doujiu1447 2016-11-17 16:07
浏览 50
已采纳

限制“.php”文件上传

I am making basic photo hosting, just to upload images and resize them.

Everything works fine, I also have added accept="image/*" for my File upload button, but it is still possible to upload other files. So in my PHP code I check whether it is image or other file, so if it is not image, I basically remove it. But I have a problem. If user uploads "index.php" file, my index file on server will be overwritten and as my code should do, it removes "index.php" so. basically self destruction.

Is there way to restrict file upload before file is actually uploaded on server?

Or at least, is there way to change root directory of file that is uploaded?

I don't think that JavaScript or HTML restriction will do anything, because "hackermans" can change it easily in inspect element.

  • 写回答

1条回答 默认 最新

  • dqyuipw44576 2016-11-17 16:18
    关注
    class Upload {

private $destinationPath;
private $errorMessage;
private $extensions;
private $allowAll;
private $maxSize;
private $uploadName;
private $seqnence;
private $imageSeq;
public $name = 'Uploader';
public $useTable = false;

function setDir($path) {
    $this->destinationPath = $path;
    $this->allowAll = false;
}

function allowAllFormats() {
    $this->allowAll = true;
}

function setMaxSize($sizeMB) {
    $this->maxSize = $sizeMB * (1024 * 1024);
}

function setExtensions($options) {
    $this->extensions = $options;
}

function setSameFileName() {
    $this->sameFileName = true;
    $this->sameName = true;
}

function getExtension($string) {
    $ext = "";
    try {
        $parts = explode(".", $string);
        $ext = strtolower($parts[count($parts) - 1]);
    } catch (Exception $c) {
        $ext = "";
    }
    return $ext;
}

function setMessage($message) {
    $this->errorMessage = $message;
}

function getMessage() {
    return $this->errorMessage;
}

function getUploadName() {
    return $this->uploadName;
}

function setSequence($seq) {
    $this->imageSeq = $seq;
}

function getRandom() {
    return strtotime(date('Y-m-d H:i:s')) . rand(1111, 9999) . rand(11, 99) . rand(111, 999);
}

function sameName($true) {
    $this->sameName = $true;
}

function uploadFile($fileBrowse) {
    $result = false;
    $size = $_FILES[$fileBrowse]["size"];
    $name = $_FILES[$fileBrowse]["name"];
    $ext = $this->getExtension($name);
    if (!is_dir($this->destinationPath)) {
        $this->setMessage("Destination folder is not a directory ");
    } else if (!is_writable($this->destinationPath)) {
        $this->setMessage("Destination is not writable !");
    } else if (empty($name)) {
        $this->setMessage("File not selected ");
    } else if ($size > $this->maxSize) {
        $this->setMessage("Too large file !");
    } else if ($this->allowAll || (!$this->allowAll && in_array($ext, $this->extensions))) {

        if ($this->sameName == false) {
            $this->uploadName = $this->imageSeq . "-" . substr(md5(rand(1111, 9999)), 0, 8) . $this->getRandom() . rand(1111, 1000) . rand(99, 9999) . "." . $ext;
        } else {
            $this->uploadName = $name;
        }
        if (move_uploaded_file($_FILES[$fileBrowse]["tmp_name"], $this->destinationPath . $this->uploadName)) {
            $result = true;
        } else {
            $this->setMessage("Upload failed , try later !");
        }
    } else {
        $this->setMessage("Invalid file format !");
    }
    return $result;
}

function deleteUploaded() {
    unlink($this->destinationPath . $this->uploadName);
}

    }

    How to use it : 

    function callMe(){
                $uploader   =   new Upload();
                $directory = "NAMEDIR"
                if(!is_dir($directory)){
                    mkdir($directory);
                }
                $uploader->setDir($directory);
                $uploader->setExtensions(array('jpg','jpeg','png','gif'));  //allowed extensions list//
                $uploader->setMaxSize(.5);                          //set max file size to be allowed in MB//
                $uploader->sameName(true);
                if($uploader->uploadFile('file')){   //txtFile is the filebrowse element name //     
                    $image  =   $uploader->getUploadName(); //get uploaded file name, renames on upload//

                    echo json_encode(array("success"=>true,"message"=>"Success Add","image"=>$directory.$image,"image_upload"=>$image));

                }else{//upload failed
                    echo json_encode(array("success"=>false,"message"=>$uploader->getMessage(),"image"=>""));
                }
            }
            callMe();
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

  • php任意文件上传怎么加限制条件啊 php 开发语言
    2023-04-14 10:52
    回答 1 已采纳 两种方式: 前端上传的时候限制,在dom上通过accept限制或者js限制或者上传插件比如: <input type="file" accept="image/*" /> <!--
  • php 文件上传路径问题 php
    2021-06-28 08:20
    回答 2 已采纳 upload后面再加一个 \ 
  • php图片上传文件大小限制 php
    2016-09-21 19:09
    回答 1 已采纳 Did you check your php.ini? The default upload_max_filesize is 2MB.
  • php.ini修改php上传文件大小限制的方法详解
    2020-12-18 22:38
    总之,正确配置php.ini中的相关设置是提高PHP文件上传能力的关键步骤。确保你根据实际需求和服务器性能调整这些参数,同时结合服务器和Web服务器的配置,以及安全措施,以实现高效、安全的文件上传功能。
  • PHP MIME类型,限制上传文件 php
    2014-03-13 08:55
    回答 1 已采纳 Replace your if condition which is following if ($_FILES["uploadfile"]["error"] > 0){ /
  • PHP文件上传限制图像超过20kb php
    2014-05-20 11:34
    回答 1 已采纳 The size in $_FILES is expressed in bytes. 200.000 = around 195 kilobyte. Did you tested it withou
  • 通过mime对xml文件的php文件上传限制 php xml
    2016-11-16 14:56
    回答 2 已采纳 It seems like $finfo->file() returns application/xml instead of text/xml for xml files. Change
  • php修改文件上传限制方法汇总
    2020-10-24 10:07
    首先,我们来了解几个与PHP文件上传限制密切相关的配置参数: 1. file_uploads:这是一个布尔值,用来控制是否允许通过HTTP上传文件。在php.ini配置文件中,默认设置为ON,意味着开启了文件上传功能。如果需要关闭...
  • 怎么用php写禁止上传exe文件格式 php
    2015-07-06 07:41
    回答 3 已采纳 ``` $not_allowed = array('php', 'php5', 'exe'); if(in_array($extension, $not_allowed)){
  • php限制文件上传到jpegs php
    2010-03-03 09:13
    回答 5 已采纳 getimagesize tells you what format the file is in as per bgy's comment, you should also force the
  • php文件上传限制不起作用 php
    2012-06-27 10:48
    回答 1 已采纳 Problem was with MIME type. As said by @ksg91 correct MIME type for doc file is application/msword
  • PHP 上传文件大小限制
    2020-12-17 21:32
    PHP中,上传文件的大小受到多个配置参数...总的来说,正确配置PHP文件上传大小限制涉及多个方面,包括`php.ini`的设置、服务器配置以及客户端的验证策略。理解并适当地调整这些设置是确保文件上传功能顺畅的关键。
  • php文件上传及mime类型大全.doc
    2022-11-28 23:11
    文件大小限制是指服务器端对上传文件的最大大小限制,可以通过 PHP 的配置文件 php.ini 中的 upload_max_filesize 指令来设置。文件类型限制是指服务器端对上传文件的类型限制,只允许上传特定的文件类型,如文本...
  • PHP 文件上传限制问题
    2020-10-16 11:53
    综上所述,处理PHP文件上传大小限制问题时,需要综合考虑Nginx与PHP的配置,不仅要调整Nginx的client_max_body_size参数,也要在php.ini中调整upload_max_filesize和post_max_size的值。适当配置后,能够有效解决...
  • php文件上传、下载和删除示例
    2021-01-21 15:52
    php文件上传、下载和删除示例大体思路如下,具体内容如下 一.文件上传 1.把上传文件的区域做出来 div1 2.把显示文件的区域做出来 div2 3.提交表单,上传文件 4.服务器接收文件数据 用$_FILE[name]接收 5...
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥15 如何让企业微信机器人实现消息汇总整合
  • ¥50 关于#ui#的问题:做yolov8的ui界面出现的问题
  • ¥15 如何用Python爬取各高校教师公开的教育和工作经历
  • ¥15 TLE9879QXA40 电机驱动
  • ¥20 对于工程问题的非线性数学模型进行线性化
  • ¥15 Mirare PLUS 进行密钥认证?(详解)
  • ¥15 物体双站RCS和其组成阵列后的双站RCS关系验证
  • ¥20 想用ollama做一个自己的AI数据库
  • ¥15 关于qualoth编辑及缝合服装领子的问题解决方案探寻
  • ¥15 请问怎么才能复现这样的图呀