PHP文件上传器图像过滤器
[英]PHP File Uploader Image Filter
问题描述
Alright, so I found an upload script, and added adjustments to fit with my sessions. 
好了,所以我找到了一个上传脚本,并添加了一些调整以适合我的会话。 It echos out the image if the session is not logged in, but if the session IS logged in, it shows the file uploader. 如果未登录会话,它将回显图像,但是如果会话已登录,则显示文件上传器。 The thing is, someone can upload a harmful PHP script to this, I just want this to be for images. 事实是,有人可以对此上传有害的PHP脚本,我只希望它用于图像。 Any suggestions that will make my code images only? 有什么建议只能使我的代码图像吗? I tried added filters, but this does not work. 我尝试添加过滤器,但这不起作用。 Here is my code: 这是我的代码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Upload your own picture of Bouncy!</title>
</head>
<style type='text/css'>
body {
background-image:url('../membership/sitebg.png');
background-repeat:repeat-x;
background-color:#ffffff;
}
a {
color: #093D03;
text-shadow:0px 0px 5px #ffffff;
}
a:visited {
color: #093D03;
}
a:active {
color: #093D03;
}
a:hover {
color: #1AFF00;
}
</style>
<?php
session_start();
if ($_SESSION['loggedin'] == true)
{
echo "<br />";
echo "<br />";
echo "<center><font face='arial'>Welcome to the funny picture uploader,<b> ".$_SESSION['username'];
echo "</b><br /><a href='http://x.org/membership/logout.php'>Logout</a> | <a href='#'>More</a> | <a href='http://x.org'>Home</a>";
echo "<br />";
echo "<br />";
$max_no_img=1; // Maximum number of images value to be set here
echo "<form method=post action='' enctype='multipart/form-data'>";
echo "<table border='0' width='400' cellspacing='0' cellpadding='0' align=center>";
for($i=1; $i<=$max_no_img; $i++) {
echo "<tr><td>Images $i</td><td>
<input type=file name='images[]' class='bginput'></td></tr>";
}
echo "<tr><td colspan=2 align=center><input type=submit value='Add Image'></td></tr>";
echo "</form> </table>";
while(list($key,$value) = each($_FILES['images']['name']))
{
//echo $key;
//echo "<br>";
//echo $value;
//echo "<br>";
if(!empty($value)){ // this will check if any blank field is entered
$filename =rand(100000000000000,10000000000000000000).$value; // filename stores the value
$filename=str_replace(" ","-",$filename);// Add _ inplace of blank space in file name, you can remove this line
$add = "pictures/$filename"; // upload directory path is set
//echo $_FILES['images']['type'][$key]; // uncomment this line if you want to display the file type
//echo "<br>"; // Display a line break
copy($_FILES['images']['tmp_name'][$key], $add);
echo "<center><b>Your picture will be stored at:</b></center> ";
echo "<center><a href='http://bouncygames.org/$add'>Click here to view your image!</a></center>";
// upload the file to the server
chmod("$add",0777); // set permission to the file.
} }
} else {
echo "<br /><center><img src='sorry.png'><br />
<a href='x'><img src='button-to-join.png'></a>
</center>";
}
?>
My question: How can I make this ONLY upload images? 我的问题: 如何使它仅上传图像?
2 个解决方案
解决方案1
0 2012-08-18 17:37:55
For <input type="file" name="file" id="file" /> 对于<input type="file" name="file" id="file" />
I get filetype by $type = $_FILES["file"]["type"] 我通过$type = $_FILES["file"]["type"]获得文件$type = $_FILES["file"]["type"]
You could do the same, then with a simple if($type == "jpeg" || $type == "png") you decide whether to accept the file or not. 您可以执行相同的操作,然后使用简单的if($type == "jpeg" || $type == "png")决定是否接受文件。
解决方案2
0 2017-09-17 19:30:09
here you can see my solution for a similar problem: first I use a hidden form field, because it's send to the same page, where the web form is. 在这里,您可以看到针对类似问题的解决方案:首先,我使用一个隐藏的表单字段,因为它发送到Web表单所在的同一页面。
<ul id="pictures">
<li><input type="file" name="files[]"><input type="hidden" name="send"></li>
<?php
if (isset($_POST['send']))
{
if(count($_FILES['files']['name']))
{
foreach ($_FILES['files']['name']as $datei)
{
$upload_folder = 'images/'; //Das Upload-Verzeichnis
$filename = pathinfo($_FILES['datei']['name'], PATHINFO_FILENAME);
$extension = strtolower(pathinfo($_FILES['datei']['name'], PATHINFO_EXTENSION));
//Checking the file extension.
$allowed_extensions = array('png', 'jpg', 'jpeg', 'gif');
if(!in_array($extension, $allowed_extensions)) {
die("<li>Ungültige Dateiendung. Nur png, jpg, jpeg und gif-Dateien sind erlaubt</li>");
}
//Checking the file size
$max_size = 500*1024; //500 KB
if($_FILES['datei']['size'] > $max_size) {
die("<li>Bitte keine Dateien größer 500kb hochladen</li>");
}
//Checking the EXIF-data
if(function_exists('exif_imagetype')) { //exif_imagetype erfordert die exif-Erweiterung
$allowed_types = array(IMAGETYPE_PNG, IMAGETYPE_JPEG, IMAGETYPE_GIF);
$detected_type = exif_imagetype($_FILES['datei']['tmp_name']);
if(!in_array($detected_type, $allowed_types)) {
die("<li>Nur der Upload von Bilddateien ist gestattet</li>");
}}}
}
//Path for uploading
$new_path = $upload_folder.$filename.'.'.$extension;
//New filename, file already exists.
if(file_exists($new_path)) {
$id = 1;
do {
$new_path = $upload_folder.$filename.'_'.$id.'.'.$extension;
$id++;
} while(file_exists($new_path));
}
//Alright, move the file to its destination.
move_uploaded_file($_FILES['datei']['tmp_name'], $new_path);
echo '<li>Bild erfolgreich hochgeladen: <a href="'.$new_path.'">'.$new_path.'</a></li>';
}
?>
This script I found an web search. 这个脚本我找到了一个网络搜索。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.