERNAL
$body_internal = "Success! $name has submitted a beta entry!\n\n Their username is \n $username \n Their password is \n $password \n Their email address is $email.\n\n The images are located in \n /beta_images/{$hash}_{$name}1/2/3.jpg \n\n They also wrote a little message for us: \n$message";
mail("bla", "New Beta Sign Up", $body_internal);
//EMAIL INTERNAL
//EMAIL EXTERNAL
$body_external = "Thank you for applying to join the Stylistic Gallery, we just wanted to let you know that we have received everything and will be in touch shortly.\n\n Best Wishes \n Stylistic Gallery \n\n The Stylistic Gallery, a portal for creative individuals and businesses to showcase and sell their work online";
mail($email, "Thank you for your application", $body_external);
//EMAIL EXTERNAL
header("Location: ../thanks.html");
然而,即使文件不是jpg或者尺寸更大,它仍然可以使用。
对于模糊不清而感到困惑,此时此刻看起来很困惑:)
谢谢!
答案 0 :(得分:5)
仅仅因为你发出Location:标题不是意味着脚本停止执行。尝试在重定向标题之后放置exit;或die;。
此外,您通常会死于少量内容,这些内容描述了不会遵循重定向的浏览器的位置,例如
die(<<< ERRORTEXT
<!doctype html>
<html><head><title>Error: Foo</title></head><body>
<h1>We're sorry, your call could not be completed as dialed.</h1>
<p><a href="../sorry.html">Click here to continue to your final destination.</a></p>
</body></html>
ERRORTEXT
);
($_FILES['file']['size'][$key] < 20971520)
我们在这里所谓的“神奇数字”;确定它现在很明显,但它不会花费更多时间编程或执行方式来执行以下操作之一:
($_FILES['file']['size'][$key] < 20 * 1024 * 1024)
define('MAX_FILE_SIZE', 20 * 1024 * 1024); // 20 MB
($_FILES['file']['size'][$key] < MAX_FILE_SIZE)
答案 1 :(得分:4)
你错过了一些parantheses,你想要替换一个||由&amp;&amp;。
if (
(
($_FILES['file']['type'] == "image/jpeg")
|| ($_FILES['file']['type'] == "image/pjpeg")
|| ($_FILES['file']['type'] == "image/jpg")
)
&& ($error == UPLOAD_ERR_OK)
&& ($_FILES['file']['size'] < 20971520)
) {
如果你有这样的陈述,那么最好将其分解。以下是我编写循环的方法:
/* ideally you would move those messages to some text files, to make it
* easy to change any content and eventually localize it.
*/
// mail if upload fails
$failure_mail_body_to_admin = "Someone ...";
// mail to admin after successful upload
$sucess_mail_body_to_admin = "Success! ...";
// mail to user after successful upload
$sucess_mail_body_to_user = "Thank you ...";
// mime types of allowed images, I know that those can be spoofed
$allowed_mime_types = array("image/jpeg", "image/pjpeg", "image/jpg");
$fileCount = 0;
foreach ($_FILES as $filename => $file) {
$file_is_ok = true;
// test general errors
if ($file['error'] != UPLOAD_ERR_OK) {
$file_is_ok = false;
}
// test size (< 20MB)
if ($file['size'] >= 20971520) {
$file_is_ok = false;
}
if (!in_array($file['type'], $allowed_mime_types) {
$file_is_ok = false;
}
if ($file_is_ok) {
$fileCount++;
// store image
$temp_name = $file['tmp_name'];
$image_name = $hash . '_' . $name . $counter . '.jpg';
move_uploaded_file($temp_name, $upload_dir . $image_name);
}
}
if ($fileCount > 0) {
// send confirmation mails
mail("bla", "New Beta Sign Up", $sucess_mail_body_to_user);
mail($email, "Thank you for your application", $sucess_mail_body_to_admin);
// redirect user
header("Location: ../thanks.html");
die();
} else {
mail("bla", "Failed beta sign up", $failure_mail_body_to_admin);
// redirect user
header("Location: ../sorry.html");
die;
}