Php base64图像上载验证
我在我的网站上做了一个功能,用户可以通过从文件中加载图像,也可以使用电脑内置的摄像头上传图像Php base64图像上载验证,php,html,validation,base64,image-uploading,Php,Html,Validation,Base64,Image Uploading,我在我的网站上做了一个功能,用户可以通过从文件中加载图像,也可以使用电脑内置的摄像头上传图像 我可以用我的网络摄像头拍照,也可以从文件中加载 我将base64存储在一个输入中,该输入与其他信息一起提交给服务器 服务器验证base64(查找黑客) 映像存储在服务器上 我了解我使用的验证方法: 在服务器上需要大量的处理速度(编码和解码) 有缺陷/不可靠 可能不够安全 是否还有其他安全、服务器友好和可靠的方法来验证base64??? (我在其他帖子中找不到任何有希望的方法。) 当我在某些地方面
- 我可以用我的网络摄像头拍照,也可以从文件中加载
- 我将base64存储在一个输入中,该输入与其他信息一起提交给服务器
- 服务器验证base64(查找黑客)
- 映像存储在服务器上
- 在服务器上需要大量的处理速度(编码和解码)
- 有缺陷/不可靠
- 可能不够安全
(我在其他帖子中找不到任何有希望的方法。) 当我在某些地方面对相机时,它会失败(base64会受到某些图片的影响) 非常感谢你的帮助
--龙火 upload.php脚本:
<?php
$uploaded_file_b64 = htmlspecialchars($_POST['b64_img_url']); // string containing base64 of uploaded image
$FileName = "the_unique_uploaded_file_name.png";
$file_path = "/uploads/" . $FileName;
$file_relative_path = "../uploads/" . $FileName; // BUG: need to use relative path rather than absolute since absolute path doesn't work. Why???
//Must get actual base64 out of string by splicing it
$uploaded_file_actual_b64 = explode("base64,",$uploaded_file_b64);
//We need to get the second value from the array returned from explode() since there are two commas before the actual base64
$uploaded_file_actual_b64 = $uploaded_file_actual_b64[1];
// First try to decode then re-encode the base64. If works then perfect!
if ($uploaded_file_actual_b64 == base64_encode(base64_decode($uploaded_file_actual_b64))) {
// It worked!
echo "Valid base64!";
}
else {
// It failed! THIS IS WHERE IT ALWAYS ERRORS!! WHY???
echo "Not base64!";
}
// Try creating an image from the base64. If works then perfect!
$is_image = imagecreatefromstring(base64_decode($uploaded_file_actual_b64));
//doing this will help confirm it's an image, but it is still possible to inject php or js into
//the body of the image, but as long as we don't execute the image on the server
//then we should be fine
if ($is_image != false) {
echo "Valid image!";
} else {
echo "Not an image!";
}
// If we get up to here, then nothing has been tampered with!
echo "Secure!";
// Store the image on the server
if (file_put_contents($file_relative_path, base64_decode($uploaded_file_actual_b64))) {
echo "Upload success!";
} else {
echo "Upload failed!";
}
?>
有些base64字符串是有效的,但由于填充,无法解码,然后编码为完全相同的值。但是,为什么要这样“验证”base64?重点是什么?我不知道怎么做。如果有些人有更好的方法来验证它——那就是我要找的!
<form method="post" action="upload.php" enctype="multipart/form-data">
<input type="text" id="b64_img_url" name="b64_img_url" style="display: none;"/>
<input type="submit" class="btn btn-success" value="Submit" />
<div id="btn_cam_capture" onclick="capture_webcam();">Capture</div>
<canvas id="camera-stream-canvas"></canvas>
<img id="img-drop-preview"/>
<script>
var canvas = document.getElementById("camera-stream-canvas");
function capture_webcam() {
// Executed when user takes shot.
// Previews the image by converting the canvas to a base64 image.
document.getElementById("img-drop-preview").src = canvas.toDataURL();
// The input which stores the base64
document.getElementById("b64_img_url").value = canvas.toDataURL();
}
</script>
</form>