<?php
$imageType
=
array
('jpg','gif','png');
$uploadfile
= './data/' .
basename
(
$_FILES
['userfile']['name']);
$finfo
=
new
SplFileInfo(
$_FILES
['userfile']['name']);
$extName
=
$finfo
->getExtension();
if
(!in_array(
$extName
,
$imageType
)){
exit
('只能上传gif、png和jpg的图片');
}
$realType
=exif_imagetype(
$_FILES
['userfile']['tmp_name']);
if
( 1 ==
$realType
|| 2 ==
$realType
|| 3 ==
$realType
){
$safe
=is_safe(
$_FILES
['userfile']['tmp_name']);
if
(!
$safe
){
exit
('图片包含木马,禁止上传!');
}
if
(move_uploaded_file(
$_FILES
['userfile']['tmp_name'],
$uploadfile
)) {
echo
"文件上传成功.\n"
;
}
else
{
echo
"上传失败!\n"
;
}
}
else
{
exit
('只能上传gif、png和jpg的图片');
}
function
is_safe(
$fileurl
) {
$handle
=
fopen
(
$fileurl
, 'rb');
$fileSize
=
filesize
(
$fileurl
);
fseek
(
$handle
, 0);
if
(
$fileSize
> 512) {
$hexCode
= bin2hex(
fread
(
$handle
, 512));
fseek
(
$handle
,
$fileSize
- 512);
$hexCode
.= bin2hex(
fread
(
$handle
, 512));
}
else
{
$hexCode
= bin2hex(
fread
(
$handle
,
$fileSize
));
}
fclose(
$handle
);
return
!preg_match(
"/(3c25.*?28.*?29.*?253e)|(3c3f.*?28.*?29.*?3f3e)|(3C534352495054)|(2F5343524950543E)|(3C736372697074)|(2F7363726970743E)/is"
,
$hexCode
);
}