PHP upload class (secure upload class)

PHP upload class (secure upload class)

<?php
//php文件上传类

header("Content-Type:text/html; charset=utf-8");
date_default_timezone_set("Asia/Shanghai");

class UploadFile
{
    private $imageType = [
        "image/gif",
        "image/jpeg",
        "image/jpg",
        "image/png",
        "image/x-png",
        "image/bmp",
        "image/x-ms-bmp",
        "image/pjpeg",
    ]; //image type
    private $fileType = [
        "application/zip",
        "application/msexcel",
        "application/xml",
        "application/vnd.ms-excel",
        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
        "application/mspowerpoint",
        "application/vnd.ms-powerpoint",
        "application/pdf",
        "application/x-shockwave-flash",
        "application/x-rar-compressed",
        "application/x-rar",
        "audio/mpeg",
        "audio/x-ms-wma",
        "flv-application/octet-stream",
        "audio/x-ms-wmv",
        "video/mp4",
        "video/x-flv",
        "audio/x-wav",
        "application/msword",
        "video/mpeg",
    ]; //file type
    private $tmpName;
    private $fileName;
    private $error;
    private $fileSize; //upload file size
    private $maxSize = 10000000; //Maximum allowable upload size
    private $upName;
    private $upDir = "uploadfile/"; //upload file dir

    //The constructor defaults to image upload
    function __construct($upType = "image")
    {
        $this->tmpName = $_FILES["file"]["tmp_name"];
        $this->fileName = $_FILES["file"]["name"];
        $this->error = $_FILES["file"]["error"];
        $this->fileSize = $_FILES["file"]["size"];
        $this->upName = date("Y") . date("m") . date("d") . uniqid(); //Generate random file names
        //Determine the file size
        if ($this->fileSize > $this->maxSize) {
            exit("File exceeding" . $this->maxSize / 1024 / 1024 . " M ");
        }
        if ($this->error > 0) {
            exit($error);
        } //Determines that the upload is wrong
        if ($upType == "image") {
            $this->checkImage();
        } else {
            $this->checkFile();
        }
        $this->uploadFile();
    }

    //Detect the image type
    function checkImage()
    {
        $ftype = getimagesize($this->tmpName);
        if (!in_array($ftype["mime"], $this->imageType)) {
            exit("Illegal image type");
        }
    }

    //Detect file types
    function checkFile()
    {
        $finfo = finfo_open(FILEINFO_MIME_TYPE);
        $ftype = finfo_file($finfo, $this->tmpName); //The file type is judged based on the file content
        finfo_close($finfo);
        if (!in_array($ftype, $this->fileType)) {
            exit("Illegal file types");
        }
    }

    //Get the file extension
    function getExtension($fileext)
    {
        return pathinfo($fileext, PATHINFO_EXTENSION);
    }

    //Upload the file
    function uploadFile()
    {
        if (!is_uploaded_file($this->tmpName)) {
            exit("Illegal uploads");
        } else {
            move_uploaded_file(
                $this->tmpName,
                $this->upDir .
                    $this->upName .
                    "." .
                    $this->getExtension($this->fileName),
            );
            echo "Upload as: " .
                $this->upDir .
                $this->upName .
                "." .
                $this->getExtension($this->fileName);
        }
    }
}
$up = new UploadFile(); //Upload an image
//$up=new UploadFile("file");//Upload   file
?>
Post Views: 0

Related Posts:

Posted

in

by

admin

Tags:

AI AJAX API AWS cache callback ChatGPT CORS cron crontab Design pattern docker encryption event express ffmpeg flutter git go hls HTTPS icon JAVA javascript JS jsonp m3u8 Mongodb mysql Nginx nodejs OAuth OpenAi PHP Python React SSL swoole URL video VUE WCGI WebAssembly website WordPress

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *