Php 图像上载验证失败
我尝试了很多脚本来验证很多功能来验证用户上传的图片是否是图片。我试着用它来测试,当我加载一个带有ext-tar、xclx、docx、sql的文件时,它可以工作,但当我上传带有扩展名的文件时,它失败了。而且它似乎也无法验证文件大小。这是我的密码:Php 图像上载验证失败,php,image,validation,Php,Image,Validation,我尝试了很多脚本来验证很多功能来验证用户上传的图片是否是图片。我试着用它来测试,当我加载一个带有ext-tar、xclx、docx、sql的文件时,它可以工作,但当我上传带有扩展名的文件时,它失败了。而且它似乎也无法验证文件大小。这是我的密码: if(isset($_POST['submit'])) { if (is_uploaded_file($_FILES['photo']['tmp_name']) && ($_FILES['photo']['error'] === UP
if(isset($_POST['submit'])) {
if (is_uploaded_file($_FILES['photo']['tmp_name']) && ($_FILES['photo']['error'] === UPLOAD_ERR_OK)) {
// Get a reference:
$file = $_FILES['photo'];
$tmp_name = sha1($file['name']) . uniqid('',true);
$dest = $uploads_dir . $tmp_name . '_tmp';
// Validate the file size (1MB max):
$size = ROUND($file['size']/1024);
if ($size > 1024) {
$error[] = 'File u r uploading is too big.';
}
$whitelist_ext = array('gif','png' ,'jpg');
$whitelist_type = array('image/jpeg', 'image/png','image/gif');
$filename = $_FILES['photo']['name'];
$ext = pathinfo($filename, PATHINFO_EXTENSION);
if(!in_array($ext,$whitelist_ext) ) {
$error[] = 'you are entering wrong extension files.';
}else{
// Validate the file type:
// Create the resource:
if(function_exists('finfo_open')){ //(PHP >= 5.3.0, PECL fileinfo >= 0.1.0)
$fileinfo = finfo_open(FILEINFO_MIME_TYPE);
if (!in_array(finfo_file($fileinfo, $file['tmp_name']), $whitelist_type)) {
$error[] = "Uploaded file is not a valid image";
}
}else if(function_exists('mime_content_type')){ //supported (PHP 4 >= 4.3.0, PHP 5)
if (!in_array(mime_content_type($file['tmp_name']), $whitelist_type)) {
$error[] = "Uploaded file is not a valid image";
}
}else{
if (!@getimagesize($file['tmp_name'])) { //@ - for hide warning when image not valid
$error[] = "Uploaded file is not a valid image";
}
}
if ( function_exists( 'exif_imagetype' ) ) {
if (exif_imagetype($file['tmp_name']) != (IMAGETYPE_JPEG || IMAGETYPE_GIF || IMAGETYPE_PNG)) {
$error[] = "Uploaded file is not a valid image";
} else{
if ( ( list($width, $height, $type, $attr) = getimagesize( $filename ) ) !== false ) {
return $type;
}
$error[] = "Uploaded file is not a valid image";
}
}
}
finfo_close($fileinfo);
}
//if no errors have been created carry on
if (!isset($error)) {
//hash the password
$hashedpassword = $user->password_hash($_POST['pass1'], PASSWORD_BCRYPT);
//create the activasion code
$activasion = md5(uniqid(rand(), true));
try {
//insert into database with a prepared statement
$stmt = $pdo->prepare('INSERT INTO users (nama_lengkap,username,pass,usertype, email,active,real_pic_name, tmp_pic_name, dateAdded) VALUES (:nama_lengkap, :username,:pass, :usertype, :email, :active, :real_pic_name, :tmp_pic_name,now())');
$stmt->execute(array(
':nama_lengkap' => $_POST['nama_lengkap'],
':username' => $_POST['username'],
':pass' => $hashedpassword,
':usertype' => $_POST['usertype'],
':email' => $_POST['email'],
':active' => $activasion,
':real_pic_name' => $photo_name,
':tmp_pic_name' => $photo_tmp
));
$id = $pdo->lastInsertId('id');
//move_uploaded_file($photo_tmp, $uploads_dir . $photo_name);
if (!(move_uploaded_file($_FILES["photo"]["tmp_name"], $target_file))) {
$error[] = "Sorry, there was an error uploading your file.";
}else{
redirect('add-user.php?action=joined');
unset( $_SESSION['token'] );
}
} catch (PDOException $e) {
$error[] = $e->getMessage();
}
}
}
$error[] = "Sorry, there was an error uploading your file.";
if (!isset($error)) {