PHP upload class (secure upload class)
<?php
//php文件上传类
header("Content-Type:text/html; charset=utf-8");
date_default_timezone_set("Asia/Shanghai");
class UploadFile
{
private $imageType = [
"image/gif",
"image/jpeg",
"image/jpg",
"image/png",
"image/x-png",
"image/bmp",
"image/x-ms-bmp",
"image/pjpeg",
]; //image type
private $fileType = [
"application/zip",
"application/msexcel",
"application/xml",
"application/vnd.ms-excel",
"application/vnd.openxmlformats-officedocument.wordprocessingml.document",
"application/mspowerpoint",
"application/vnd.ms-powerpoint",
"application/pdf",
"application/x-shockwave-flash",
"application/x-rar-compressed",
"application/x-rar",
"audio/mpeg",
"audio/x-ms-wma",
"flv-application/octet-stream",
"audio/x-ms-wmv",
"video/mp4",
"video/x-flv",
"audio/x-wav",
"application/msword",
"video/mpeg",
]; //file type
private $tmpName;
private $fileName;
private $error;
private $fileSize; //upload file size
private $maxSize = 10000000; //Maximum allowable upload size
private $upName;
private $upDir = "uploadfile/"; //upload file dir
//The constructor defaults to image upload
function __construct($upType = "image")
{
$this->tmpName = $_FILES["file"]["tmp_name"];
$this->fileName = $_FILES["file"]["name"];
$this->error = $_FILES["file"]["error"];
$this->fileSize = $_FILES["file"]["size"];
$this->upName = date("Y") . date("m") . date("d") . uniqid(); //Generate random file names
//Determine the file size
if ($this->fileSize > $this->maxSize) {
exit("File exceeding" . $this->maxSize / 1024 / 1024 . " M ");
}
if ($this->error > 0) {
exit($error);
} //Determines that the upload is wrong
if ($upType == "image") {
$this->checkImage();
} else {
$this->checkFile();
}
$this->uploadFile();
}
//Detect the image type
function checkImage()
{
$ftype = getimagesize($this->tmpName);
if (!in_array($ftype["mime"], $this->imageType)) {
exit("Illegal image type");
}
}
//Detect file types
function checkFile()
{
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$ftype = finfo_file($finfo, $this->tmpName); //The file type is judged based on the file content
finfo_close($finfo);
if (!in_array($ftype, $this->fileType)) {
exit("Illegal file types");
}
}
//Get the file extension
function getExtension($fileext)
{
return pathinfo($fileext, PATHINFO_EXTENSION);
}
//Upload the file
function uploadFile()
{
if (!is_uploaded_file($this->tmpName)) {
exit("Illegal uploads");
} else {
move_uploaded_file(
$this->tmpName,
$this->upDir .
$this->upName .
"." .
$this->getExtension($this->fileName),
);
echo "Upload as: " .
$this->upDir .
$this->upName .
"." .
$this->getExtension($this->fileName);
}
}
}
$up = new UploadFile(); //Upload an image
//$up=new UploadFile("file");//Upload file
?>
Leave a Reply