1. 首页
  2. 问答
  3. 只允许图像和PDF类型的图像上传PHP脚本

只允许图像和PDF类型的图像上传PHP脚本

2015-10-08 30 views
0

我有一个脚本,只允许1张图片上传,工作正常。只允许图像和PDF类型的图像上传PHP脚本

但现在它允许任何和所有类型的上传。

如何仅允许jpg,jpeg,gif,png & PDF文件是唯一允许上传的文件?

这是我的代码的一部分。

<?php 

// make a note of the current working directory, relative to root. 
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']); 

// make a note of the directory that will recieve the uploaded files 
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . 'uploaded_files/'; 

// make a note of the location of the upload form in case we need it 
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'multiple.upload.form.php'; 

// make a note of the location of the success page 
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'multiple.upload.success.php'; 

// name of the fieldname used for the file in the HTML form 
$fieldname = 'file'; 

//echo'<pre>';print_r($_FILES);exit; 

// Now let's deal with the uploaded files 

// possible PHP upload errors 
$errors = array(1 => 'php.ini max file size exceeded', 
       2 => 'html form max file size exceeded', 
       3 => 'file upload was only partial', 
       4 => 'no file was attached'); 

// check the upload form was actually submitted else print form 
isset($_POST['submit']) 
or error('the upload form is needed', $uploadForm); 

// check if any files were uploaded and if 
// so store the active $_FILES array keys 
$active_keys = array(); 
foreach($_FILES[$fieldname]['name'] as $key => $filename) 
{ 
if(!empty($filename)) 
{ 
$active_keys[] = $key; 
} 
} 

// check at least one file was uploaded 
if (count($active_keys) < 1) 
{ echo "<table border=\"0\" cellspacing=\"4\" cellpadding=\"4\" style=\"border: 1px solid black; text-align: center; font-family: arial; font-size: 14px;\" width=\"600px\" align=\"center\"> 
<tr> 
<td> 
<font size=\"3\" color=\"red\"><strong><u>Upload Error</u></strong></font> 
<br> 
<br> 
<b>You must upload one file.</b> 
<br><br> 
<a href=\"javascript: history.go(-1)\">Back to upload form</a> 
<br> 
</td> 
</tr> 
</table> <div style=\"display: none;\"> "; } 
//count($active_keys) 
//or error('No files were uploaded', $uploadForm); 

// check for standard uploading errors 
foreach($active_keys as $key) 
{ 
($_FILES[$fieldname]['error'][$key] == 0) 
or error($_FILES[$fieldname]['tmp_name'][$key].': '.$errors[$_FILES[$fieldname]['error'][$key]], $uploadForm); 
} 

// check that the file we are working on really was an HTTP upload 
foreach($active_keys as $key) 
{ 
@is_uploaded_file($_FILES[$fieldname]['tmp_name'][$key]) 
or error($_FILES[$fieldname]['tmp_name'][$key].' not an HTTP upload', $uploadForm); 
} 

// make a unique filename for the uploaded file and check it is 
// not taken... if it is keep trying until we find a vacant one 
foreach($active_keys as $key) 
{ 
$now = time(); 
while(file_exists($uploadFilename[$key] = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name'][$key])) 
{ 
$now++; 
} 
} 

// now let's move the file to its final and allocate it with the new filename 
foreach($active_keys as $key) 
{ 
@move_uploaded_file($_FILES[$fieldname]['tmp_name'][$key], $uploadFilename[$key]) 
or error('receiving directory insuffiecient permission', $uploadForm); 
} 

// If you got this far, everything has worked and the file has been successfully saved. 
// We are now going to redirect the client to the success page. 


if($_FILES['file']['error'] === UPLOAD_ERR_INI_SIZE) { 
    // Handle the error 
    echo 'Your file is too large.'; 
    die(); 
} 
// make an error handler which will be used if the upload fails 
function error($error, $location, $seconds = 5) 
{ 
echo "<table border=\"0\" cellspacing=\"4\" cellpadding=\"4\" style=\"border: 1px solid black; text-align: center; font-family: arial; font-size: 14px;\" width=\"600px\" align=\"center\"> 
<tr> 
<td> 
<font size=\"3\" color=\"red\"><strong><u>Upload Error</u></strong></font> 
<br> 
<br> 
<!--<b>Your proof is not a supported filetype.<br> 
Please upload an image (jpg, gif, png, bmp file) or PDF file. 
<br> 
<br> 
or</b> 
<br> 
<br>--> 
<b>Your File Size is bigger then the maximum allowed - 2 MB.<br> 
Please upload a smaller file.</b> 
<br><br> 
<a href=\"javascript: history.go(-1)\">Back to upload form</a> 
<br> 
</td> 
</tr> 
</table> <div style=\"display: none;\">"; 
} 
/* 
{ 
header("Refresh: $seconds; URL=\"$location\""); 
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"'."\n". 
'"http://www.w3.org/TR/html4/strict.dtd">'."\n\n". 
'<html lang="en">'."\n". 
'<head>'."\n". 
'<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">'."\n\n". 
'<link rel="stylesheet" type="text/css" href="stylesheet.css">'."\n\n". 
'<title>Upload error</title>'."\n\n". 
'</head>'."\n\n". 
'<body>'."\n\n". 
'<div id="Upload">'."\n\n". 
'<h1>Upload failure</h1>'."\n\n". 
'<p>An error has occured: '."\n\n". 
'<span class="red">' . $error . '...</span>'."\n\n". 
' The upload form is reloading</p>'."\n\n". 
' </div>'."\n\n". 
'</html>'; 
exit; 
} // end error handler 
*/ 

// < input id="file1" name="file[]" type="file" style="border: 1px solid white;"> 
//$fi= $_POST['file[]']; 
//$fi = "(0)"; 

$fi = array($_FILES['file']['name']['0'],$_FILES['file']['name']['1'],$_FILES['file']['name']['2']);

==== ====编辑

我能得到它,只允许图像,但现在怎么我允许PDF的要还上传了?

我将此代码添加到我的脚本中。

foreach($active_keys as $key) 
{ 
@getimagesize($_FILES[$fieldname]['tmp_name'][$key]) 
or error($_FILES[$fieldname]['tmp_name'][$key].' not an image', $uploadForm); 
}

来源

2015-10-08 Gina DiSanto

+0

尝试使用图像编辑库或PDF库打开文件。如果这些库指示这些文件是有效的,那么它们通过验证。 – Ghedipunk

+0

我需要脚本来判断它们是图像还是PDF,而不是我...... –

+0

是的,这就是为什么你使用库,而不是你自己的系统上的程序。 – Ghedipunk

回答

0

我可以用下面的代码来实现这一点。

$thefilename = $_FILES["file"]["name"][0]; 
/* first, check for suffix 
(jpg, gif, png, bmp file) or PDF file */ 
$thefilesuffix = substr($thefilename, -3); 
// echo "<p>".$thefilesuffix."</p><hr />"; 

switch($thefilesuffix) 
{ 
case "pdf": case "PDF": 
/* don't need to do anything special, 
but notice the capitalized versions */ 
break; 

case "jpg": case "gif": case "png": case "bmp": 
case "JPG": case "GIF": case "PNG": case "BMP": 
//ALLOWS ONLY IMAGES TO BE UPLOADED 
foreach($active_keys as $key) 
{ 
@getimagesize($_FILES[$fieldname]['tmp_name'][$key]) 
or error($_FILES[$fieldname]['tmp_name'][$key].' not an image', $uploadForm); 
} 
//ALLOWS ONLY IMAGES TO BE UPLOADED 
break; 

default: 
echo "<table border=\"0\" cellspacing=\"4\" cellpadding=\"4\" style=\"border: 1px solid black; text-align: center; font-family: arial; font-size: 14px;\" width=\"600px\" align=\"center\"> 
<tr> 
<td> 
<font size=\"3\" color=\"red\"><strong><u>Upload Error</u></strong></font> 
<br> 
<br> 
<b>Your proof must be an an image (jpg, gif, png, bmp file) or PDF file.<br> 
Please upload a different file.</b> 
<br> 
<br> 
<a href=\"javascript: history.go(-1)\">Back to upload form</a> 
<br> 
</td> 
</tr> 
</table> <div style=\"display: none;\">"; exit; 
break; 
}

来源

2015-10-09 16:14:05

2

只需在代码中添加以下行即可。它将在移动到目录之前检查上传文件是图像还是pdf。

$allowedExts = array("gif", "jpeg", "jpg", "png", "pdf"); 

$temp = explode(".", $_FILES["file"]["name"]); 

$extension = end($temp); 


if ((($_FILES["file"]["type"] == "image/gif") 
|| ($_FILES["file"]["type"] == "image/jpeg") 
|| ($_FILES["file"]["type"] == "image/jpg") 
|| ($_FILES["file"]["type"] == "image/pjpeg") 
|| ($_FILES["file"]["type"] == "image/x-png") 
|| ($_FILES["file"]["type"] == "image/png") 
|| ($_FILES["file"]["type"] == "application/pdf") 
&& in_array($extension, $allowedExts)) { 
    // put the upload code here 
} else { 
     // put error message here 
}

来源

2015-10-08 18:52:08 Supravat

相关问题

 相关问题