PHP中的图像和PDF文件上传验证

时间:2017-02-26 10:46:50

标签: php image validation pdf

我正在创建一个管理员工记录的网络应用程序,其中一个功能允许员工上传他们的资格副本。由于许多扫描仪输出到不同的文件类型,我需要能够验证上传的文件是PDF还是许多不同图像文件类型之一。

我知道MIME验证方法并使用了它,但因为它相对容易破解我正在寻找一种更安全的方法来补充它。

配置文件中存储常量的相关代码

// Set the file types allowed to be uploaded
define('FILETYPEALLOWED', serialize (array ('image/pjpeg', 'image/jpeg', 'image/JPG', 'image/X-PNG', 'image/PNG', 'image/png', 'image/x-png' ) ));

处理表单的代码

    //If a file was uploaded, Move the uploaded file
    IF (isset($_FILES['upload'])) {

      $allowed = unserialize (FILETYPEALLOWED);

      $fileinfo = finfo_open (FILEINFO_MIME_TYPE);

      //IF file type is allowed
      IF (in_array($_FILES['upload'] ['type'], $allowed )) {

        move_uploaded_file($_FILES['upload'] ['tmp_name'], UPLOADS . $_FILES['upload'] ['name'] );

      } else { 
         //Add an error to the $errors array
        $errors[] = 'The file type is not allowed.';
      }

    //Delete the temporary file
    IF (file_exists ($_FILES['upload'] ['tmp_name']) && is_file($_FILES ['upload'] ['tmp_name'])) {
        unlink ($_FILES ['upload'] ['tmp_name']);
        echo '<p>The temp file been file.</p>';
    }
} else {

    print '<p>no file was uploaded</p>';
}   

0 个答案:

没有答案