doujiu1447
2016-11-17 16:07
浏览 50
已采纳

限制“.php”文件上传

I am making basic photo hosting, just to upload images and resize them.

Everything works fine, I also have added accept="image/*" for my File upload button, but it is still possible to upload other files. So in my PHP code I check whether it is image or other file, so if it is not image, I basically remove it. But I have a problem. If user uploads "index.php" file, my index file on server will be overwritten and as my code should do, it removes "index.php" so. basically self destruction.

Is there way to restrict file upload before file is actually uploaded on server?

Or at least, is there way to change root directory of file that is uploaded?

I don't think that JavaScript or HTML restriction will do anything, because "hackermans" can change it easily in inspect element.

图片转代码服务由CSDN问答提供 功能建议

我正在制作基本的照片托管,只是为了上传图片并调整大小。

一切正常,我还为我的文件上传按钮添加了 accept =“image / *”,但仍然可以上传其他文件。 所以在我的PHP代码中我检查它是图像还是其他文件,所以如果它不是图像,我基本上删除它。 但我有一个问题。 如果用户上传“index.php”文件,我的服务器上的索引文件将被覆盖,而我的代码应该这样做,它会删除“index.php”。 基本上是自我毁灭

文件实际上传到服务器上之前,有没有办法限制文件上传

或者至少,是否有 改变上传文件根目录的方法?

我不认为JavaScript或HTML限制会做任何事情,因为“hackermans”可以在inspect元素中轻松改变它。

  • 写回答
  • 好问题 提建议
  • 追加酬金
  • 关注问题
  • 邀请回答

1条回答 默认 最新

  • dqyuipw44576 2016-11-17 16:18
    最佳回答 
    class Upload {

private $destinationPath;
private $errorMessage;
private $extensions;
private $allowAll;
private $maxSize;
private $uploadName;
private $seqnence;
private $imageSeq;
public $name = 'Uploader';
public $useTable = false;

function setDir($path) {
    $this->destinationPath = $path;
    $this->allowAll = false;
}

function allowAllFormats() {
    $this->allowAll = true;
}

function setMaxSize($sizeMB) {
    $this->maxSize = $sizeMB * (1024 * 1024);
}

function setExtensions($options) {
    $this->extensions = $options;
}

function setSameFileName() {
    $this->sameFileName = true;
    $this->sameName = true;
}

function getExtension($string) {
    $ext = "";
    try {
        $parts = explode(".", $string);
        $ext = strtolower($parts[count($parts) - 1]);
    } catch (Exception $c) {
        $ext = "";
    }
    return $ext;
}

function setMessage($message) {
    $this->errorMessage = $message;
}

function getMessage() {
    return $this->errorMessage;
}

function getUploadName() {
    return $this->uploadName;
}

function setSequence($seq) {
    $this->imageSeq = $seq;
}

function getRandom() {
    return strtotime(date('Y-m-d H:i:s')) . rand(1111, 9999) . rand(11, 99) . rand(111, 999);
}

function sameName($true) {
    $this->sameName = $true;
}

function uploadFile($fileBrowse) {
    $result = false;
    $size = $_FILES[$fileBrowse]["size"];
    $name = $_FILES[$fileBrowse]["name"];
    $ext = $this->getExtension($name);
    if (!is_dir($this->destinationPath)) {
        $this->setMessage("Destination folder is not a directory ");
    } else if (!is_writable($this->destinationPath)) {
        $this->setMessage("Destination is not writable !");
    } else if (empty($name)) {
        $this->setMessage("File not selected ");
    } else if ($size > $this->maxSize) {
        $this->setMessage("Too large file !");
    } else if ($this->allowAll || (!$this->allowAll && in_array($ext, $this->extensions))) {

        if ($this->sameName == false) {
            $this->uploadName = $this->imageSeq . "-" . substr(md5(rand(1111, 9999)), 0, 8) . $this->getRandom() . rand(1111, 1000) . rand(99, 9999) . "." . $ext;
        } else {
            $this->uploadName = $name;
        }
        if (move_uploaded_file($_FILES[$fileBrowse]["tmp_name"], $this->destinationPath . $this->uploadName)) {
            $result = true;
        } else {
            $this->setMessage("Upload failed , try later !");
        }
    } else {
        $this->setMessage("Invalid file format !");
    }
    return $result;
}

function deleteUploaded() {
    unlink($this->destinationPath . $this->uploadName);
}

    }

    How to use it : 

    function callMe(){
                $uploader   =   new Upload();
                $directory = "NAMEDIR"
                if(!is_dir($directory)){
                    mkdir($directory);
                }
                $uploader->setDir($directory);
                $uploader->setExtensions(array('jpg','jpeg','png','gif'));  //allowed extensions list//
                $uploader->setMaxSize(.5);                          //set max file size to be allowed in MB//
                $uploader->sameName(true);
                if($uploader->uploadFile('file')){   //txtFile is the filebrowse element name //     
                    $image  =   $uploader->getUploadName(); //get uploaded file name, renames on upload//

                    echo json_encode(array("success"=>true,"message"=>"Success Add","image"=>$directory.$image,"image_upload"=>$image));

                }else{//upload failed
                    echo json_encode(array("success"=>false,"message"=>$uploader->getMessage(),"image"=>""));
                }
            }
            callMe();
    评论
    解决 无用
    打赏 举报

报告相同问题?

提交

相关推荐 更多相似问题

  • 限制“.php文件上传 php
    2016-11-17 16:07
    回答 1 已采纳 class Upload { private $destinationPath; private $errorMessage; private $extensions; private $all
  • php图片上传文件大小限制 php
    2016-09-21 19:09
    回答 1 已采纳 Did you check your php.ini? The default upload_max_filesize is 2MB.
  • php 文件上传路径问题 php
    2021-06-28 08:20
    回答 2 已采纳 upload后面再加一个 \ 
  • php.ini修改php上传文件大小限制的方法详解
    2020-10-27 06:38
    本篇文章是对php.ini修改php上传文件大小限制的方法进行了详细的分析介绍,需要的朋友参考下
  • PHP 上传文件大小限制
    2020-12-17 21:32
    打开文件上传选项 upload_max_filesize = 500M ;上传文件上限 如果要上传比较大的文件,仅仅以上两条还不够,必须把服务器缓存上限调大,把脚本最大执行时间变长 post_max_size = 500M ;post上限 max_execution_time...
  • 配置php.ini实现PHP文件上传功能
    2020-10-25 04:24
    为大家介绍下在php.ini文件中配置php文件上传功能的方法,涉及到一些重要的选项,关系到php上传文件大小的限制等,有需要的朋友参考下
  • php文件上传文件过大的处理方法 php
    2017-12-04 08:06
    回答 6 已采纳 ,表单类型: 上传文件的表单编码类型必须设置成 enctype="multipart/form-data",因为要传大数据,一般提交方式用POST. 2,php设置问题: php默认的post_
  • PHP文件上传限制图像超过20kb php
    2014-05-20 11:34
    回答 1 已采纳 The size in $_FILES is expressed in bytes. 200.000 = around 195 kilobyte. Did you tested it withou
  • PHP MIME类型,限制上传文件 php
    2014-03-13 08:55
    回答 1 已采纳 Replace your if condition which is following if ($_FILES["uploadfile"]["error"] > 0){ /
  • php限制上传文件类型并保存上传文件的方法
    2020-12-19 14:14
    本文实例讲述了php限制上传文件类型并保存上传文件的方法。分享给大家供大家参考。具体如下: 下面的代码演示了php中如何获取用户上传文件,并限制文件类型的一般图片文件,最后保存到服务器 <?php $...
  • php 修改上传文件大小限制实例详解
    2020-12-19 02:51
    1. 修改 max_execution_time ...这样就会出现无法打开网页的情况.这时我们可以修改 max_execution_time ...此设定也影响到文件上传php默认的post_max_size 为2M.如果 POST 数据尺寸大于 post_max_siz
  • php文件上传、下载和删除示例
    2021-01-21 15:52
    php文件上传、下载和删除示例大体思路如下,具体内容如下 一.文件上传 1.把上传文件的区域做出来 div1 2.把显示文件的区域做出来 div2 3.提交表单,上传文件 4.服务器接收文件数据 用$_FILE[name]接收 5...
  • 通过mime对xml文件php文件上传限制 phpxml
    2016-11-16 14:56
    回答 2 已采纳 It seems like $finfo->file() returns application/xml instead of text/xml for xml files. Change
  • php限制文件上传到jpegs php
    2010-03-03 09:13
    回答 5 已采纳 getimagesize tells you what format the file is in as per bgy's comment, you should also force the
  • 如何在PHP中从后端限制jQuery-File-Upload中的最大1个文件上传 javascriptjqueryphp
    2016-11-06 19:41
    回答 1 已采纳 After digging deeper into the PHP code in the demo within server/php/UploadHandler.php I found th
  • 叫你如何修改Nginx与PHP文件上传大小限制
    2020-10-25 10:58
    对于nginx+php的一些网站,上传文件大小会受到多个方面的限制,一个是nginx本身的限制限制了客户端上传文件的大小,一个是php.ini文件中默认了多个地方的设置。下面我们来看看如何修改这些限制
  • 通过修改配置真正解决php文件上传大小限制问题(nginx+php)
    2020-12-19 14:34
    那么对于nginx+php网站,与apache+php下如何解决php文件上传大小限制问题不同的就是nginx本身的限制限制了客户端上传文件的大小,这里以nginx为例说明nginx+php下如何解决这个问题。 1.nginx配置项修改  修改/usr...
  • php环境无法上传文件的解决方法
    2021-01-21 16:05
    二、 php.ini配置文件 php.ini中影响上传的有以下几处: file_uploads 是否开启 on 必须开启 是否允许HTTP文件上传 post_max_size = 8M PHP接受的POST数据最大长度。此设定也影响到文件上传。 要上传文件,该值必须...
  • php文件上传限制不起作用 php
    2012-06-27 10:48
    回答 1 已采纳 Problem was with MIME type. As said by @ksg91 correct MIME type for doc file is application/msword
  • php处理单文件、多文件上传代码分享
    2020-12-18 23:05
    php处理 单文件、多文件上传实例代码,供大家参考,具体内容如下  后台处理文件submit_form_process.php  <?php /****************************************************************************** 参数...
  • 没有解决我的问题, 去提问