目录被未知脚本随机删除

时间:2017-03-26 18:53:42

标签: php image mysqli directory

我已经建立了一个简单的" Facebook"像我的朋友的时间线系统,能够上传状态与图像供他的用户查看。尽管存储图像的文件仍然被删除,但似乎一切都运行良好,我似乎无意地故意导致问题,所以我不知道删除这个目录是什么?

我在下面添加了上传/删除脚本,看看是否有人可以在这里帮助我?我似乎无法找到脚本的任何部分,它会自行删除主图像目录?

请小心谨慎 - 这还没有完成,而且还远未安全,我们正处于测试阶段,需要先解决这个问题才能完善系统。

用于存储图像的主文件夹是post_images,这是要删除的目录。

删除DIR功能 -

function rrmdir($dir) {
  foreach(glob($dir . '/*') as $file) { 
    if(is_dir($file)) rrmdir($file); else unlink($file); 
  } 
  rmdir($dir); 
}

拒绝邮件 -

if(isset($_GET['decline_post'])){
    $post_id = $conn->real_escape_string($_GET['decline_post']);

    $getimagefolder = mysqli_fetch_assoc(mysqli_query($conn, "SELECT `post_image_folder` FROM `Pto6LsuQ_posts` WHERE `post_id` = '$post_id'"));
     $image_folder = $getimagefolder['post_image_folder'];


    mysqli_query($conn,"DELETE FROM `Pto6LsuQ_posts` WHERE `post_id` = '$post_id'");

    $direc = 'post_images/'.$image_folder;

if (file_exists($direc)) {

rrmdir($direc);

} else {
}

    header("Location: members_area.php");
}

删除帖子 -

if(isset($_GET['delete_post'])){
    $post_id = $conn->real_escape_string($_GET['delete_post']);

    $getimagefolder = mysqli_fetch_assoc(mysqli_query($conn, "SELECT `post_image_folder` FROM `Pto6LsuQ_posts` WHERE `post_id` = '$post_id'"));
     $image_folder = $getimagefolder['post_image_folder'];


    mysqli_query($conn,"DELETE FROM `Pto6LsuQ_posts` WHERE `post_id` = '$post_id'");

    $direc = 'post_images/'.$image_folder;

if (file_exists($direc)) {

rrmdir($direc);

} else {
}

    header("Location: members_area.php");
}

上传后发布 -

if(isset($_POST['new_post'])){
    $post_status = $conn->real_escape_string($_POST['status']);
    $user_id = $_SESSION['user_id'];

    if(!empty($_FILES['images']['tmp_name'])){


       $length = 9; 
       $search = true; // allow the loop to begin
       while($search == true) {
             $rand_image_folder = substr(str_shuffle("0123456789"), 0, $length);
             if (!file_exists('../post_images/'.$rand_image_folder)) {  
                 $search = false;
             }  
        }

        mkdir("../post_images/".$rand_image_folder);

      foreach($_FILES['images']['tmp_name'] as $key => $tmp_name ){
           $file_name = $key.$_FILES['images']['name'][$key];
           $file_size = $_FILES['images']['size'][$key];
           $file_tmp = $_FILES['images']['tmp_name'][$key];
           $file_type = $_FILES['images']['type'][$key];

           $check_file_type = substr($file_type, 0, strrpos( $file_type, '/'));

           if($check_file_type !== 'image'){
               header('Location: ../members_area.php?posterror=1');
           }

           $extensions = array("jpeg","jpg","png","JPEG","JPG","PNG"); 

           $format = trim(substr($file_type, strrpos($file_type, '/') + 1));

             if(in_array($format,$extensions) === false){
             header('Location: ../members_area.php?posterror=1');
             } else {   

             move_uploaded_file($file_tmp,"../post_images/".$rand_image_folder."/".$file_name);

             $file = "../post_images/".$rand_image_folder."/".$file_name;


$cut_name = substr($file, strpos($file, "/") + 1);  
$cut_name = explode('/',$cut_name); 
$cut_name = end($cut_name); 

             $newfile = "../post_images/".$rand_image_folder."/thb_".$cut_name;
             $info = getimagesize($file);
             list($width, $height) = getimagesize($file);

                 $max_width = '350';
                 $max_height = '250';

                 //try max width first...
                      $ratio = $max_width / $width;
                      $new_width = $max_width;
                      $new_height = $height * $ratio;

                 //if that didn't work
                    if ($new_height > $max_height) {
                        $ratio = $max_height / $height;     
                        $new_height = $max_height;
                        $new_width = $width * $ratio;
                    }

    if ($info['mime'] == 'image/jpeg') $image = imagecreatefromjpeg($file);
    elseif ($info['mime'] == 'image/gif') $image = imagecreatefromgif($file);
    elseif ($info['mime'] == 'image/png') $image = imagecreatefrompng($file);
            $image = imagecreatetruecolor($new_width, $new_height);
            $photo = imagecreatefromjpeg($file);
            imagecopyresampled($image, $photo, 0, 0, 0, 0, $new_width, $new_height, $width, $height);


            imagejpeg($image, $newfile, 70);        


             }
        }

    if($account_type < 4){
        $post_public = 1;
    } else {
        $post_public = 0;
    }

      mysqli_query($conn,"INSERT INTO `Pto6LsuQ_posts`   
              (post_id,post_user_id,post_date_time,post_status,post_image_folder,post_likes,post_public_status)
       VALUES ('','$user_id',NOW(),'$post_status','$rand_image_folder','0','$post_public')");

    } else {


        if($account_type < 4){
        $post_public = 1;
    } else {
        $post_public = 0;
    }

        mysqli_query($conn,"INSERT INTO `Pto6LsuQ_posts`   
              (post_id,post_user_id,post_date_time,post_status,post_image_folder,post_likes,post_public_status)
       VALUES ('','$user_id',NOW(),'$post_status','','0','$post_public')");


    }

    header('Location: ../members_area.php?posterror=2');


}

0 个答案:

没有答案